docs/manual/mod/mod_authn_dbd.xml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140

<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
<!-- $LastChangedRevision$ -->

<!--
 Copyright 2005 The Apache Software Foundation or its licensors, as
 applicable.

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at

     http://www.apache.org/licenses/LICENSE-2.0

 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
-->

<modulesynopsis metafile="mod_authn_dbd.xml.meta">

<name>mod_authn_dbd</name>
<description>User authentication using an SQL database</description>
<status>Extension</status>
<sourcefile>mod_authn_dbd.c</sourcefile>
<identifier>authn_dbd_module</identifier>
<compatibility>Available in Apache 2.1 and later</compatibility>

<summary>
    <p>This module provides authentication front-ends such as
    <module>mod_auth_digest</module> and <module>mod_auth_basic</module>
    to authenticate users by looking up users in SQL tables.
    Similar functionality is provided by, for example,
    <module>mod_authn_file</module>.</p>
    <p>This module relies on <module>mod_dbd</module> to specify
    the backend database driver and connection parameters, and
    manage the database connections.</p>

    <p>When using <module>mod_auth_basic</module> or
    <module>mod_auth_digest</module>, this module is invoked via the
    <directive module="mod_auth_basic">AuthBasicProvider</directive> or
    <directive module="mod_auth_digest">AuthDigestProvider</directive>
    with the <code>dbd</code> value.</p>
</summary>

<seealso><directive module="core">AuthName</directive></seealso>
<seealso><directive module="core">AuthType</directive></seealso>
<seealso>
  <directive module="mod_auth_basic">AuthBasicProvider</directive>
</seealso>
<seealso>
  <directive module="mod_auth_digest">AuthDigestProvider</directive>
</seealso>
<seealso><directive module="mod_dbd">DBDriver</directive></seealso>
<seealso><directive module="mod_dbd">DBDParams</directive></seealso>

<section id="example">
<title>Configuration Example</title>
<p>This simple example shows use of this module in the context of
the Authentication and DBD frameworks.</p>
<example><pre>
#Database Management

#Use the PostgreSQL driver
<code>DBDriver pgsql</code>

#Connection string: database name and login credentials
<code>DBDParams "dbname=htpasswd user=apache password=xxxxxx"</code>

#Parameters for Connection Pool Management
<code>DBDMin  1
DBDKeep 2
DBDMax  10
DBDExptime 60</code>

#Authentication Section
<code>&lt;Directory /usr/www/myhost/private&gt;</code>

    #mod_auth configuration for authn_dbd
    <code>AuthType Basic
    AuthName "My Server"
    AuthBasicProvider dbd</code>

    #authz configuration
    <code>Require valid-user</code>

    #SQL query to verify a user
    #(note: DBD drivers recognise both stdio-like %s and native syntax)
    <code>AuthDBDUserPWQuery "select password from authn where username = %s"
&lt;/Directory&gt;</code>
</pre>
</example>
</section>

<directivesynopsis>
<name>AuthDBDUserPWQuery</name>
<description>SQL query to look up a password for a user</description>
<syntax>AuthDBDUserPWQuery <var>query</var></syntax>
<contextlist><context>directory</context>
</contextlist>

<usage>
    <p>The <directive>AuthDBDUserPWQuery</directive> specifies an
    SQL query to look up a password for a specified user.
    The query must take a single string (typically SQL varchar)
    argument (username), and return a single value (encrypted password).
    </p>
    <example>
    AuthDBDUserPWQuery "SELECT password FROM authn WHERE username = %s"
    </example>

</usage>
</directivesynopsis>

<directivesynopsis>
<name>AuthDBDUserRealmQuery</name>
<description>SQL query to look up a password hash for a user and realm.
</description>
<syntax>AuthDBDUserRealmQuery <var>query</var></syntax>
<contextlist><context>directory</context>
</contextlist>

<usage>
    <p>The <directive>AuthDBDUserRealmQuery</directive> specifies an
    SQL query to look up a password for a specified user and realm.
    The query must take two string (typically SQL varchar) arguments
    (username and realm), and return a single value (encrypted password).
    </p>
    <example>
    AuthDBDUserRealmQuery "SELECT password FROM authn
                              WHERE username = %s AND realm = %s"
    </example>

</usage>
</directivesynopsis>

</modulesynopsis>