Configuration Example
This simple example shows use of this module in the context ofthe Authentication and DBD frameworks. Please note that you needto load an authorization module, such as mod_authz_user
,to get it working.
# mod_dbd configurationDBDriver pgsqlDBDParams "dbname=apacheauth user=apache password=xxxxxx"DBDMin 4DBDKeep 8DBDMax 20DBDExptime 300<Directory /usr/www/myhost/private> # core authentication and mod_auth_basic configuration # for mod_authn_dbd AuthType Basic AuthName "My Server" AuthBasicProvider dbd # core authorization configuration Require valid-user # mod_authn_dbd SQL query to authenticate a user AuthDBDUserPWQuery "SELECT password FROM authn WHERE user = %s"</Directory>
Exposing Login Information
If httpd was built against APR version 1.3.0or higher, then whenever a query is made to the database server, allcolumn values in the first row returned by the query are placed in theenvironment, using environment variables with the prefix "AUTHENTICATE_".
If a database query for example returned the username, full nameand telephone number of a user, a CGI program will have access tothis information without the need to make a second independent databasequery to gather this additional information.
This has the potential to dramatically simplify the coding andconfiguration required in some web applications.
AuthDBDUserPWQuery Directive
The AuthDBDUserPWQuery
specifies an SQL query to look up a password for a specified user. The user's ID will be passed as a single string parameter when the SQL query is executed. It may be referenced within the query statement using a %s
format specifier.
Example
AuthDBDUserPWQuery "SELECT password FROM authn WHERE user = %s"
The first column value of the first row returned by the query statement should be a string containing the encrypted password. Subsequent rows will be ignored. If no rows are returned, the user will not be authenticated through mod_authn_dbd
.
If httpd was built against APR version 1.3.0 or higher, any additional column values in the first row returned by the query statement will be stored as environment variables with names of the form AUTHENTICATE_COLUMN
.
AuthDBDUserRealmQuery Directive
The AuthDBDUserRealmQuery
specifies an SQL query to look up a password for a specified user and realm. The user's ID and the realm, in that order, will be passed as string parameters when the SQL query is executed. They may be referenced within the query statement using %s
format specifiers.
Example
AuthDBDUserRealmQuery "SELECT password FROM authn WHERE user = %s AND realm = %s"
The first column value of the first row returned by the query statement should be a string containing the encrypted password. Subsequent rows will be ignored. If no rows are returned, the user will not be authenticated through mod_authn_dbd
.
If httpd was built against APR version 1.3.0 or higher, any additional column values in the first row returned by the query statement will be stored as environment variables with names of the form AUTHENTICATE_COLUMN
.