mod_authn_dbd
Overview
mod_authn_dbd module provides user authentication by
searching users in SQL tables.
This module relies on mod_dbd to specify the backend database driver and
connection parameters, and manage the database connections. The functionality
is similar to this of mod_authn_file, the only
difference is the storage for passwords - for mod_authn_file it's plain text
file and for mod_authn_dbd it's SQL table.
To apply this module to mod_auth_basic or
mod_auth_digest, it should be defined in AuthBasicProvider or AuthDigestProvider
respectively with dbd value.
Quick start
Sample mod_authn_dbd configuration in .htaccess
# mod_dbd configuration
DBDriver mssql
DBDParams "Data Source=db_server;Initial Catalog=users_db;Persist Security Info=True;User ID=sa;Password=your_password"
# mod_auth_basic configuration
AuthType Basic
AuthName "My Server"
AuthBasicProvider dbd
Require valid-user
# mod_authn_dbd SQL query to authenticate a user
AuthDBDUserPWQuery "SELECT password FROM users_table WHERE user = @USERNAME"
Related articles and topics
Directives
AuthDBDUserPWQuery
AuthDBDUserPWQuery directive contains the SQL query that
will be used to search password for the specified user. The user's ID will be
passed as a single string parameter when the SQL query is executed. It may be
referenced within the query statement using a @USERNAME format specifier.
The first column value of the first row returned by the query is a string
containing the encrypted password. Subsequent rows will be ignored. If no rows
are returned, the user will not be authenticated through mod_authn_dbd.
Syntax
AuthDBDUserPWQuery query
Example
AuthDBDUserPWQuery "SELECT password FROM users_table WHERE user = @USERNAME"
Note! This directive is used for Basic authentication.
To generate passwords for Basic authentication, open Helicon Ape Manager,
create new file (File -> New) and go to Options -> Insert user
password... In the opened dialog select Basic authentication type,
desired encryption type, username and password. The password to be inserted
into the passwords SQL table is the part of the Result after the
semicolon.
user1:$apr1$INLVN...$vGlaWUKqx3A8vsO4qgtVC.
Note! If you don't need the password to be encrypted, you
may write it as is into the proper SQL table column.
AuthDBDUserRealmQuery
AuthDBDUserRealmQuery directive contains the SQL query that
will be used to search password for the specified user and realm. The user's ID
and the realm (in such order) will be passed as a string parameters when the
SQL query is executed. They may be referenced within the query statement using
@USERNAME and @REALM format specifiers.
The first column value of the first row returned by the query is a string
containing the encrypted password. Subsequent rows will be ignored. If no rows
are returned, the user will not be authenticated through mod_authn_dbd.
Syntax
AuthDBDUserRealmQuery query
Example
AuthDBDUserRealmQuery "SELECT password FROM users_table WHERE user = @USERNAME AND realm = @REALM"
Note! No single quotes around @REALM and @USERNAME values should be put.
Note! This directive is used for Digest authentication.
To generate passwords for Digest authentication open Helicon Ape Manager,
create new file (File -> New) and go to Options -> Insert user
password... In the opened dialog select Digest authentication type,
desired encryption type, username, password and realm. The password to be
inserted into the passwords SQL table is the part of the Result after
the second semicolon.
user2:realm2:c9e7e0ea0dfb6f2bd070e76e75e5dfa9
