You are viewing a plain text version of this content. The canonical link for it is here.
Posted to docs@httpd.apache.org by Rich Bowen <rb...@rcbowen.com> on 2016/07/04 20:08:44 UTC
mod_authz_dbm
The mod_authz_dbm docs are making me crazy, and I could use some help.
In particular, the docs say:
The group file is keyed on the username. The value for a user is a
comma-separated list of the groups to which the users belongs. There
must be no whitespace within the value, and it must never contain any
colons.
However, there's no indication of how one much actually create such a
file. Can someone give me a pointer as to how I'd go about creating this
file?
Related: the dbmmanage utility, while documented, is not actually
available (ie, as packages) on the Fedora/CentOS and Debian/Ubuntu
families of Linux distros, so solutions involving dbmmanage are
frustrating, at best.
--
Rich Bowen - rbowen@rcbowen.com - @rbowen
http://apachecon.com/ - @apachecon
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: mod_authz_dbm
Posted by Rich Bowen <rb...@rcbowen.com>.
On 07/06/2016 03:43 PM, Tom Chiverton wrote:
> On Wednesday, 6 July 2016 12:48:40 BST Rich Bowen wrote:
>>> That should be done by the distro maintainer.
>>> However, since it is a DB2 file it shoud be possible to edit that file
>>> with other tools.
>>
>> What are these other tools?
>
> https://httpd.apache.org/docs/current/programs/httxt2dbm.html
>
Oh! Of course!
Geez, that didn't even occur to me. Thank you for pointing out the
obvious for me. :-)
--Rich
--
Rich Bowen - rbowen@rcbowen.com - @rbowen
http://apachecon.com/ - @apachecon
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: mod_authz_dbm
Posted by Tom Chiverton <to...@apache.org>.
On Wednesday, 6 July 2016 12:48:40 BST Rich Bowen wrote:
> > That should be done by the distro maintainer.
> > However, since it is a DB2 file it shoud be possible to edit that file
> > with other tools.
>
> What are these other tools?
https://httpd.apache.org/docs/current/programs/httxt2dbm.html
--
Tom
Through knowledge comes understanding, and through understanding
forgiveness.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: mod_authz_dbm
Posted by Rich Bowen <rb...@rcbowen.com>.
On 07/05/2016 03:19 PM, Mario Brandt wrote:
> On 5 July 2016 at 20:42, Rich Bowen <rb...@rcbowen.com> wrote:
>
>>
>> Unfortunately, dbmmanage isn't available to the majority of our users,
>> due to decisions made at the packaging/distro level. (See my comment
>> earlier. See also
>> https://lists.apache.org/thread.html/e1aaf09a66c2ecbbbfd8da818aa243d06a260993fda2344f81c2adb7@%3Cdev.httpd.apache.org%3E
>> )
>>
>> So I'm still left with questions as to how to create these DBM group
>> files, in the absence of dbmmanage.
>
> That should be done by the distro maintainer.
> However, since it is a DB2 file it shoud be possible to edit that file
> with other tools.
What are these other tools?
>
>> The docs talk about two different ways you can handle these files. One
>> is to put a list of groups in the user database, in the comment field.
>> That's all well and good, but it does mean that you must know the
>> password of the user before you can edit their group list, which seems
>> suboptimal.
>
> I found a tutorial page for it.
> http://howtolamp.com/lamp/httpd/2.4/securing/auth-basic-dbm/
>
Thanks. This looks like a good starting place.
--
Rich Bowen - rbowen@rcbowen.com - @rbowen
http://apachecon.com/ - @apachecon
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: mod_authz_dbm
Posted by Mario Brandt <jb...@gmail.com>.
On 5 July 2016 at 20:42, Rich Bowen <rb...@rcbowen.com> wrote:
>
> Unfortunately, dbmmanage isn't available to the majority of our users,
> due to decisions made at the packaging/distro level. (See my comment
> earlier. See also
> https://lists.apache.org/thread.html/e1aaf09a66c2ecbbbfd8da818aa243d06a260993fda2344f81c2adb7@%3Cdev.httpd.apache.org%3E
> )
>
> So I'm still left with questions as to how to create these DBM group
> files, in the absence of dbmmanage.
That should be done by the distro maintainer.
However, since it is a DB2 file it shoud be possible to edit that file
with other tools.
> The docs talk about two different ways you can handle these files. One
> is to put a list of groups in the user database, in the comment field.
> That's all well and good, but it does mean that you must know the
> password of the user before you can edit their group list, which seems
> suboptimal.
I found a tutorial page for it.
http://howtolamp.com/lamp/httpd/2.4/securing/auth-basic-dbm/
Good luck!
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: mod_authz_dbm
Posted by Rich Bowen <rb...@rcbowen.com>.
On 07/05/2016 11:56 AM, Mario Brandt wrote:
> Hi Rich,
>
> take a look at line 84 to 90 from the source code [1]
> That might help you.
>
> The dbmmanage is availabe in the bin folder on a regular build [2]. On
> Windows the name is dbmmanage.pl due the windows limitation of the
> need of a file extension.
> The basic usage[3]
>
> So you can download the perl script and play with it.
Unfortunately, dbmmanage isn't available to the majority of our users,
due to decisions made at the packaging/distro level. (See my comment
earlier. See also
https://lists.apache.org/thread.html/e1aaf09a66c2ecbbbfd8da818aa243d06a260993fda2344f81c2adb7@%3Cdev.httpd.apache.org%3E
)
So I'm still left with questions as to how to create these DBM group
files, in the absence of dbmmanage.
The docs talk about two different ways you can handle these files. One
is to put a list of groups in the user database, in the comment field.
That's all well and good, but it does mean that you must know the
password of the user before you can edit their group list, which seems
suboptimal.
It makes me wonder if anybody is actually using this module in
production anywhere.
> [1] https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/modules/aaa/mod_authz_dbm.c
> [2] https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/support/dbmmanage.in
> [3]
> ------------------------------------------------------------------------------------------------------------------------------------
> mario@box:/opt/apache2/bin$ ./dbmmanage
> Usage: dbmmanage [enc] dbname command [username [pw [group[,group] [comment]]]]
>
> where enc is -d for crypt encryption (default except on Win32, Netware)
> -m for MD5 encryption (default on Win32, Netware)
> -s for SHA1 encryption
> -p for plaintext
>
> command is one of: add|adduser|check|delete|import|update|view
>
> pw of . for update command retains the old password
> pw of - (or blank) for update command prompts for the password
>
> groups or comment of . (or blank) for update command retains old values
> groups or comment of - for update command clears the existing value
> groups or comment of - for add and adduser commands is the empty value
> ------------------------------------------------------------------------------------------------------------------------------------
>
> On 4 July 2016 at 22:08, Rich Bowen <rb...@rcbowen.com> wrote:
>> The mod_authz_dbm docs are making me crazy, and I could use some help.
>> In particular, the docs say:
>>
>> The group file is keyed on the username. The value for a user is a
>> comma-separated list of the groups to which the users belongs. There
>> must be no whitespace within the value, and it must never contain any
>> colons.
>>
>> However, there's no indication of how one much actually create such a
>> file. Can someone give me a pointer as to how I'd go about creating this
>> file?
>>
>> Related: the dbmmanage utility, while documented, is not actually
>> available (ie, as packages) on the Fedora/CentOS and Debian/Ubuntu
>> families of Linux distros, so solutions involving dbmmanage are
>> frustrating, at best.
>>
>> --
>> Rich Bowen - rbowen@rcbowen.com - @rbowen
>> http://apachecon.com/ - @apachecon
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: docs-help@httpd.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
> For additional commands, e-mail: docs-help@httpd.apache.org
>
--
Rich Bowen - rbowen@rcbowen.com - @rbowen
http://apachecon.com/ - @apachecon
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: mod_authz_dbm
Posted by Mario Brandt <jb...@gmail.com>.
Hi Rich,
take a look at line 84 to 90 from the source code [1]
That might help you.
The dbmmanage is availabe in the bin folder on a regular build [2]. On
Windows the name is dbmmanage.pl due the windows limitation of the
need of a file extension.
The basic usage[3]
So you can download the perl script and play with it.
Cheers
Mario
[1] https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/modules/aaa/mod_authz_dbm.c
[2] https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/support/dbmmanage.in
[3]
------------------------------------------------------------------------------------------------------------------------------------
mario@box:/opt/apache2/bin$ ./dbmmanage
Usage: dbmmanage [enc] dbname command [username [pw [group[,group] [comment]]]]
where enc is -d for crypt encryption (default except on Win32, Netware)
-m for MD5 encryption (default on Win32, Netware)
-s for SHA1 encryption
-p for plaintext
command is one of: add|adduser|check|delete|import|update|view
pw of . for update command retains the old password
pw of - (or blank) for update command prompts for the password
groups or comment of . (or blank) for update command retains old values
groups or comment of - for update command clears the existing value
groups or comment of - for add and adduser commands is the empty value
------------------------------------------------------------------------------------------------------------------------------------
On 4 July 2016 at 22:08, Rich Bowen <rb...@rcbowen.com> wrote:
> The mod_authz_dbm docs are making me crazy, and I could use some help.
> In particular, the docs say:
>
> The group file is keyed on the username. The value for a user is a
> comma-separated list of the groups to which the users belongs. There
> must be no whitespace within the value, and it must never contain any
> colons.
>
> However, there's no indication of how one much actually create such a
> file. Can someone give me a pointer as to how I'd go about creating this
> file?
>
> Related: the dbmmanage utility, while documented, is not actually
> available (ie, as packages) on the Fedora/CentOS and Debian/Ubuntu
> families of Linux distros, so solutions involving dbmmanage are
> frustrating, at best.
>
> --
> Rich Bowen - rbowen@rcbowen.com - @rbowen
> http://apachecon.com/ - @apachecon
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
> For additional commands, e-mail: docs-help@httpd.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org