Password protect a directory using mysql

Question

mark2326l 0 Light Poster

14 Years Ago

My goal is to have a directory password protected, and have the usernames and passwords stored in mysql.
Having the htpasswd linked to my database using the mod_auth_mysql module looked like exactly what I needed, but when I enable the module it disables my site.
Most of the sites I've gone to regarding this are 5 or 6 years old. Is this method obsolete?
Is there another way to accomplish this?

I'm running an Snow Leopard Server on a Xserve with Apache2 and mysql5.
Thank you

mysql

3 Contributors
9 Replies
895 Views
3 Weeks Discussion Span
Latest Post 14 Years Ago Latest Post by dizee

pritaeas 2,194 ¯\_(ツ)_/¯

14 Years Ago

looks like in the .htaccess

pritaeas 2,194 ¯\_(ツ)_/¯

14 Years Ago

DBDriver pgsql

shouldn't that be

DBDriver mysql

dizee 0 Newbie Poster

14 Years Ago

Did this code end up working for you? I am also trying to get mine working but I'm getting the same "not allowed" error in my log file.

# mod_dbd configuration
DBDriver mysql
DBDParams "host=x,dbname=x,user=x,password=x"

DBDMin  4
DBDKeep 8
DBDMax  20
DBDExptime 300

<Directory /path/to/protected>
  # core authentication and mod_auth_basic configuration
  # for mod_authn_dbd
  AuthType Basic
  AuthName "My Server"
  AuthBasicProvider dbd

  # core authorization configuration
  Require valid-user

  # mod_authn_dbd SQL query to authenticate a user
  AuthDBDUserPWQuery \
    "SELECT password FROM user WHERE email = %s"
</Directory>

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

mark2326l 0 Light Poster · Answer 1 · 2010-06-11T22:41:20+00:00

This site seems to indicate that the module "mod_authn_dbd" that is included with Apache will do what I need.
The problem is I have no idea how to configure it.
On the page it gives an example...

# mod_dbd configuration
DBDriver pgsql
DBDParams "dbname=apacheauth user=apache password=xxxxxx"

DBDMin  4
DBDKeep 8
DBDMax  20
DBDExptime 300

<Directory /usr/www/myhost/private>
  # core authentication and mod_auth_basic configuration
  # for mod_authn_dbd
  AuthType Basic
  AuthName "My Server"
  AuthBasicProvider dbd

  # core authorization configuration
  Require valid-user

  # mod_authn_dbd SQL query to authenticate a user
  AuthDBDUserPWQuery \
    "SELECT password FROM authn WHERE user = %s"
</Directory>

Where am I supposed to enter this?
Ideas?

mark2326l 0 Light Poster · Answer 2 · 2010-06-12T23:36:58+00:00

Thanks for responding Pritaeas
Yes I finally figured that one out.
Now Im getting an error 500 when I go to that directory.
My error logs say ".htaccess: DBDriver not allowed here".

mark2326l 0 Light Poster · Answer 3 · 2010-06-13T01:33:09+00:00

Yes, here is how my htaccess looks

# mod_dbd configuration
DBDriver mysql
DBDParams "host=10.0.1.211 port=3306 dbname=test user=root password=my_password"

DBDMin  1
DBDKeep 8
DBDMax  20
DBDExptime 300

<Directory /Subscriber/>
  # core authentication and mod_auth_basic configuration
  # for mod_authn_dbd
  AuthType Basic
  AuthName "subscriber"
  AuthBasicProvider dbd

  # core authorization configuration
  Require valid-user

  # mod_authn_dbd SQL query to authenticate a user
  AuthDBDUserPWQuery \
    "SELECT password FROM password WHERE user = %s"
</Directory>

mark2326l 0 Light Poster · Answer 4 · 2010-06-23T23:50:18+00:00

Not exactly.
First the code goes in "httpd.conf" not .htaccess
My problem.. When I enter the code it breaks my server.
sudo apachectl configtest reveles the error...
Syntax error on line 1445 of /etc/apache2/httpd.conf:
DBD: No driver for mysql

Apparently I'm missing the apr_dbd_mysql module. So far I have not been able to get it built.

I'm back to looking at "mod_auth_mysql" seems simpler than dealing with multiple modules.
http://support.modwest.com/content/1/161/en/how-do-i-protect-a-directory-with-mod_auth_mysql.html

If you choose to work with "authn_dbd_module" you'll need to change DBDParams "host=x,dbname=x,user=x,password=x" to DBDParams "host=x,dbname=x,user=x,pass=x"

Please let me know how it works out for you.
Thanks

mark2326l 0 Light Poster · Answer 5 · 2010-07-01T20:34:11+00:00

I was able to get this working using "mod_auth_mysql".
I downloaded mod_auth_mysql-3.0.0, I also had to download and run the patch "mod_auth_mysql-3.0.0-apr1x.patch" before building the module as instructed in the build instructions.
My .htaccess looks like this...

AuthName "SecretStuff"
AuthType Basic
AuthMySQLHost 127.0.0.1
AuthMySQLUser MySQL_UserName
AuthMySQLPassword MySQL_Passwd
AuthMySQLDB test
AuthMySQLUserTable user_info
AuthMySQLNameField user_name
AuthMySQLPasswordField user_passwd
AuthMySQLPwEncryption none
AuthUserFile /dev/null
AuthBasicAuthoritative Off
AuthMySQLEnable On
require valid-user

dizee 0 Newbie Poster · Answer 6 · 2010-07-01T20:55:37+00:00

I wasn't able to get the "mod_authn_dbd" to work but the "mod_auth_mysql" was super easy to set up.

The problem with mod_authn_dbd was that our host (Dreamhost) wasn't allowing us to override these values. Anyway, we moved our files locally and set up mod_auth_mysql and all is well.