[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 337
  • Last Modified:

mod auth mysql - syntax and config help needed

I have a table called htaccess which contains all of the username/passwords for remote access clients.
I dump the contents of this table into a .htpasswd file now and then to keep it updated.

Currently, I am using the standard .htaccess method with an .htpasswd file and it works just fine.
I want to use mysql to maintain and authenticate directly from instead of the .htpasswd file.

So far, no luck what so ever. When looking for information, it gets very confusing very quickly as results keep showing tons of useless syntax combinations which are wrong. I have yet to find the right syntax to put into my .htaccess file to make this work.

That is where I need help.

The server is Centos 6.5.
mysql-5.5.40
httpd-2.2.15
0
projects
Asked:
projects
  • 2
  • 2
1 Solution
 
Steve BinkCommented:
@other experts: there is a previous question relevant to this.

@projects: Can you post the httpd.conf and .htaccess file you are attempting to use with mod_auth_mysql?  Just the relevant <VirtualHost> container from httpd.conf will be fine, and feel free to anonymize any sensitive information.
0
 
projectsAuthor Commented:
The current VirtualHost section for this particular server is;

<VirtualHost *:80>
        ServerAdmin support@xxx.com
        DocumentRoot /var/www/vhosts/somehost/html
        ServerName somedomain.com
        ErrorLog  /var/www/vhosts/somehost/logs/error_log
        CustomLog /var/www/vhosts/somehost/logs/access_log combined
#    <Directory /var/www/vhosts/somehost/html>
#        AllowOverride AuthConfig
#    </Directory>
</VirtualHost>

<VirtualHost *:443>
            DocumentRoot "/var/www/vhosts/somehost/html"
            ServerName somedomain.com:443
            ErrorLog /var/www/vhosts/somehost/logs/ssl_error_log
            TransferLog /var/www/vhosts/somehost/logs/ssl_access_log
            LogLevel warn
            SSLEngine on
            SSLProtocol all -SSLv2
            SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

            SSLCertificateFile /etc/pki/tls/certs/somehost.crt
            SSLCertificateKeyFile /etc/pki/tls/private/somehost.key

            SetEnvIf User-Agent ".*MSIE.*" \
            nokeepalive ssl-unclean-shutdown \
            downgrade-1.0 force-response-1.0
#    <Directory /var/www/vhosts/somehost/html>
#        AllowOverride AuthConfig
#    </Directory>
</VirtualHost>

Open in new window


The last version of .htaccess I had was;

AuthBasicAuthoritative Off
AuthUserFile /dev/null
AuthMySQL On
AuthName "Authentication required"
AuthType Basic
Auth_MySQL_Host localhost
Auth_MySQL_User someuser
Auth_MySQL_Password somepass
AuthMySQL_DB somedb
AuthMySQL_Password_Table htaccess
Auth_MySQL_Username_Field username
Auth_MySQL_Password_Field password
Auth_MySQL_Empty_Passwords Off
Auth_MySQL_Encryption_Types PHP_MD5
Auth_MySQL_Authoritative On
require valid-user

Open in new window


I tried all kinds of things I found on the net, with and without underscroes and dashes and other things including less variables and even more variables. Nothing worked after spending a couple of hours on it so I gave up.
0
 
Steve BinkCommented:
Unfortunately, I don't have an Apache 2.2 installation to experiment with - all of my environments have transitioned to 2.4, which does not get along well with mod_auth_mysql.  I did find a patch for mod_auth_mysql in Apache 2.4, but then I couldn't be sure my results would apply to your situation.

One thing I did find while looking around is that mod_auth_mysql is no longer supported by active development.  Since Apache now has modules for database interactivity (e.g., mod_authn_dbd), it does seem a bit superfluous.  I've never tried the *dbd authentication, but it is apparently available in Apache 2.2 as well.  Perhaps that will be a better avenue for you to try.

http://httpd.apache.org/docs/2.2/mod/mod_authn_dbd.html


Also, a sidenote about your cipher selection...  I noticed you disallowed SSLv2, but are probably still allowing SSLv3 to go through.  Consider updating that policy.  https://zmap.io/sslv3/servers.html
0
 
projectsAuthor Commented:
Yes, I saw that also, about mod_auth_mysql no longer being supported so there is no value in doing it that way then. I would rather move on to the new accepted way.

Thanks, I guess this fully resolves this question really.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now