You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Robert Wagner <ro...@math.TU-Berlin.DE> on 2011/07/01 16:16:39 UTC

[users@httpd] "require group" using authn_dbd and digest

Hi,

i would like to authenticate users using MySQL. So far my working
configuration look like this:
DBDriver mysql
DBDParams "host=127.0.0.1 port=3306 dbname=apache_auth user=username
pass=password"
DBDPersist off

<Directory /var/www/sqlauth>
        AuthDBDUserRealmQuery "SELECT passwd FROM web_users WHERE
username = %s AND realm = %s"
        AuthDigestProvider dbd
        AuthName "geschuetzter Bereich"
        AuthType Digest

        Order deny,allow
        Allow from all
        Require valid-user
</Directory>

Now i need to realize groups (using an own sql table). I found many
tutorials using basic-authentication but none with digest.
I am using Debian Squeeze and Apache 2.2. I hope someone can help...

Thanks
Robert

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] "require group" using authn_dbd and digest

Posted by Nick Kew <ni...@webthing.com>.

On 1 Jul 2011, at 15:16, Robert Wagner wrote:

> Now i need to realize groups (using an own sql table). I found many
> tutorials using basic-authentication but none with digest.
> I am using Debian Squeeze and Apache 2.2. I hope someone can help...

Hmmm ... this needs to go in an FAQ somewhere.

The extra step with digest authentication is to generate the password
hashes in your SQL table.  There's no good tool for that (AFAIK), but
you can work around it by using htdigest and copying the hashes
it generates into your password field.

Is that what you were looking for?

-- 
Nick Kew

Available for work, contract or permanent
http://www.webthing.com/~nick/cv.html

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] mod_authnz Authenticate_ Env variables

Posted by Tim <ni...@linuxstuff.info>.

How do I capture this? When a user successfully logs in?

I need to capture the username that successfully logged.

Tim	

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] mod_authnz_ldap Non Authorized users

Posted by Tim <ni...@linuxstuff.info>.

Ah ok thanks...

On 7/4/2011 6:15 AM, Tom Evans wrote:
> On Sat, Jul 2, 2011 at 8:45 PM, Tim <ni...@linuxstuff.info> wrote:
>>
>> Yes. Its the Browser username and prompt that appears.
>>
> 
> You misunderstood Eric. What you are seeing is the browser prompting
> for authentication 3 times. Most (all?) browsers will do this when
> they receive a 401 response, and only on the third failed validation
> attempt (or after clicking cancel) will the browser actually display
> the 401 response as sent by Apache.
> 
> In other words - you cannot modify this behaviour from Apache, it is
> controlled solely by the User Agent.
> 
> Cheers
> 
> Tom
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] mod_authnz_ldap Non Authorized users

Posted by Tom Evans <te...@googlemail.com>.

On Sat, Jul 2, 2011 at 8:45 PM, Tim <ni...@linuxstuff.info> wrote:
>
> Yes. Its the Browser username and prompt that appears.
>

You misunderstood Eric. What you are seeing is the browser prompting
for authentication 3 times. Most (all?) browsers will do this when
they receive a 401 response, and only on the third failed validation
attempt (or after clicking cancel) will the browser actually display
the 401 response as sent by Apache.

In other words - you cannot modify this behaviour from Apache, it is
controlled solely by the User Agent.

Cheers

Tom

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] mod_authnz_ldap Non Authorized users

Posted by Tim <ni...@linuxstuff.info>.

Yes. Its the Browser username and prompt that appears.

On 7/2/2011 9:20 AM, Eric Covener wrote:
> On Sat, Jul 2, 2011 at 9:56 AM, Tim <ni...@linuxstuff.info> wrote:
>> Hey All,
>>
>> So I have been playing with mod_authnz_ldap and Authentication and
>> Authorizations works perfectly. However, the first time a Non-Authorized
>> users attempts to login I want to stop prompting and display to the user
>> the 401 error msg. Is this even possible?
>>
>> As it is now, this is not the case the user is prompted another two times
>> and then it fails - and displays the 401 error.
> 
> 
> Are you just seeing some browser decision? I think the response is
> actually the same over and over.
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] mod_authnz_ldap Non Authorized users

Posted by Eric Covener <co...@gmail.com>.

On Sat, Jul 2, 2011 at 9:56 AM, Tim <ni...@linuxstuff.info> wrote:
> Hey All,
>
> So I have been playing with mod_authnz_ldap and Authentication and
> Authorizations works perfectly. However, the first time a Non-Authorized
> users attempts to login I want to stop prompting and display to the user
> the 401 error msg. Is this even possible?
>
> As it is now, this is not the case the user is prompted another two times
> and then it fails - and displays the 401 error.


Are you just seeing some browser decision? I think the response is
actually the same over and over.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] mod_authnz_ldap Non Authorized users

Posted by Tim <ni...@linuxstuff.info>.

Hey All,

So I have been playing with mod_authnz_ldap and Authentication and
Authorizations works perfectly. However, the first time a Non-Authorized
users attempts to login I want to stop prompting and display to the user
the 401 error msg. Is this even possible?

As it is now, this is not the case the user is prompted another two times
and then it fails - and displays the 401 error.

However, if the user fat fingers their password it should prompt again.

Any advice?

Tim

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] "require group" using authn_dbd and digest

Posted by Robert Wagner <ro...@math.tu-berlin.de>.

Authenticating groups using a database seems to be possible only with
mod_authz_dbd (http://httpd.apache.org/docs/2.3/mod/mod_authz_dbd.html).
The source files for Apache 2.2 can be found at
http://people.apache.org/~niq/dbd.html.

Robert

Am 01.07.2011 16:16, schrieb Robert Wagner:
> Hi,
>
> i would like to authenticate users using MySQL. So far my working
> configuration look like this:
> DBDriver mysql
> DBDParams "host=127.0.0.1 port=3306 dbname=apache_auth user=username
> pass=password"
> DBDPersist off
>
> <Directory /var/www/sqlauth>
>         AuthDBDUserRealmQuery "SELECT passwd FROM web_users WHERE
> username = %s AND realm = %s"
>         AuthDigestProvider dbd
>         AuthName "geschuetzter Bereich"
>         AuthType Digest
>
>         Order deny,allow
>         Allow from all
>         Require valid-user
> </Directory>
>
> Now i need to realize groups (using an own sql table). I found many
> tutorials using basic-authentication but none with digest.
> I am using Debian Squeeze and Apache 2.2. I hope someone can help...
>
> Thanks
> Robert
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org