GuidesApache Guide: Apache Authentication, Part 3

Apache Guide: Apache Authentication, Part 3




In my last article, I talked about using databases for authentication, and I
introduced mod_auth_dbm as a possible way to do that.

Rich Bowen continues his series on Apache authentication with an explanation of MySQL, a very popular database server, and using
mod_auth_mysql to use MySQL to store your authentication information.

This week, we’ll look at MySQL, a very popular database server, and using
mod_auth_mysql to use MySQL to store your authentication information.

A little about MySQL

MySQL is a wonderful database server, which is distributed under the GPL,
and is available from http://www.mysql.com/
MySQL is lightweight and fast. It lacks some of the features of larger, more
expensive database servers, such as stored procedures, triggers, and various
other things, but it contains most of the functionality needed for most small
to medium projects. And, it contains some cool stuff like a regular expression
language that can be used in SQL statements.

Because MySQL is free, and because it is just such a great database, it is
the favorite database in use by folks on *nix operating systems–particularly
folks with small budgets. And it also runs on Windows.

mod_auth_mysql

mod_auth_mysql lets you put your usernames and passwords in a
MySQL database, and authenticate directly against that. There are a number of
advantages to this, in addition to the obvious one of speed of data access. If,
for example, you are already storing user information in a database table, it
would be irritating to have to store the username and password in another
location (the htpasswd file). You would have to maintain the data
in two places, and if you let them get out of sync, users would be unable to
log in. With mod_auth_mysq, however, you can authenticate directly
against the databsae, and keep your authentication information just one place.
Usernames and passwords can be updated with a SQL query, with no messing around
in text files. And users’ group membership can be easily altered.

Installation and Configuration

You can get mod_auth_mysql, and learn more about it, at
http://bourbon.netvision.net.il/mod_auth_mysql/

mod_auth_mysql can be compiled as a DSO (Dynamic Shared
Object), and then included in the server with a configuration directive. For
more details on this, please see earlier articles in which we discuss DSOs.

To configure mod_auth_mysql, you need to tell it what database
you want to authenticate against, and what fields in which table contain the
relevant information.

The following are the configuration directives that you’ll need to know
about:

Auth_MySQL_Info [host] [user]
[password]

This directive tells where your server is running, and what username and
password are necessary to get data from the database. This directive is only
necessary if the server is running somewhere other than localhost,
or if access is via some user other than the httpd user.

If all of your authentication will be done against the same
database, you’ll probably want to set the following directive:

Auth_MySQL_General_DB [database_name]

If you’ll be authenticating different directories or files against different
databases, you can leave this out, and set the database in the various
directories.

The following directives can appear either in your httpd.conf
configuration file, or in the various directories in .htaccess
files. (See
Ken Coar’s article about .htaccess files
for more information.)

Latest Posts

Related Stories