HTTP Auth a Directory via an Existing Users Table in a Database

  • PolishHurricane
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1585

Post 3+ Months Ago

I wish to tie my user accounts into HTTP for a specific directory of my website and normally that wouldn't be too much of a problem, because I could either edit the htpasswd file or use mod_auth_mysql (which I'm not too familiar with). However, the passwords are hashed using SHA1 and a salt. How can I HTTP authentication password an entire directory from my database using this method?

I'm aware that PHP has an authentication method: http://php.net/manual/en/features.http-auth.php But that doesn't work, because I would prefer to password protect the entire directory via an AuthUserFile or some other method that would not involve me modifying the open source software I wish to place in the directory.

So how to I password protect an entire directory at server level using an existing MySQL user account table?
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • this213
  • Guru
  • Guru
  • User avatar
  • Posts: 1260
  • Loc: ./

Post 3+ Months Ago

To use mod_auth_mysql, your .htaccess should look something like this:
Code: [ Select ]
AuthName "Protected Area"
AuthType Basic

Auth_MySQL_Info host username password
Auth_MySQL_Username MYSQL_UNAME
Auth_MySQL_Password MYSQL_PASS
Auth_MySQL_DB MYSQL_DATABASE_NAME
Auth_MySQL_Password_Table MYSQL_TABLE_NAME
Auth_MySQL_Username_Field NAME_OF_USERNAME_FIELD
Auth_MySQL_Password_Field NAME_OF_PASSWORD_FIELD
Auth_MySQL_Encryption_Types SHA1Sum
Auth_MySQL_Non_Persistent On
Auth_MYSQL On
Auth_MySQL_Empty_Passwords Off

require valid-user
  1. AuthName "Protected Area"
  2. AuthType Basic
  3. Auth_MySQL_Info host username password
  4. Auth_MySQL_Username MYSQL_UNAME
  5. Auth_MySQL_Password MYSQL_PASS
  6. Auth_MySQL_DB MYSQL_DATABASE_NAME
  7. Auth_MySQL_Password_Table MYSQL_TABLE_NAME
  8. Auth_MySQL_Username_Field NAME_OF_USERNAME_FIELD
  9. Auth_MySQL_Password_Field NAME_OF_PASSWORD_FIELD
  10. Auth_MySQL_Encryption_Types SHA1Sum
  11. Auth_MySQL_Non_Persistent On
  12. Auth_MYSQL On
  13. Auth_MySQL_Empty_Passwords Off
  14. require valid-user

This doesn't help with your salt though. If you have to have it, the best thing I could tell you is to duplicate the mod_auth_mysql source to create a new mod_auth* module that takes your salt into account.
  • Jerrek
  • Graduate
  • Graduate
  • User avatar
  • Posts: 158
  • Loc: Melbourne, AUS

Post 3+ Months Ago

You could try the mod_authn_dbd module?

The docs for it are at http://httpd.apache.org/docs/2.2/mod/mod_authn_dbd.html - although to be fair I've never tried it I just came across it just now while rebuilding my PHP on cPanel :-)

Hope it helps!
  • PolishHurricane
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1585

Post 3+ Months Ago

this213 wrote:
This doesn't help with your salt though. If you have to have it, the best thing I could tell you is to duplicate the mod_auth_mysql source to create a new mod_auth* module that takes your salt into account.


DAMN, why didn't I think of that.

Wow guys, you have restored my faith in Ozzu. Thanks a million. This will help me a lot.
  • PolishHurricane
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1585

Post 3+ Months Ago

Hey, I'm trying to compile this UNMODIFIED apache mod in Arch, but I'm a nub...

command line wrote:
apxs -c -L/usr/lib/mysql -I/usr/include/mysql -lmysqlclient -lm -lz mod_auth_mysql.c
/usr/share/apr-1/build/libtool --silent --mode=compile gcc -prefer-pic -march=x86-64 -mtune=generic -O2 -pipe -DLINU X=2 -D_REENTRANT -D_GNU_SOURCE -pthread -I/usr/include/httpd -I/usr/include/apr-1 -I/usr/include/apr-1 -I/usr/incl ude -I/usr/include/mysql -c -o mod_auth_mysql.lo mod_auth_mysql.c && touch mod_auth_mysql.slo
mod_auth_mysql.c:591:2: error: expected expression before âmysql_auth_config_recâ
mod_auth_mysql.c:595:2: error: expected expression before âmysql_auth_config_recâ
mod_auth_mysql.c:599:2: error: expected expression before âmysql_auth_config_recâ
mod_auth_mysql.c:603:2: error: expected expression before âmysql_auth_config_recâ
mod_auth_mysql.c:607:2: error: expected expression before âmysql_auth_config_recâ
mod_auth_mysql.c:611:2: error: expected expression before âmysql_auth_config_recâ
mod_auth_mysql.c:615:2: error: expected expression before âmysql_auth_config_recâ
mod_auth_mysql.c:619:2: error: expected expression before âmysql_auth_config_recâ
mod_auth_mysql.c:623:2: error: expected expression before âmysql_auth_config_recâ
mod_auth_mysql.c:627:2: error: expected expression before âmysql_auth_config_recâ
mod_auth_mysql.c:631:2: error: expected expression before âmysql_auth_config_recâ
mod_auth_mysql.c:635:2: error: expected expression before âmysql_auth_config_recâ
mod_auth_mysql.c:639:2: error: expected expression before âmysql_auth_config_recâ
mod_auth_mysql.c:643:2: error: expected expression before âmysql_auth_config_recâ
mod_auth_mysql.c:651:2: error: expected expression before âmysql_auth_config_recâ
mod_auth_mysql.c:655:2: error: expected expression before âmysql_auth_config_recâ
mod_auth_mysql.c:659:2: error: expected expression before âmysql_auth_config_recâ
mod_auth_mysql.c:663:2: error: expected expression before âmysql_auth_config_recâ
mod_auth_mysql.c:667:2: error: expected expression before âmysql_auth_config_recâ
mod_auth_mysql.c:671:2: error: expected expression before âmysql_auth_config_recâ
mod_auth_mysql.c: In function âformat_requestâ:
mod_auth_mysql.c:947:51: warning: pointer/integer type mismatch in conditional expression
apxs:Error: Command failed with rc=65536


It's just the 3.0.0 source... http://sourceforge.net/projects/modauth ... z/download

What do I do? Thanks
  • PolishHurricane
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1585

Post 3+ Months Ago

Please note: I solved this in another thread and I cannot edit my post: unix-linux-forum/compile-unmodified-mod-auth-mysql-archlinux-t104542.html

Post Information

  • Total Posts in this topic: 6 posts
  • Users browsing this forum: No registered users and 132 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.