- publishing free software manuals
The Apache HTTP Server Reference Manual
by Apache Software Foundation
Paperback (6"x9"), 862 pages
ISBN 9781906966034
RRP £19.95 ($29.95)

Get a printed copy>>>

3.11  Apache Module mod_authn_dbd



Description:

User authentication using an SQL database

Status:

Extension

Module Identifier:

authn_dbd_module

Source File:

mod_authn_dbd.c

Compatibility:

Available in Apache 2.1 and later



Summary

This module provides authentication front-ends such as mod_auth_digest and mod_auth_basic to authenticate users by looking up users in SQL tables. Similar functionality is provided by, for example, mod_authn_file.

This module relies on mod_dbd to specify the backend database driver and connection parameters, and manage the database connections.

When using mod_auth_basic or mod_auth_digest, this module is invoked via the AuthBasicProvider or AuthDigestProvider with the dbd value.

Directives:

AuthDBDUserPWQuery

AuthDBDUserRealmQuery

See also:

3.11.1  Configuration Example

This simple example shows use of this module in the context of the Authentication and DBD frameworks. Please note that you need to load an authorization module, such as mod_authz_user, to get it working.

# mod_dbd configuration  
DBDriver pgsql  
DBDParams "dbname=apacheauth user=apache password=xxxxxx"  
 
DBDMin  4  
DBDKeep 8  
DBDMax  20  
DBDExptime 300  
 
<Directory /usr/www/myhost/private>  
  # core authentication and mod_auth_basic configuration  
  # for mod_authn_dbd  
  AuthType Basic  
  AuthName "My Server"  
  AuthBasicProvider dbd  
 
  # core authorization configuration  
  Require valid-user  
 
  # mod_authn_dbd SQL query to authenticate a user  
  AuthDBDUserPWQuery \  
    "SELECT password FROM authn WHERE user = %s"  
</Directory>

3.11.2  Exposing Login Information

If httpd was built against APR version 1.3.0 or higher, then whenever a query is made to the database server, all column values in the first row returned by the query are placed in the environment, using environment variables with the prefix "AUTHENTICATE_".

If a database query for example returned the username, full name and telephone number of a user, a CGI program will have access to this information without the need to make a second independent database query to gather this additional information.

This has the potential to dramatically simplify the coding and configuration required in some web applications.

AuthDBDUserPWQuery Directive

Description:

SQL query to look up a password for a user

Syntax:

AuthDBDUserPWQuery query

Context:

directory

Status:

Extension

Module:

mod_authn_dbd

The AuthDBDUserPWQuery specifies an SQL query to look up a password for a specified user. The user’s ID will be passed as a single string parameter when the SQL query is executed. It may be referenced within the query statement using a %s format specifier.

AuthDBDUserPWQuery \  
  "SELECT password FROM authn WHERE user = %s"

The first column value of the first row returned by the query statement should be a string containing the encrypted password. Subsequent rows will be ignored. If no rows are returned, the user will not be authenticated through mod_authn_dbd.

If httpd was built against APR version 1.3.0 or higher, any additional column values in the first row returned by the query statement will be stored as environment variables with names of the form AUTHENTICATE_COLUMN.

AuthDBDUserRealmQuery Directive

Description:

SQL query to look up a password hash for a user and realm.

Syntax:

AuthDBDUserRealmQuery query

Context:

directory

Status:

Extension

Module:

mod_authn_dbd

The AuthDBDUserRealmQuery specifies an SQL query to look up a password for a specified user and realm. The user’s ID and the realm, in that order, will be passed as string parameters when the SQL query is executed. They may be referenced within the query statement using %s format specifiers.

AuthDBDUserRealmQuery \  
  "SELECT password FROM authn WHERE user = %s AND realm = %s"

The first column value of the first row returned by the query statement should be a string containing the encrypted password. Subsequent rows will be ignored. If no rows are returned, the user will not be authenticated through mod_authn_dbd.

If httpd was built against APR version 1.3.0 or higher, any additional column values in the first row returned by the query statement will be stored as environment variables with names of the form AUTHENTICATE_COLUMN.

ISBN 9781906966034The Apache HTTP Server Reference ManualSee the print edition