You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Luca Meneghesso <me...@mtsspa.it> on 2006/08/23 17:15:44 UTC
[users@httpd] Digest authentication with mod_authn_dbd + MySQL driver
Hi everybody!
I finally managed to compile Apache 2.2.3/OpenSSL to perform Authentication
and Authorization with mod_authn_dbd/mod_authz_dbd/apr_dbd_mysql. Everything
works correctly when using Basic Authentication but when I switch to Digest
Authentication the server returns this error message:
[Wed Aug 23 16:54:42 2006] [error] [client xxx.xxx.xxx.xx] No DBD Authn
configured!
The relevant part of my httpd.conf is:
.......
DBDriver mysql
DBDParams "host=xxx.xxx.xxx.xx dbname=http-auth user=xxxxx pass=xxxxx"
DBDMin 1
DBDKeep 2
DBDMax 10
DBDExptime 60
<Directory /opt/MTSWeb/Apache/ssldocs/dbas>
DirectoryIndex index.html
AuthName "PRIVATE Area - Authentication Test - DBAS group"
AuthType Digest
AuthDigestProvider dbd
AuthDigestDomain /dbas/ http://mtsfesrv01/dbas/
AuthDBDUserPWQuery "select password from users where username=%s"
Require dbd-group dbas
AuthzDBDQuery "SELECT grp FROM groups where username=%s and grp='dbas'"
Options FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
</Directory>
.......
Has anyuone run into this problem before? If yes, what's the solution? (or
what am I doing wrong?)
Second question: is the AuthDigestDomain required or can it be removed?
Apache was compiled with the Sun cc on a Solaris 10 T2000 box.
MySQL is version 5.0.18 running on a WinXP PC
Thanks in advance,
Luca
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Digest authentication with mod_authn_dbd + MySQL driver
Posted by Nick Kew <ni...@webthing.com>.
On Thursday 24 August 2006 13:59, Luca Meneghesso wrote:
> Ok.
>
> After some research I found that htdigest calculates the password digest
> based on the string username:realm:password, now I know how to
> programmatically populate the password field in the users table with
> MySQL's md5() function.
That's great! Now you can make a contribution to the community,
by writing up a mini-tutorial on what you did to get it all working!
And of course it doesn't have to be in English.
--
Nick Kew
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Digest authentication with mod_authn_dbd + MySQL driver
Posted by Luca Meneghesso <me...@mtsspa.it>.
Ok.
After some research I found that htdigest calculates the password digest
based on the string username:realm:password, now I know how to
programmatically populate the password field in the users table with MySQL's
md5() function.
Luca
-----Original Message-----
From: Luca Meneghesso [mailto:meneghesso_news@mtsspa.it]
Sent: mercoledì 23 agosto 2006 19.26
To: users@httpd.apache.org
Subject: RE: [users@httpd] Digest authentication with mod_authn_dbd + MySQL
driver
Nick,
> You're trying to do Digest authentication with a Basic authn configuration
> by just switching AuthType. You need an AuthDBDUserRealmQuery, and
> you'll need to populate your database with md5 digests. See the digest
> authn documentation.
It works now. I didn't realize that my query must include also the realm.
I populated the password field on my database by copying the md5 digests
generated with the htdigest tool. Is there any other way to do it?
I tried with that the MD5() function in MySQL but it does is not generate
the same digests as htdigest.
> (one advantage of DBD is you can use the same table for both types
> of authn. Just use different columns for Basic and Digest entries).
That's a feature I will certainly use!
>> --
>> Nick Kew
Thank you for your help.
Luca Meneghesso
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Digest authentication with mod_authn_dbd + MySQL driver
Posted by Luca Meneghesso <me...@mtsspa.it>.
Nick,
> You're trying to do Digest authentication with a Basic authn configuration
> by just switching AuthType. You need an AuthDBDUserRealmQuery, and
> you'll need to populate your database with md5 digests. See the digest
> authn documentation.
It works now. I didn't realize that my query must include also the realm.
I populated the password field on my database by copying the md5 digests
generated with the htdigest tool. Is there any other way to do it?
I tried with that the MD5() function in MySQL but it does is not generate
the same digests as htdigest.
> (one advantage of DBD is you can use the same table for both types
> of authn. Just use different columns for Basic and Digest entries).
That's a feature I will certainly use!
>> --
>> Nick Kew
Thank you for your help.
Luca Meneghesso
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Digest authentication with mod_authn_dbd + MySQL driver
Posted by Nick Kew <ni...@webthing.com>.
On Wednesday 23 August 2006 16:15, Luca Meneghesso wrote:
> Hi everybody!
>
> I finally managed to compile Apache 2.2.3/OpenSSL to perform Authentication
> and Authorization with mod_authn_dbd/mod_authz_dbd/apr_dbd_mysql.
> Everything works correctly when using Basic Authentication but when I
> switch to Digest Authentication the server returns this error message:
You're trying to do Digest authentication with a Basic authn configuration
by just switching AuthType. You need an AuthDBDUserRealmQuery, and
you'll need to populate your database with md5 digests. See the digest
authn documentation.
(one advantage of DBD is you can use the same table for both types
of authn. Just use different columns for Basic and Digest entries).
--
Nick Kew
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org