httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Donovan <donov...@bellatlantic.net>
Subject Re: User/Realm order in AuthDBDUserRealmQuery (mod_authn_dbd)
Date Sat, 16 May 2009 13:36:48 GMT
KaiGai Kohei wrote:
> I'm now trying to set up mod_authn_dbb for authentication purpose.
> However, I faced to a concern for AuthDBDUserRealmQuery directive.
> 
> The example shows the query:
>   AuthDBDUserRealmQuery \
>       "SELECT password FROM authn WHERE user = %s AND realm = %s"
> 
> But, I would like to set up the query as follows:
>   AuthDBDUserRealmQuery \
>       "SELECT md5(uname || ':' || %s || ':' || upass) FROM uaccount WHERE uname = %s"
>                                   ^^... to be realm                to be user ... ^^
> 
> It seems to me we have no way to put the replacement of the given
> realm prior to username. Am I missing anything?
> 

One common solution to the 'order of parameters' problem is to create a stored procedure in
your 
database.  For example, if you are using MySQL 5.0+, you can create a stored procedure like
this:

   DROP PROCEDURE IF EXISTS digest;
   CREATE PROCEDURE digest(username VARCHAR(64), realm VARCHAR(64))
     SELECT md5(concat(uname ,':',realm ,':',upass)) FROM uaccount WHERE uname = username;

Then in your conf file use:

   AuthDBDUserRealmQuery "CALL digest(%s, %s)"

-tom-

Mime
View raw message