Solved

mod auth mysql - syntax and config help needed

Posted on 2014-11-19
4
264 Views
Last Modified: 2014-11-22
I have a table called htaccess which contains all of the username/passwords for remote access clients.
I dump the contents of this table into a .htpasswd file now and then to keep it updated.

Currently, I am using the standard .htaccess method with an .htpasswd file and it works just fine.
I want to use mysql to maintain and authenticate directly from instead of the .htpasswd file.

So far, no luck what so ever. When looking for information, it gets very confusing very quickly as results keep showing tons of useless syntax combinations which are wrong. I have yet to find the right syntax to put into my .htaccess file to make this work.

That is where I need help.

The server is Centos 6.5.
mysql-5.5.40
httpd-2.2.15
0
Comment
Question by:projects
  • 2
  • 2
4 Comments
 
LVL 50

Expert Comment

by:Steve Bink
ID: 40454151
@other experts: there is a previous question relevant to this.

@projects: Can you post the httpd.conf and .htaccess file you are attempting to use with mod_auth_mysql?  Just the relevant <VirtualHost> container from httpd.conf will be fine, and feel free to anonymize any sensitive information.
0
 

Author Comment

by:projects
ID: 40454237
The current VirtualHost section for this particular server is;

<VirtualHost *:80>
        ServerAdmin support@xxx.com
        DocumentRoot /var/www/vhosts/somehost/html
        ServerName somedomain.com
        ErrorLog  /var/www/vhosts/somehost/logs/error_log
        CustomLog /var/www/vhosts/somehost/logs/access_log combined
#    <Directory /var/www/vhosts/somehost/html>
#        AllowOverride AuthConfig
#    </Directory>
</VirtualHost>

<VirtualHost *:443>
            DocumentRoot "/var/www/vhosts/somehost/html"
            ServerName somedomain.com:443
            ErrorLog /var/www/vhosts/somehost/logs/ssl_error_log
            TransferLog /var/www/vhosts/somehost/logs/ssl_access_log
            LogLevel warn
            SSLEngine on
            SSLProtocol all -SSLv2
            SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

            SSLCertificateFile /etc/pki/tls/certs/somehost.crt
            SSLCertificateKeyFile /etc/pki/tls/private/somehost.key

            SetEnvIf User-Agent ".*MSIE.*" \
            nokeepalive ssl-unclean-shutdown \
            downgrade-1.0 force-response-1.0
#    <Directory /var/www/vhosts/somehost/html>
#        AllowOverride AuthConfig
#    </Directory>
</VirtualHost>

Open in new window


The last version of .htaccess I had was;

AuthBasicAuthoritative Off
AuthUserFile /dev/null
AuthMySQL On
AuthName "Authentication required"
AuthType Basic
Auth_MySQL_Host localhost
Auth_MySQL_User someuser
Auth_MySQL_Password somepass
AuthMySQL_DB somedb
AuthMySQL_Password_Table htaccess
Auth_MySQL_Username_Field username
Auth_MySQL_Password_Field password
Auth_MySQL_Empty_Passwords Off
Auth_MySQL_Encryption_Types PHP_MD5
Auth_MySQL_Authoritative On
require valid-user

Open in new window


I tried all kinds of things I found on the net, with and without underscroes and dashes and other things including less variables and even more variables. Nothing worked after spending a couple of hours on it so I gave up.
0
 
LVL 50

Accepted Solution

by:
Steve Bink earned 500 total points
ID: 40457562
Unfortunately, I don't have an Apache 2.2 installation to experiment with - all of my environments have transitioned to 2.4, which does not get along well with mod_auth_mysql.  I did find a patch for mod_auth_mysql in Apache 2.4, but then I couldn't be sure my results would apply to your situation.

One thing I did find while looking around is that mod_auth_mysql is no longer supported by active development.  Since Apache now has modules for database interactivity (e.g., mod_authn_dbd), it does seem a bit superfluous.  I've never tried the *dbd authentication, but it is apparently available in Apache 2.2 as well.  Perhaps that will be a better avenue for you to try.

http://httpd.apache.org/docs/2.2/mod/mod_authn_dbd.html


Also, a sidenote about your cipher selection...  I noticed you disallowed SSLv2, but are probably still allowing SSLv3 to go through.  Consider updating that policy.  https://zmap.io/sslv3/servers.html
0
 

Author Comment

by:projects
ID: 40459590
Yes, I saw that also, about mod_auth_mysql no longer being supported so there is no value in doing it that way then. I would rather move on to the new accepted way.

Thanks, I guess this fully resolves this question really.
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Suggested Solutions

This guide whil teach how to setup live replication (database mirroring) on 2 servers for backup or other purposes. In our example situation we have this network schema (see atachment). We need to replicate EVERY executed SQL query on server 1 to…
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now