LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 11-17-2003, 08:02 AM   #1
ruiseixas
LQ Newbie
 
Registered: Jul 2003
Location: Portugal
Distribution: redhat 9
Posts: 17

Rep: Reputation: 0
Wink Using the MySQL Database for Authentication on Apache Server


This is how I configure my Apache to make an Basic Authentication using MySQL database.

1. Download mod_auth_mysql from http://www.heuer.org/

2. Unpack the tgz file
# tar xvzf /downloads/mod_auth_mysql.tgz

3. Install the module using the apxs utility
# /usr/local/apache2/bin/apxs -c -i -a -L/usr/lib/mysql -lmysqlclient mod_auth_mysql.c

4. Check the file .httpd.conf for the next line
LoadModule auth_mysql_module modules/mod_auth_mysql.so

5. Create the database htpasswd in the mysql server
# mysqladmin -p create htpasswd

6. Grant select capabilities to htpasswd user
# mysql -p
mysql> use htpasswd
mysql> grant select on htpasswd.* to htpasswd@localhost
mysql> by 'secretpass';
mysql> flush privileges;
mysql> quit

7. Create and edit the tables for the htpasswd database using the htpasswd.sql script in mod_auth_mysql folder
# mysql -u root –p 'rootpass'
mysql> use htpasswd
mysql> source /downloads/mod_auth_mysql/htpasswd.sql;
mysql> insert into host_info(id,host,host_group) values
mysql> (null, “localhost”,1);
mysql> select * from host_info;
mysql> insert into user_info(id,user_name,user_passwd,host_group) values
mysql> (null,”myname”,encrypt(“mypass”),1);
mysql> select * from user_info where user_name=’myname’;
mysql> insert into user_group(id,user_name,user_group,host_group) values
mysql> (null,”myname”,’admins’,1);
mysql> select * from user_group;
mysql> quit

8. Create the next .htaccess file on the folder to secure, protect this file to be only read by Apache
# directives to the Basic Authorization

AuthType Basic
AuthName “Very Secret”

# Lines required to make a connection to the MySQL database

AuthMySQLHost localhost
AuthMySQLUser htpasswd
AuthMySQLPassword secretpass
AuthMySQLDB htpasswd

# Make MySQL authentication authoritative

AuthMySQLAuthoritative On

# Keep the connection to MySQL from client Alive

AuthMySQLKeepAlive On

# Require authorized users (if authorization made by users)

#require user myname

# Require authorized groups (my favorite)

require group admins

9. Uncomment the AccessFileName in .httpd.conf file to allow the use of .htaccess like this
#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess



Possible problems:

If you have problems on point 3, because some source files are not found, try make symbolic links of the mysql source files on the include folder of your Apache server. For example:

# ln -s /usr/include/mysql/* /usr/local/apache2/include/

If you can't make a success login its possible that exist some error on your .htaccess file or in one of the tables, read the error_log file on the logs folder present in your Apache folder installation for detect where the problem come for.


If you want to know how make a login authorization form in one HTML page like those we see on the net, I don't know how to do it.
I'm trying to find some explanation, but so far any good results.


-*- REGARDS -*-
 
Old 03-12-2004, 10:32 PM   #2
Murpe
LQ Newbie
 
Registered: Mar 2004
Location: Plant City, Florida, USA
Distribution: SuSe, Slackware, Scyld
Posts: 5

Rep: Reputation: 0
I have done the steps above and still can't get it working. I am running SuSe Linux Pro 9.0 w/ MySQL 4.0 and PHP 4.3.2. It seems, under the phpinfo(), that the mod_auth_mysql is loaded as a module correctly, but it just seems to skip over seeing the .htaccess I have in a directory.

Loaded modules:
core mod_access mod_auth mod_auth_anon mod_auth_dbm mod_auth_digest mod_ext_filter mod_include mod_log_config mod_env mod_mime_magic mod_cern_meta mod_expires mod_headers mod_usertrack mod_unique_id mod_setenvif mod_ssl prefork http_core mod_mime mod_dav mod_status mod_autoindex mod_asis mod_info mod_cgi mod_dav_fs mod_vhost_alias mod_negotiation mod_dir mod_imap mod_actions mod_speling mod_userdir mod_alias mod_rewrite mod_so sapi_apache2 mod_auth_mysql


Snapshot of my .htaccess file

AuthType Basic
AuthName "Authorized Access Only"
AuthMySQLHost localhost
AuthMySQLDB htpasswd
AuthMySQLAuthoritative On
AuthMySQLKeepAlive On
AuthMySQLUserTable user_auth
AuthMySQLGroupTable user_auth
AuthMySQLGroupField user_group
require group admin


-- MySQL dump 9.09
--
-- Host: localhost Database: htpasswd
-- ------------------------------------------------------
-- Server version 4.0.16

--
-- Table structure for table `user_auth`
--

CREATE TABLE user_auth (
user_name char(30) NOT NULL default '',
user_passwd char(20) NOT NULL default '',
user_group char(10) default NULL,
PRIMARY KEY (user_name)
) TYPE=MyISAM;

--
-- Dumping data for table `user_auth`
--

INSERT INTO user_auth VALUES ('myname','mypassword','admin');



Does something under the httpd.conf or elsewhere need to be altered?

Thanks.

-- M
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
FTP Server and mySQL Authentication chriswible Linux - Networking 4 12-08-2006 09:36 AM
Apache/PHP not talking to mysql database BorgAssimilator Linux - Software 1 11-11-2005 03:12 AM
Writing an app that uses a mysql database without installing mysql server? QtCoder Programming 4 08-09-2004 02:43 PM
Connecting Mysql Database on remote server akamol Programming 4 10-16-2003 11:46 AM
Help w/ POP3 Server & MySQL Authentication ryanolson Linux - Networking 0 11-19-2001 05:06 PM


All times are GMT -5. The time now is 05:07 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration