Apache Guide: Apache Authentication, Part 2 Page 2

By Rich Bowen (Send Email)
Posted Jul 31, 2000


Otherwise (if you don't have mod_so) you'll need to recompile Apache, and enable mod_auth_db. Since we talked about this in an earlier article, I'll not cover that here.

Wait a Second--What's a DB File?

Berkeley DB files are just one type of database files. They (usually) contain just key/value pairs, and so are rather limited in how much "real" database functionality you can get out of them (although there are some pretty slick extensions to them) but for HTTP authentication, a key/value pair is exactly what you want to store.

If you want to read more about DB files, you should look at the Sleepycat Software Web site, at http://www.sleepycat.com/ Sleepycat maintains the DB library and has some documentation about DB.

Protecting a Directory

Once you have compiled the mod_auth_db module, and loaded it into your web server, you'll find that there's very little difference between using regular authentication and using mod_auth_db authentication. In your .htaccess file, you'll need something like:

        AuthName        "Members Only"
        AuthType        Basic
        AuthDBUserFile  /usr/local/apache/passwd/passwords.dat
        AuthDBGroupFile /usr/local/apache/passwd/passwords.dat
        require user rbowen

Now, users accessing the directory will be required to authenticate against the list of valid users who are in /usr/local/apache/passwd/passwords.dat.

A Few Caveats

Well, there are a few different ways to get usernames/passwords in the DB file. And a few caveats are necessary here.

First, there are several different implementations of DB, with slightly different names. While I won't go into the gory details here (mostly because I don't know them all) suffice it to say that you may need to experiment some in order to get things working the way that you think they should. It's worth the effort, but be warned.

Secondly, just to confuse things a little further (at least in my mind) on Linux, two of the implementations (DB and DBM) which are usually different on other platforms, are the same.

Third, you'll find, as part of the standard Apache distribution, another module, called mod_auth_dbm, which works with DBM files, rather than DB files. Perhaps you see why I get confused sometimes.

And, finally, because there is so much platform dependency in these DB implementations, you'll find that a DB file (or DBM file) generated on one system may or may not work on another.

So, after all those caveats, you may be wondering if this is really worth it? Well, it is. These are things that might happen, but in practice (at least in my experience) seldom do.

How Do I Get Users Into the File?

Well, there's a tool that comes with Apache, called dbmmanage. You'll find it in the bin directory of wherever you installed Apache. (or, if you installed with a package manager, wherever it thought was a good place to put it. It might even be in your path.)

You'll find full documentation for dbmmanage by typing man dbmmanage, or various places online, like http://www.rt.com/man/dbmmanage.1.html It's simple to use, and you can use it to add or remove users from your password file one at a time.

Page 2 of 4


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.