On 11/19/2012 6:07 PM, David Mehler wrote: > Hello, > > Thanks to everyone who helped. I have it working. Here it is for > anyone this might help. > > Hth > Dave. > > Set up for Mysql authentication: > > Create a mysql database: > create database web; > grant select, insert, update, delete on web.* to web_user@localhost > identified by 'xxx'; > flush privileges; > use web; > > CREATE TABLE `web_users` ( > `username` varchar(50) NOT NULL, > `password` char(28) NOT NULL, > PRIMARY KEY (`username`), > UNIQUE KEY `username` (`username`) > ); > > For ilustrative purposes: > -- Inserting user foo with password bar > INSERT INTO `web_users` (`username`, `password`) VALUES ('foo', > 'Ys23Ag/5IOWqZCw9QGaVDdHwH00='); > > Passwords are generated at console commandline by: > > echo -n "bar" |openssl sha -binary|base64 > > Load the mod_dbd and mod_authn_dbd modules in httpd.conf. > > Configuration should look similar to this: > httpd.conf: > # Used for Database Authentication > LoadModule dbd_module modules/mod_dbd.so > > # The Authentication provider module for databases > LoadModule authn_dbd_module modules/mod_authn_dbd.so > # The Basic authentication module > LoadModule auth_basic_module modules/mod_auth_basic.so > > # mod_dbd configuration > DBDriver mysql > DBDParams "dbname=xxx user=xxx pass=xxx" > DBDMin 4 > DBDKeep 8 > DBDMax 20 > DBDExptime 300 > DBDPersist On > > And in a virtual host definition something similar to: > <VirtualHost *:80> > ServerAdmin xxx > ServerName xxx > ServerAlias xxx > DocumentRoot /path/to/document_root > ErrorLog xxx > CustomLog xxx > <Directory /path/to/document_root> > AuthType Basic > AuthName "xxx" > AuthBasicProvider dbd > Require valid-user > # mod_authn_dbd SQL query to authenticate a user > AuthDBDUserPWQuery "SELECT CONCAT('{SHA}', password) FROM web_users > WHERE username = %s" > Order Allow,Deny > Allow from all > Options none > AllowOverRide None > </Directory> > </VirtualHost> > > > On 11/19/12, FINESEC <info@xxxxxxxxxxx> wrote: >> Hello, >> >> Apache doesn't support password hashes generated by mysql. Use htpasswd or >> openssl to generate hashes that are supported by apache: >> >> htpasswd -nbm username password >> openssl passwd -apr1 password >> >> Adam Black, >> FINESEC.COM - authentication software for Apache >> >> On Mon, Nov 19, 2012 at 4:10 PM, Igor Galić <i.galic@xxxxxxxxxxxxxx> wrote: >> >>> >>> >>> ----- Original Message ----- >>>> Hello, >>>> >>>> When I inserted the user in to the mysql database I have a field >>>> called password it's a varchar(64) field. For the password value I >>>> used mysql's sha function so the entry looked like: >>>> >>>> sha('password') >>>> >>>> won the insert line. >>>> >>>> I'm not sure if that answers your question. >>> >>> Let me repeat my last question: Does the password look like httpd >>> expects the password to look? >>> >>> Now, let me quote from the document >>> ( http://httpd.apache.org/docs/2.2/misc/password_encryptions.html ) >>> I linked: >>> >>> """" >>> SHA1 >>> >>> $ htpasswd -nbs myName myPassword >>> myName:{SHA}VBPuJHI7uixaa6LQGWx4s+5GKNE= >>> """" >>> >>> Does your password look like this? >>> >>> {SHA}VBPuJHI7uixaa6LQGWx4s+5GKNE= >>> >>> >>> i >>> >>> -- >>> Igor Galić >>> >>> Tel: +43 (0) 664 886 22 883 >>> Mail: i.galic@xxxxxxxxxxxxxx >>> URL: http://brainsware.org/ >>> GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE Thanks for sharing the solution with the rest of us, Dave! I've been thinking about configuration Apache to use MySQL for authentication for quite some time, and your thorough instructions should make the process fairly painless. Thanks again! -Ben --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx