Project

General

Profile

Actions

ApacheMySQLAuthentication » History » Revision 5

« Previous | Revision 5/22 (diff) | Next »
Lutz Suhrbier, 08/10/2007 08:48 PM


Apache MySQL Authentication

PAM-MySQL Authentication

Since, the package libapache2-mod-auth-mysql is currently not available, we take the recommended Debian way and use libapache2-mod-auth-pam and libpam-mysql instead.

# apt-get install libapache2-mod-auth-pam libpam-mysql

We have to configure this within Apache2. Therefore, we use our idp configuration script and change the shibboleth authentication location

 <Location /shibboleth-idp/SSO>
    AuthName               "Shibboleth IdP"
    AuthType               Basic
    AuthUserFile       /etc/apache2/user.db
    require                valid-user
  </Location>

into the following

 <Location /shibboleth-idp/SSO>
    AuthName             "Shibboleth IdP"
    AuthType             Basic
    AuthName            "PAM"
    require                valid-user
  </Location>

Furthermore, we have to add the user www-data to the shadow group

# adduser www-data shadow

But, the following Security advice is from the README.Debian file for the module:

SECURITY

To use with standard Debian configuration you have to add "www-data" user to

"shadow" group. Be careful! It means it can be readable by anyone who can run

its own CGI script!

The passwords are sent by net as clear text. You should use SSL to protect

them.

Now, we have to configure PAM for Apache2, to use the correct MySQL Database.

Edit /etc/pam.d/apache2 as follows

@include common-auth
@include common-account
account required pam_mysql.so user=webadmin passwd=secret host=160.45.63.30 db=drupal5 table=_shared_users usercolumn=name passwdcolumn=pass crypt=2

Finally, restart apache2 and see if it works.

But there is some missing information:

libapache2-mod-auth-myaql

 apt-get install apache2-prefork-dev apache2-prefork-dev
  155  apt-get -f install
  156  apt-get -f install
  157  apt-get install apache2-prefork-dev apache2-prefork-dev
  158  cd /usr/src/
  159  mkdir auth_mysql
  160  cd auth_mysql/
  161  wget http://download.nuxwin.com/apache2.2-modules/auth_mysql/mod_auth_mysql-3.0.0.tar.gz
  162  tar xzf mod_auth_mysql-3.0.0.tar.gz
  163  ls
  164  wget http://download.nuxwin.com/apache2.2-modules/auth_mysql/patch/apache2.2.diff
  165  mv apache2.2.diff mod_auth_mysql-3.0.0/
  166  cd mod_auth_mysql-3.0.0
  167  patch -p0 < apache2.2.diff mod_auth_mysql.c
  168  apt-get install patch
  169  patch -p0 < apache2.2.diff mod_auth_mysql.c
  170  apxs2 -c -L/usr/lib/mysql -I/usr/include/mysql -lmysqlclient -lm -lz mod_auth_mysql.c
  171  apt-get install build-essentials
  172  apxs2 -c -L/usr/lib/mysql -I/usr/include/mysql -lmysqlclient -lm -lz mod_auth_mysql.c
  173  apt-get install gcc
  174  apxs2 -c -L/usr/lib/mysql -I/usr/include/mysql -lmysqlclient -lm -lz mod_auth_mysql.c
  175  apt-get install libmysqlclient15-dev
  176  apxs2 -c -L/usr/lib/mysql -I/usr/include/mysql -lmysqlclient -lm -lz mod_auth_mysql.c
  177  apxs2 -i mod_auth_mysql.la
  178  echo "LoadModule mysql_auth_module /usr/lib/apache2/modules/mod_auth_mysql.so" > /etc/apache2/mods-available/auth_mysql.load
  179  a2enmod auth_mysql
  180  /etc/init.d/apache2 force-reload
  181  /etc/init.d/apache2 force-reload
  182  less /var/log/apache2/access.log
  183  less /var/log/apache2/error.log
  184  less /var/log/auth.log

Updated by Lutz Suhrbier over 16 years ago · 5 revisions