If you are going to be doing more with these files, you will probably want
something a little easier to automate. Perhaps the best tool for this will be
Perl, using the DB_File
module. The technique that is used with
this module is a tied hash, which, simplified, means that the module
causes the file to act like a hash, so that modifying the hash directly changes
the DB file. Pretty cool.
The following Perl code, for example, will add a user rbowen
,
with password mypassword
, to your password file:
use DB_File; tie %database, 'DB_File', "passwords.dat" or die "Can't initialize database: n";= 'rbowen'; = 'mypassword'; @chars=(0..9,'a'..'z'); = '', map { [int rand @chars] } (0..1);= crypt(, ); {} = ;untie %database;Passwords are stored in Unix
crypt
format, just as they were in
the "regular" password files. The 'salt' that is created in the
middle there is part of the process, cenerating a random starting point for
that encryption. If enough people care, I'll explain this Perl code in a little
more detail. Otherwise, just trust me, it works. I copied it from a web site
that actually works. Of course, in the real world, the username and password
are read from a web form, or something like that.What About Groups?
In last week's article, we talked about putting users into groups and
requiring a particular group of users. You can do the same thing with
mod_auth_db
, it just works a little differently. You'll notice
that in my sample configuration, above, I had the following lines:AuthDBUserFile /usr/local/apache/passwd/passwords.dat AuthDBGroupFile /usr/local/apache/passwd/passwords.datThe user file and group file are pointing at the same location. What's up
with that? It turns out thatmod_auth_db
stores both types of
information in the same file.Because DB files, as I mentioned early on in this article, just store a
key/value pair, something has to be done to work around this limitation. What
the authors ofmod_auth_db
decided to to was to put the group name
in as part of the value, separated from the password by a colon.So, if you were still using the Perl code above, you'd replace the line:
{} = ;with
{} = ":";or something to that effect. You can specify more than one group by listing
the groups, separated by commas.I'm not aware of any nice way to do this with
dbmmanage
.Once you have your passwords and groups in the file, you can require a group
in the regular way:require group administratorsThis is not the only way to do this, it's just the way that I do it. You can
also have a separate group file, just like you do with regular text file
authentication. If you ahve a separate group file, it would contain a list of
username:group
pairs. Again, you can have more than one group per
username: just list them as a comma-separated list. And, as with the other
method, I'm not aware of any nice way to do this withdbmmanage
.What about Microsoft Windows?