Using MYSQL for User Authentication on Apache
If you have a very busy server and large username/password lists stored
in text files, using the MYSQL relational database can greatly increase
your server's performance and simplify tasks such as adding users and
looking up lost passwords.
What You Will Need
Configuration and Installation
- You must know how to compile and install the Apache Server.
- You need to know how install & administer the MYSQL server.
STEP 1: Unpack your Apache tar file into a directory such as
/tmp/ resulting in the Apache file being located in a directory
such as /tmp/apache_1.3.6 (write this on a piece of paper)
Important! Starting with Apache 1.3.14 you must:
Otherwise, it will not compile.
ln -s ap_alloc.h alloc.h
STEP 2: Unpack your mod_auth tar file into your /tmp directory
which will create something like /tmp/mod_auth_mysql_2.20
STEP 3: Assuming you have MYSQL installed already, make a note of
the location of it's directory, such as
/usr/local/mysql-3.22.23b-pc-linux-gnu-i686 (write this on a piece of paper).
If you don't already have MYSQL installed, now would be a wonderful
time to think about doing it! Also make sure your MSQL server is up and running.
If you haven't done so already, you should make a link using the ln
command so you don't have to always type the full name out. As an example:
STEP 4: Follow MYSQL's instructions for creating a user account for your web server
to log into the database as. You must also set a password for that user. In our example,
the user name is 'nobody' with a password of 'nobody123'.
Instructions can be found at
ln -s mysql-3.22.23b-pc-linux-gnu-i686 mysql
This way your path to MYSQL would just be /usr/local/mysql. Much easier!
STEP 5: Change directories to where you dumped the mod_auth_mysql
files to, such as /tmp/mod_auth_mysql_2.20
STEP 6: Read the README file. The basic idea is to do this:
./configure --with-mysql=/usr/local/mysql --with-apache=/tmp/apache_1.3.6
note: the values above should be the values you wrote down
during steps 1 and 3.
You should end up with a line telling you what to do when you configure
apache, such as:
STEP 7: The step above installed the mod_auth_mysql files into the
Apache src heirarchy. Now, change directories to where your Apache files
are located, such as /tmp/apache_1.3.6 and do the following:
plus whatever other options you use
STEP 8: If you already have a database that can contain the table
holding your usernames and passwords, you can skip this step. If you
either do not have a database, then use the mysqladmin command
to create a new database, such as:
mysqladmin create mydatabase
STEP 9: Using mysql create a table and grant permissions to the user account
your web server runs as:
create table mysql_auth
username char(50) not null,
create unique index mysqlauthix1 on mysql_auth(username);
grant all on mysql_auth to nobody;
Note: I have had no problems with using a character length
of 50 for the username column.
STEP 10: Add the following line to your apache server's httpd.conf
Auth_MySQL_Info localhost nobody nobody123
Note that the arguments are hostname, username, and
Restart your Apache server, ie apachectl restart.
STEP 11: DON'T PANIC if you see a whole bunch of mysql processes running
instead of the usual 3. Each httpd gets it's own mysql!
STEP 12: Pick a directory under your web server's document root that you
want to protect, and create a .htaccess file that looks like this:
AuthName "Your Login is Required"
<Limit GET POST>
#note: in this example I am NOT using encrypted passords.
# to use encrypted passwords, check the README file
# that comes with mod_auth_mysql for details...
# mydatabase should be replaced with the name of your
# database containing the auth_mysql table.
STEP 13: Here it is, the home stretch... Go into mysql
with the command mysql mydatabase and do the following
insert into mysql_auth ( username, passwd, group)
values ('fred', 'flinstone,'');
STEP 14: Using your web browser, try to call a page
located in the directory that you protected with the .htaccess
file. With any luck you will be prompted for your name