Otherwise (if you don’t have mod_so
) you’ll need to recompile
Apache, and enable mod_auth_db
. Since we talked about this in an
earlier article, I’ll not cover that here.
Wait a Second–What’s a DB
File?
Berkeley DB files are just one type of database files. They (usually)
contain just key/value pairs, and so are rather limited in how much
“real” database functionality you can get out of them (although there
are some pretty slick extensions to them) but for HTTP authentication, a
key/value pair is exactly what you want to store.
If you want to read more about DB files, you should look at the Sleepycat
Software Web site, at http://www.sleepycat.com/ Sleepycat
maintains the DB library and has some documentation about DB.
Protecting a Directory
Once you have compiled the mod_auth_db
module, and loaded it
into your web server, you’ll find that there’s very little difference between
using regular authentication and using mod_auth_db
authentication.
In your .htaccess
file, you’ll need something like:
AuthName "Members Only" AuthType Basic AuthDBUserFile /usr/local/apache/passwd/passwords.dat AuthDBGroupFile /usr/local/apache/passwd/passwords.dat require user rbowen
Now, users accessing the directory will be required to authenticate against
the list of valid users who are in
/usr/local/apache/passwd/passwords.dat
.
A Few Caveats
Well, there are a few different ways to get usernames/passwords in the DB
file. And a few caveats are necessary here.
First, there are several different implementations of DB, with slightly
different names. While I won’t go into the gory details here (mostly because I
don’t know them all) suffice it to say that you may need to experiment some in
order to get things working the way that you think they should. It’s worth the
effort, but be warned.
Secondly, just to confuse things a little further (at least in my mind) on
Linux, two of the implementations (DB and DBM) which are usually different on
other platforms, are the same.
Third, you’ll find, as part of the standard Apache distribution, another
module, called mod_auth_dbm
, which works with DBM files, rather
than DB files. Perhaps you see why I get confused sometimes.
And, finally, because there is so much platform dependency in these DB
implementations, you’ll find that a DB file (or DBM file) generated on one
system may or may not work on another.
So, after all those caveats, you may be wondering if this is really worth
it? Well, it is. These are things that might happen, but in practice (at least
in my experience) seldom do.
How Do I Get Users Into the
File?
Well, there’s a tool that comes with Apache, called dbmmanage
.
You’ll find it in the bin
directory of wherever you installed
Apache. (or, if you installed with a package manager, wherever it thought was a
good place to put it. It might even be in your path.)
You’ll find full documentation for dbmmanage
by typing
man dbmmanage
, or various places online, like
http://www.rt.com/man/dbmmanage.1.html
It’s simple to use, and you can use it to add or remove users from your
password file one at a time.