Using Mod_Auth_MySQL with Apache 2 and Debian

0

Firstly if you haven’t alrteady done so throw some of the essentials on such as Apache 2 / PHP 4 / MySQL

#apt-get install libapache2-mod-php mysql-server php4-mysql libapache2-mod-auth-mysql

Next we need to enable the module, unlike Apache 1, we don’t need to modify any configuration files to add sometype of LoadModule statement, simply:

#cd /etc/apache2/mods-enabled/

#ln -s /etc/apache2/mods-available/auth_mysql.load .

Next we need to set the root password for MySQL

#mysqladmin -u root password <password>

Then we need to login into MySQL

#mysql -uroot -p

mysql> grant all on auth.* to [email protected] identified by ‘<password>’;

mysql> flush privileges;

mysql> create database auth;

mysql>CREATE TABLE `clients` (
`username` varchar(25) NOT NULL default ”,
`passwd` varchar(25) NOT NULL default ”,
`groups` varchar(25) NOT NULL default ”,
PRIMARY KEY (`username`),
KEY `groups` (`groups`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

mysql>INSERT INTO `clients` VALUES (‘<username>’, ‘<password>’, ‘<group>’);

Changing <username>, <password> and <group> accordingly.

Next we need to modify our Apache 2 configuration.

#vi /etc/apache2/apache2.conf

Add the following line to the end of this file

Auth_MySQL_Info localhost <auth_user> <password>

<Directory “<web directory>”>
Options +Indexes FollowSymLinks MultiViews
AllowOverride AuthConfig Options FileInfo Limit
Order allow,deny
Allow from all
</Directory>

Adjusting <auth_user>, <password> and <web directory> for the directories you wish to be processed by Apache containing .htaccess files with the relevant directives information.

Restart Apache 2

#apache2ctl restart

Finally place an .htaccess file in the directory you wish to protect using mod_auth_mysql. It needs to contain the following structure:

AuthMYSQL on
AuthMySQL_Authoritative on
AuthMySQL_DB auth
AuthMySQL_Password_Table clients
AuthMySQL_Group_Table clients
AuthMySQL_Empty_Passwords off
AuthMySQL_Encryption_Types Plaintext Crypt_DES

AuthName “<description>”
AuthType Basic

<Limit GET POST>
require group <group>
</Limit>

With that file in place it will check the group field in the MySQL and authenicate any users that belong to that particular group, require group can be changed to require a valid user instead if required and multiple groups can be allowed by simply adding a space after the last group to the file looks like:

AuthMYSQL on
AuthMySQL_Authoritative on
AuthMySQL_DB auth
AuthMySQL_Password_Table clients
AuthMySQL_Group_Table clients
AuthMySQL_Empty_Passwords off
AuthMySQL_Encryption_Types Plaintext Crypt_DES

AuthName “<description>”
AuthType Basic

<Limit GET POST>
require group <group1> <group2>
</Limit> 

You might also like More from author