httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Mehler <dave.meh...@gmail.com>
Subject Re: [users@httpd] Apache 2.2 authentication against a Mysql Database
Date Mon, 19 Nov 2012 23:07:47 GMT
Hello,

Thanks to everyone who helped. I have it working. Here it is for
anyone this might help.

Hth
Dave.

Set up for Mysql authentication:

Create a mysql database:
create database web;
grant select, insert, update, delete on web.* to web_user@localhost
identified by 'xxx';
flush privileges;
use web;

CREATE TABLE `web_users` (
  `username` varchar(50) NOT NULL,
  `password` char(28) NOT NULL,
  PRIMARY KEY  (`username`),
  UNIQUE KEY `username` (`username`)
);

For ilustrative purposes:
-- Inserting user foo with password bar
INSERT INTO `web_users` (`username`, `password`) VALUES ('foo',
'Ys23Ag/5IOWqZCw9QGaVDdHwH00=');

Passwords are generated at console commandline by:

echo -n "bar" |openssl sha -binary|base64

Load the mod_dbd and mod_authn_dbd modules in httpd.conf.

Configuration should look similar to this:
httpd.conf:
# Used for Database Authentication
LoadModule dbd_module modules/mod_dbd.so

# The Authentication provider module for databases
LoadModule authn_dbd_module modules/mod_authn_dbd.so
# The Basic authentication module
LoadModule auth_basic_module modules/mod_auth_basic.so

# mod_dbd configuration
DBDriver mysql
DBDParams "dbname=xxx user=xxx pass=xxx"
DBDMin  4
DBDKeep 8
DBDMax  20
DBDExptime 300
DBDPersist On

And in a virtual host definition something similar to:
<VirtualHost *:80>
     ServerAdmin xxx
     ServerName  xxx
     ServerAlias  xxx
     DocumentRoot /path/to/document_root
     ErrorLog xxx
     CustomLog xxx
<Directory /path/to/document_root>
AuthType Basic
AuthName "xxx"
AuthBasicProvider dbd
Require valid-user
  # mod_authn_dbd SQL query to authenticate a user
  AuthDBDUserPWQuery "SELECT CONCAT('{SHA}', password) FROM web_users
WHERE username = %s"
Order Allow,Deny
Allow from all
Options none
AllowOverRide None
</Directory>
</VirtualHost>


On 11/19/12, FINESEC <info@finesec.com> wrote:
> Hello,
>
> Apache doesn't support password hashes generated by mysql. Use htpasswd or
> openssl to generate hashes that are supported by apache:
>
> htpasswd -nbm username password
> openssl passwd -apr1 password
>
> Adam Black,
> FINESEC.COM - authentication software for Apache
>
> On Mon, Nov 19, 2012 at 4:10 PM, Igor Galić <i.galic@brainsware.org> wrote:
>
>>
>>
>> ----- Original Message -----
>> > Hello,
>> >
>> > When I inserted the user in to the mysql database I have a field
>> > called password it's a varchar(64) field. For the password value I
>> > used mysql's sha function so the entry looked like:
>> >
>> > sha('password')
>> >
>> > won the insert line.
>> >
>> > I'm not sure if that answers your question.
>>
>> Let me repeat my last question: Does the password look like httpd
>> expects the password to look?
>>
>> Now, let me quote from the document
>> ( http://httpd.apache.org/docs/2.2/misc/password_encryptions.html )
>> I linked:
>>
>> """"
>> SHA1
>>
>> $ htpasswd -nbs myName myPassword
>> myName:{SHA}VBPuJHI7uixaa6LQGWx4s+5GKNE=
>> """"
>>
>> Does your password look like this?
>>
>>    {SHA}VBPuJHI7uixaa6LQGWx4s+5GKNE=
>>
>>
>> i
>>
>> --
>> Igor Galić
>>
>> Tel: +43 (0) 664 886 22 883
>> Mail: i.galic@brainsware.org
>> URL: http://brainsware.org/
>> GPG: 6880 4155 74BD FD7C B515  2EA5 4B1D 9E08 A097 C9AE
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message