- 1 VMware Takes the Wraps Off vRealize Automation and vRealize Business
- 2 Microsoft Previews Hyper-V Containers for Windows Server 2016
- 3 Mirantis Led FUEL Project Gets Installed Under OpenStack Big Tent
- 4 Red Hat Enterprise Linux 7.2 Adds Security, DR Features
- 5 Docker Reaches Across Universes at Dockercon EU
Apache Guide: Apache Authentication, Part 2 Page 2
Otherwise (if you don't have
mod_so) you'll need to recompile
Apache, and enable
mod_auth_db. Since we talked about this in an
earlier article, I'll not cover that here.
Berkeley DB files are just one type of database files. They (usually) contain just key/value pairs, and so are rather limited in how much "real" database functionality you can get out of them (although there are some pretty slick extensions to them) but for HTTP authentication, a key/value pair is exactly what you want to store.
If you want to read more about DB files, you should look at the Sleepycat Software Web site, at http://www.sleepycat.com/ Sleepycat maintains the DB library and has some documentation about DB.
Once you have compiled the
mod_auth_db module, and loaded it
into your web server, you'll find that there's very little difference between
using regular authentication and using
.htaccess file, you'll need something like:
AuthName "Members Only" AuthType Basic AuthDBUserFile /usr/local/apache/passwd/passwords.dat AuthDBGroupFile /usr/local/apache/passwd/passwords.dat require user rbowen
Now, users accessing the directory will be required to authenticate against
the list of valid users who are in
Well, there are a few different ways to get usernames/passwords in the DB file. And a few caveats are necessary here.
First, there are several different implementations of DB, with slightly different names. While I won't go into the gory details here (mostly because I don't know them all) suffice it to say that you may need to experiment some in order to get things working the way that you think they should. It's worth the effort, but be warned.
Secondly, just to confuse things a little further (at least in my mind) on Linux, two of the implementations (DB and DBM) which are usually different on other platforms, are the same.
Third, you'll find, as part of the standard Apache distribution, another
mod_auth_dbm, which works with DBM files, rather
than DB files. Perhaps you see why I get confused sometimes.
And, finally, because there is so much platform dependency in these DB implementations, you'll find that a DB file (or DBM file) generated on one system may or may not work on another.
So, after all those caveats, you may be wondering if this is really worth it? Well, it is. These are things that might happen, but in practice (at least in my experience) seldom do.
Well, there's a tool that comes with Apache, called
You'll find it in the
bin directory of wherever you installed
Apache. (or, if you installed with a package manager, wherever it thought was a
good place to put it. It might even be in your path.)
You'll find full documentation for
dbmmanage by typing
man dbmmanage, or various places online, like
It's simple to use, and you can use it to add or remove users from your
password file one at a time.