Project

General

Profile

ApacheMySQLAuthentication » History » Version 3

Lutz Suhrbier, 08/10/2007 08:46 PM

1 1 Lutz Suhrbier
2
# Apache [[MySQL]] Authentication
3
4 3 Lutz Suhrbier
5
6
## PAM-MySQL Authentication
7
8
Since, the package libapache2-mod-auth-mysql is currently not available, we take the recommended Debian way and use libapache2-mod-auth-pam and libpam-mysql instead.
9
10
~~~
11
# apt-get install libapache2-mod-auth-pam libpam-mysql
12
~~~
13
14
We have to configure this within Apache2. Therefore, we use our idp configuration script and change the shibboleth authentication location
15
16
~~~
17
 <Location /shibboleth-idp/SSO>
18
    AuthName               "Shibboleth IdP"
19
    AuthType               Basic
20
    AuthUserFile 	   /etc/apache2/user.db
21
    require                valid-user
22
  </Location>
23
~~~
24
into the following
25
26
~~~
27
 <Location /shibboleth-idp/SSO>
28
    AuthName             "Shibboleth IdP"
29
    AuthType             Basic
30
    AuthName            "PAM"
31
    require                valid-user
32
  </Location>
33
~~~
34
35
Furthermore, we have to add the user www-data to the shadow group
36
37
~~~
38
# adduser www-data shadow
39
~~~
40
But, the following Security advice is from the README.Debian file for the module:
41
42
43
*
44
45
SECURITY
46
47
48
  To use with standard Debian configuration you have to add "www-data" user to
49
50
  "shadow" group. Be careful! It means it can be readable by anyone who can run
51
52
  its own CGI script!
53
54
55
  The passwords are sent by net as clear text. You should use SSL to protect
56
57
  them.
58
59
*  
60
61
62
Now, we have to configure PAM for Apache2, to use the correct [[MySQL]] Database.
63
64
Edit _ /etc/pam.d/apache2_ as follows
65
66
~~~
67
@include common-auth
68
@include common-account
69
account required pam_mysql.so user=webadmin passwd=secret host=160.45.63.30 db=drupal5 table=_shared_users usercolumn=name passwdcolumn=pass crypt=2
70
~~~
71
72
Finally, restart apache2 and see if it works.
73
74
But there is some missing information:
75
76
77
78
79
## libapache2-mod-auth-myaql
80
81
82 2 Lutz Suhrbier
~~~
83 1 Lutz Suhrbier
 apt-get install apache2-prefork-dev apache2-prefork-dev
84
  155  apt-get -f install
85
  156  apt-get -f install
86
  157  apt-get install apache2-prefork-dev apache2-prefork-dev
87
  158  cd /usr/src/
88
  159  mkdir auth_mysql
89
  160  cd auth_mysql/
90
  161  wget http://download.nuxwin.com/apache2.2-modules/auth_mysql/mod_auth_mysql-3.0.0.tar.gz
91
  162  tar xzf mod_auth_mysql-3.0.0.tar.gz
92
  163  ls
93
  164  wget http://download.nuxwin.com/apache2.2-modules/auth_mysql/patch/apache2.2.diff
94
  165  mv apache2.2.diff mod_auth_mysql-3.0.0/
95
  166  cd mod_auth_mysql-3.0.0
96
  167  patch -p0 < apache2.2.diff mod_auth_mysql.c
97
  168  apt-get install patch
98
  169  patch -p0 < apache2.2.diff mod_auth_mysql.c
99
  170  apxs2 -c -L/usr/lib/mysql -I/usr/include/mysql -lmysqlclient -lm -lz mod_auth_mysql.c
100
  171  apt-get install build-essentials
101
  172  apxs2 -c -L/usr/lib/mysql -I/usr/include/mysql -lmysqlclient -lm -lz mod_auth_mysql.c
102
  173  apt-get install gcc
103
  174  apxs2 -c -L/usr/lib/mysql -I/usr/include/mysql -lmysqlclient -lm -lz mod_auth_mysql.c
104
  175  apt-get install libmysqlclient15-dev
105
  176  apxs2 -c -L/usr/lib/mysql -I/usr/include/mysql -lmysqlclient -lm -lz mod_auth_mysql.c
106
  177  apxs2 -i mod_auth_mysql.la
107
  178  echo "LoadModule mysql_auth_module /usr/lib/apache2/modules/mod_auth_mysql.so" > /etc/apache2/mods-available/auth_mysql.load
108
  179  a2enmod auth_mysql
109
  180  /etc/init.d/apache2 force-reload
110
  181  /etc/init.d/apache2 force-reload
111
  182  less /var/log/apache2/access.log
112
  183  less /var/log/apache2/error.log
113
  184  less /var/log/auth.log
114 2 Lutz Suhrbier
~~~