This article describes how to implement user authentication in Apache, discuss how to save verification information in the MySQL database, and then implement authentication through the Mod_Auth_Mysql module.
I. Overview
The procedure discusses the method of using the database in authentication, specifically introduces the use of Mod_Auth_DB modules and DB files. Here, how is it to save authentication information using a very popular mysql database, and accesses the mysql database via MOD_AUTH_MYSQL to implement authentication.
1.1 About MySQL
MySQL is an excellent database server with fast volume and small speed. MySQL is released in a GPL, its homepage at http://www.mysql.com/. MySQL lacks the features provided by certain expensive large databases, such as stored procedures, triggers, etc., but it has the basic functions required for most small and medium-sized projects. In addition, it also has some very practical features, such as the regular expression of the SQL command.
Since MySQL is free, and its performance is so good, it is very popular on the operating system of UNIX family - especially for users with limited budgets. Also note that mysql also has a version running on Windows.
1.2 About MOD_AUTH_MYSQL module
We can use the MOD_AUTH_MYSQL module to save the user name and password to the MySQL database, then use them directly to authenticate.
In addition to improving data access speeds, using this method, there are many other benefits. For example, suppose the user information is saved in the database, and the user name and password must be replicated with the password verification using the text file so you have to maintain the same data in two places. If the two data is not synchronous update Users may not be logged in.
Conversely, if you are using mod_auth_mysql, we can directly authenticate user information in the database. At this point, the user information is enough, the username and password can be updated with the SQL command, and the text will not occur. Problems may be encountered when files. In addition, it is also convenient to modify the group to which the user belongs.
Second, installation and configuration
To get a MOD_AUTH_MYSQL module or see it, please visit http://bourbon.netvision.net.il/mod_auth_mysql/.
MOD_AUTH_MYSQL can be compiled into a DSO (Dynamic Shared Object, dynamically shared object), and then simply install it to the server by configuring the instruction. For more descriptions about DSO, see the Apache Guide: Novice installation must read.
When you configure the MOD_AUTH_MYSQL module, we must tell which database to use to authenticate, and which table, what field contains information for verification. Below is the configuration command that must be understood when configuring mod_auth_mysql:
Auth_mysql_info [Host] [user] [password]
This instruction declares that the database runs on which server runs and accesss the user name and password that this database should use. We need to use this instruction only when the database is not HTTPD users running or accessing the database on the localhost (ie local machine).
If all authentication operations use the same database, then you can use the following instructions:
Auth_mysql_general_db [Database Name]
Otherwise, if you use different databases to different directory authentication operations, you can ignore this instruction and then specify the database used in each directory.
Several instructions described below can be used in httpd.conf profiles, or for all directories .htaccess files. See using .htaccess Files with apache Learn more. Note that the usual use instructions can be applied when you set password protection for the directory, as shown below:
Authtype Basic Authname "MEMBERS ONLY"
Require group admin
Auth_mysql_db [Database Name]: Declare information in which database is authenticated.
Auth_mysql_password_table [Name of the Password]: Declare which table in the database contains password information. Unless specifically declared, the default contains the field containing the username is "username", and the field containing the password is "password". But we can specify additional fields as described below.
Auth_mysql_group_table [Save Group Information Table]: Generally, we can save the information (groups field) of the user (Groups field) and user name, password to the same table. But if necessary, save it to a separate table, here you can specify the name of the table.
Auth_mysql_username_field [User Name Field]: If the field of saving username information is not "username", you can use this instruction to specify the field name actually used.
Auth_mysql_password_field [Password Field]: If the field of saving password is not "password", you can specify the field name actually used by this instruction.
Auth_mysql_group_field [Field of the User Group]: If the field of saving group information is not "groups", you can use this instruction to specify the actual field name.
Auth_mysql_encrypted_passwords on / off: Tell the MOD_AUTH_MYSQL module to save whether the password in the database is encrypted. The default ON, that is, if the password saved in the database is encrypted. There are other instructions, but often used herein. Below is an example of .htaccess file:
Auth_mysql_info localhost db_user db_password
Auth_mysql_db authentication
Auth_mysql_password_table passwords
Authtype Basic
Authname "MEMBERS ONLY"
Require Valid-User
The above example assumes that the field of saving the username is UserName, the password is encrypted and saved to the Password field.
Third, others will appear when the .htaccess file is set according to the method described above, the password input window will appear when accessing the page below the directory. For the user, different password protection implementation methods do not differ.
You can use any of your own familiar database management tools to manage user information, and it seems that there is no simple tool to manage user information from the command line as DBMManage.
But we can operate the database through Perl and DBI. The next article is to be discussed is the advantages of using Perl management password files. The method of managing passwords with Perl is really much, so it should be appropriate to form alone.
Conclusion: Use mod_auth_mysql, we can save username, password, and group information to the MySQL database. MySQL is a small, fast, free database server, and most popular operating systems have a corresponding version of MySQL.
