INSTALL mod_auth_mysql


compiling:
 without MySQL-SSL Support:

 For apache2.4 you'll need to add -DAPACHE24 to the apxs cmd!

 <path_to_your>/apxs -cia -DAPACHE24 -lmysqlclient mod_auth_mysql.c 

 with MySQL-SSL Support:
 <path_to_your>/apxs -cia -DMYSQL_USE_SSL -DAPACHE24 -lmysqlclient mod_auth_mysql.c 
 and you should check that you link against the newest mysql-client libs
 (libmysqlclient.so.18, or libmysqlclient_r.so.18)!

NOTE: if the includes and libs of your mysqlinstallations are not in
/usr/include/mysql or /usr/lib you NEED to ADD the -I, -L options to apxs
PLEASE read the manpages of apxs toe learn howto do that!

create a user and datebase in mysql and load the table layout from 
htpasswd.sql into your new database.


Please read th MySQL Documentation  "5.8.7. Using Secure Connections" 
http://dev.mysql.com/doc/refman/5.0/en/secure-connections.html if you
need help to setup an SSL-Enabled MySQL-Server!



httpd.conf: 

LoadModule auth_mysql_module modules/mod_auth_mysql.so

<IfModule mod_auth_mysql.c>
  <Location />

  #!! If you use this module with apache 2.2.x you 
  #!! need to uncomment following line !
  # AuthBasicAuthoritative  Off

  AuthType Basic

  AuthMySQLHost      localhost
  AuthMySQLUser      htpasswd
  AuthMySQLPassword  secret 
  AuthMySQLDB        htpasswd
  # AuthMySQLPort    3306

  # AuthMySQLUserTable              user_info
  # AuthMySQLTableUserName          user_name
  # AuthMySQLTableUserPasswd        user_passwd
  # AuthMySQLTableUserHostGroup     host_group

  # AuthMySQLHostTable              host_info
  # AuthMySQLTableHostName          host
  # AuthMySQLTableHostHostGroup     host_group

  # AuthMySQLGroupTable             user_group
  # AuthMySQLTableGroupName         user_name
  # AuthMySQLTableGroupGroupName    user_group
  # AuthMySQLTableGroupHostGroup    host_group

  # AuthMySQLUserQueryCondition     1   // rev 1.8
  # AuthMySQLGroupQueryCondition    1   // rev 1.8

  AuthMySQLAuthoritative  On
  AuthMySQLKeepAlive      Off
  AuthMySQLEnable         On
  AuthMySQLVirtualHost    Off

  # AuthMySQLClientUseSSL On                         // rev 1.10
  # AuthMySQLClientCert "full_path/client-cert.pem"  // rev 1.10
  # AuthMySQLClientKey "full_path/client-key.pem"    // rev 1.10
  # AuthMySQLClientCA "full_path/cacert.pem"         // rev 1.10
  # AuthMySQLClientCipher ""                         // rev 1.10
  # AuthMySQLClientVerifyCert Off                    // rev 1.10

  </Location>
</IfModule>


.htaccess -files: nothings changes 


AuthMySQLUserQueryCondition: 
If you extend the AuthMySQLUserTable with additional fields you 
may like to add this fields into the query. 
AuthMySQLUserQueryCondition is added additionel part of the query 

Examples: 
1) AuthMySQLUserQueryCondition = 1  /* default: no additional query parameter*/
1) AuthMySQLUserQueryCondition = "expired != 'y'"
2) AuthMySQLUserQueryCondition = "start_date <= now() and (stop_date is null or stop_date >= now()"

AuthMySQLGroupQueryCondition:
the same behaviour as the AuthMySQLUserQueryCondition paramter.
The mane Difference is that the query to the group membership is modified


MD5 and SHA Passwords
( see http://www.heuer.org/flyspray/?do=details&task_id=104 ) 
This module makes use of the function apr_password_validate() of the 
apache libraries. This functions can handle crypted passwords,  md5-
and sha password hashes. The common problem is that the md5- and the 
sha-hashes need some markes: you can easly create the values with the 
htpasswd utility:

# create a md5 hash
largo:bin$ ./htpasswd -nbm user password   
user:$apr1$5T1td/..$ppqva5bmyS2CHhJWcyX1s/

# create a SHA hash
largo:bin$ ./htpasswd -nbs user password
user:{SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=

# create a 'normal' encrypt hash
largo:bin$ ./htpasswd -nb user password
user:K4YPncTjM9HPo

# the output will change eacht time you execute  htpasswd cause it uses
# some salt to change the output (if two users uses the same password, 
# you'll not recognise this)

You may use any of the hashes as long you are putting the whole password 
hash into the database ( e.g. you use "$apr1$5T1td/..$ppqva5bmyS2CHhJWcyX1s/", 
"{SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=" or "K4YPncTjM9HPo" into the field 
user_password in the database (of course without the "!).

NOTE>> You should extend the user_password field in the database from 20 
       chars to 120 or the database 'll cut off some chars from your md5 
       or sha hash

Download

http://www.heuer.org/mod_auth_mysql/

Questions, hints, fixes -> PLZ mailto ueli-mod_auth_mysql@heuer.org

if you look  for windows-binary: I do not use windows, so I do not have
a running apache/win32 and I do not have and I'll not buy a C-Compiler for 
that. But have look at Gnter Knauf has some modules compiled: 
http://www.gknw.de/development/apache/


