Hello,
Thanks to everyone who helped. I have it working. Here it is for
anyone this might help.
Hth
Dave.
Set up for Mysql authentication:
Create a mysql database:
create database web;
grant select, insert, update, delete on web.* to web_user@localhost
identified by 'xxx';
flush privileges;
use web;
CREATE TABLE `web_users` (
`username` varchar(50) NOT NULL,
`password` char(28) NOT NULL,
PRIMARY KEY (`username`),
UNIQUE KEY `username` (`username`)
);
For ilustrative purposes:
-- Inserting user foo with password bar
INSERT INTO `web_users` (`username`, `password`) VALUES ('foo',
'Ys23Ag/5IOWqZCw9QGaVDdHwH00=');
Passwords are generated at console commandline by:
echo -n "bar" |openssl sha -binary|base64
Load the mod_dbd and mod_authn_dbd modules in httpd.conf.
Configuration should look similar to this:
httpd.conf:
# Used for Database Authentication
LoadModule dbd_module modules/mod_dbd.so
# The Authentication provider module for databases
LoadModule authn_dbd_module modules/mod_authn_dbd.so
# The Basic authentication module
LoadModule auth_basic_module modules/mod_auth_basic.so
# mod_dbd configuration
DBDriver mysql
DBDParams "dbname=xxx user=xxx pass=xxx"
DBDMin 4
DBDKeep 8
DBDMax 20
DBDExptime 300
DBDPersist On
And in a virtual host definition something similar to:
<VirtualHost *:80>
ServerAdmin xxx
ServerName xxx
ServerAlias xxx
DocumentRoot /path/to/document_root
ErrorLog xxx
CustomLog xxx
<Directory /path/to/document_root>
AuthType Basic
AuthName "xxx"
AuthBasicProvider dbd
Require valid-user
# mod_authn_dbd SQL query to authenticate a user
AuthDBDUserPWQuery "SELECT CONCAT('{SHA}', password) FROM web_users
WHERE username = %s"
Order Allow,Deny
Allow from all
Options none
AllowOverRide None
</Directory>
</VirtualHost>
On 11/19/12, FINESEC <info@xxxxxxxxxxx> wrote:
> Hello,
>
> Apache doesn't support password hashes generated by mysql. Use htpasswd or
> openssl to generate hashes that are supported by apache:
>
> htpasswd -nbm username password
> openssl passwd -apr1 password
>
> Adam Black,
> FINESEC.COM - authentication software for Apache
>
> On Mon, Nov 19, 2012 at 4:10 PM, Igor Galić <i.galic@xxxxxxxxxxxxxx> wrote:
>
>>
>>
>> ----- Original Message -----
>> > Hello,
>> >
>> > When I inserted the user in to the mysql database I have a field
>> > called password it's a varchar(64) field. For the password value I
>> > used mysql's sha function so the entry looked like:
>> >
>> > sha('password')
>> >
>> > won the insert line.
>> >
>> > I'm not sure if that answers your question.
>>
>> Let me repeat my last question: Does the password look like httpd
>> expects the password to look?
>>
>> Now, let me quote from the document
>> ( http://httpd.apache.org/docs/2.2/misc/password_encryptions.html )
>> I linked:
>>
>> """"
>> SHA1
>>
>> $ htpasswd -nbs myName myPassword
>> myName:{SHA}VBPuJHI7uixaa6LQGWx4s+5GKNE=
>> """"
>>
>> Does your password look like this?
>>
>> {SHA}VBPuJHI7uixaa6LQGWx4s+5GKNE=
>>
>>
>> i
>>
>> --
>> Igor Galić
>>
>> Tel: +43 (0) 664 886 22 883
>> Mail: i.galic@xxxxxxxxxxxxxx
>> URL: http://brainsware.org/
>> GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|