GuidesApache Guide: Apache Authentication, Part 3 Page 2

Apache Guide: Apache Authentication, Part 3 Page 2

ServerWatch content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Note that you’ll be using the usual directives to set up password protection
on the directory:

        AuthType Basic
        AuthName "Members Only"
        require group admin

Auth_MySQL_DB [database_name]--Tells which
database you are authenticating against.

[password_table_name]--Tells which table in that database contains
the password information. Unless you specify, it is assumed that the username
is contained in the field 'username', and the password is
contained in a field 'password'. You can change this. (See below.)

[group_table_name]--Ordinarily, you'll probably just want to store
the group field in the same table as the usernames and passwords, but if you
need to store it in a different table, this is where you'll specify where that

[username_field_name]--If your username is a field other than
'username', you can specify that with this directive.

[password_field_name]--If your password is a field other than
'password', you can specify that with this directive.

Auth_MySQL_Group_Field [group_field_name]--If
your group name is a field other than 'groups', you can specify
that with this directive.

Auth_MySQL_Encrypted_Passwords on/off--Tells
mod_auth_mysql whether the passwords are in the database
encrypted, or plain-text. This is on by default - that is, it is assumed that
your passwords are stored encrypted.

There are several other directives, but these are the main ones that you
will be using most of the time. The following is an example .htaccess file that
works for me:

        Auth_MySQL_Info localhost db_user db_password
        Auth_MySQL_DB   authentication
        Auth_Mysql_Password_Table       passwords
        AuthType Basic
        AuthName "Members Only"
        require valid-user

The above assumes that the username is in a field
username, and the password is encrypted, and is stored in
the field password.

Now What?

Once you have your .htaccess file set up as described above,
you will get the password dialog as normal. There will be no difference to the

You can maintain your user and password lists via whatever database
management tool you are used to using. There's no handy tool like
dbmmanage for managing these accounts from the command line, but
I'm working on one.

You can use Perl and DBI to talk to your database. In my next column, I'll
be talking at greater length about using Perl to manage your password files.
There are a plethora of ways to do this, so it really merits its own article.


mod_auth_mysql allows you to keep your users, passwords, and
groups, in a MySQL database. MySQL is a lightweight, fast, free database server
which is available for most popular operating systems.

Future columns

Please let me know if there are other topics that you'd like for me to talk
about in future columns. You can send your suggestions to me at And please
let me know what you think of my columns, at that same address. Many thanks for
reading down this far!


Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends & analysis

Latest Posts

Related Stories