ApacheMySQLAuthentication » History » Version 3
Lutz Suhrbier, 08/10/2007 08:46 PM
1 | 1 | Lutz Suhrbier | |
---|---|---|---|
2 | # Apache [[MySQL]] Authentication |
||
3 | |||
4 | 3 | Lutz Suhrbier | |
5 | |||
6 | ## PAM-MySQL Authentication |
||
7 | |||
8 | Since, the package libapache2-mod-auth-mysql is currently not available, we take the recommended Debian way and use libapache2-mod-auth-pam and libpam-mysql instead. |
||
9 | |||
10 | ~~~ |
||
11 | # apt-get install libapache2-mod-auth-pam libpam-mysql |
||
12 | ~~~ |
||
13 | |||
14 | We have to configure this within Apache2. Therefore, we use our idp configuration script and change the shibboleth authentication location |
||
15 | |||
16 | ~~~ |
||
17 | <Location /shibboleth-idp/SSO> |
||
18 | AuthName "Shibboleth IdP" |
||
19 | AuthType Basic |
||
20 | AuthUserFile /etc/apache2/user.db |
||
21 | require valid-user |
||
22 | </Location> |
||
23 | ~~~ |
||
24 | into the following |
||
25 | |||
26 | ~~~ |
||
27 | <Location /shibboleth-idp/SSO> |
||
28 | AuthName "Shibboleth IdP" |
||
29 | AuthType Basic |
||
30 | AuthName "PAM" |
||
31 | require valid-user |
||
32 | </Location> |
||
33 | ~~~ |
||
34 | |||
35 | Furthermore, we have to add the user www-data to the shadow group |
||
36 | |||
37 | ~~~ |
||
38 | # adduser www-data shadow |
||
39 | ~~~ |
||
40 | But, the following Security advice is from the README.Debian file for the module: |
||
41 | |||
42 | |||
43 | * |
||
44 | |||
45 | SECURITY |
||
46 | |||
47 | |||
48 | To use with standard Debian configuration you have to add "www-data" user to |
||
49 | |||
50 | "shadow" group. Be careful! It means it can be readable by anyone who can run |
||
51 | |||
52 | its own CGI script! |
||
53 | |||
54 | |||
55 | The passwords are sent by net as clear text. You should use SSL to protect |
||
56 | |||
57 | them. |
||
58 | |||
59 | * |
||
60 | |||
61 | |||
62 | Now, we have to configure PAM for Apache2, to use the correct [[MySQL]] Database. |
||
63 | |||
64 | Edit _ /etc/pam.d/apache2_ as follows |
||
65 | |||
66 | ~~~ |
||
67 | @include common-auth |
||
68 | @include common-account |
||
69 | account required pam_mysql.so user=webadmin passwd=secret host=160.45.63.30 db=drupal5 table=_shared_users usercolumn=name passwdcolumn=pass crypt=2 |
||
70 | ~~~ |
||
71 | |||
72 | Finally, restart apache2 and see if it works. |
||
73 | |||
74 | But there is some missing information: |
||
75 | |||
76 | |||
77 | |||
78 | |||
79 | ## libapache2-mod-auth-myaql |
||
80 | |||
81 | |||
82 | 2 | Lutz Suhrbier | ~~~ |
83 | 1 | Lutz Suhrbier | apt-get install apache2-prefork-dev apache2-prefork-dev |
84 | 155 apt-get -f install |
||
85 | 156 apt-get -f install |
||
86 | 157 apt-get install apache2-prefork-dev apache2-prefork-dev |
||
87 | 158 cd /usr/src/ |
||
88 | 159 mkdir auth_mysql |
||
89 | 160 cd auth_mysql/ |
||
90 | 161 wget http://download.nuxwin.com/apache2.2-modules/auth_mysql/mod_auth_mysql-3.0.0.tar.gz |
||
91 | 162 tar xzf mod_auth_mysql-3.0.0.tar.gz |
||
92 | 163 ls |
||
93 | 164 wget http://download.nuxwin.com/apache2.2-modules/auth_mysql/patch/apache2.2.diff |
||
94 | 165 mv apache2.2.diff mod_auth_mysql-3.0.0/ |
||
95 | 166 cd mod_auth_mysql-3.0.0 |
||
96 | 167 patch -p0 < apache2.2.diff mod_auth_mysql.c |
||
97 | 168 apt-get install patch |
||
98 | 169 patch -p0 < apache2.2.diff mod_auth_mysql.c |
||
99 | 170 apxs2 -c -L/usr/lib/mysql -I/usr/include/mysql -lmysqlclient -lm -lz mod_auth_mysql.c |
||
100 | 171 apt-get install build-essentials |
||
101 | 172 apxs2 -c -L/usr/lib/mysql -I/usr/include/mysql -lmysqlclient -lm -lz mod_auth_mysql.c |
||
102 | 173 apt-get install gcc |
||
103 | 174 apxs2 -c -L/usr/lib/mysql -I/usr/include/mysql -lmysqlclient -lm -lz mod_auth_mysql.c |
||
104 | 175 apt-get install libmysqlclient15-dev |
||
105 | 176 apxs2 -c -L/usr/lib/mysql -I/usr/include/mysql -lmysqlclient -lm -lz mod_auth_mysql.c |
||
106 | 177 apxs2 -i mod_auth_mysql.la |
||
107 | 178 echo "LoadModule mysql_auth_module /usr/lib/apache2/modules/mod_auth_mysql.so" > /etc/apache2/mods-available/auth_mysql.load |
||
108 | 179 a2enmod auth_mysql |
||
109 | 180 /etc/init.d/apache2 force-reload |
||
110 | 181 /etc/init.d/apache2 force-reload |
||
111 | 182 less /var/log/apache2/access.log |
||
112 | 183 less /var/log/apache2/error.log |
||
113 | 184 less /var/log/auth.log |
||
114 | 2 | Lutz Suhrbier | ~~~ |