Configuration Example

mod_authn_dbd User authentication using an SQL database Extension mod_authn_dbd.c authn_dbd_module Available in Apache 2.1 and later

This module provides authentication front-ends such as mod_auth_digest and mod_auth_basic to authenticate users by looking up users in SQL tables. Similar functionality is provided by, for example, mod_authn_file.

This module relies on mod_dbd to specify the backend database driver and connection parameters, and manage the database connections.

When using mod_auth_basic or mod_auth_digest, this module is invoked via the AuthBasicProvider or AuthDigestProvider with the dbd value.

AuthName AuthType AuthBasicProvider AuthDigestProvider DBDriver DBDParams

Configuration Example

This simple example shows use of this module in the context of the Authentication and DBD frameworks.

#Database Management

#Use the PostgreSQL driver
DBDriver pgsql

#Connection string: database name and login credentials
DBDParams "dbname=htpasswd user=apache password=xxxxxx"

#Parameters for Connection Pool Management
DBDMin  1
DBDKeep 2
DBDMax  10
DBDExptime 60

#Authentication Section
<Directory /usr/www/myhost/private>

    #mod_auth configuration for authn_dbd
    AuthType Basic
    AuthName "My Server"
    AuthBasicProvider dbd

    #authz configuration
    Require valid-user

    #SQL query to verify a user
    #(note: DBD drivers recognise both stdio-like %s and native syntax)
    AuthDBDUserPWQuery "select password from authn where username = %s"
</Directory>

AuthDBDUserPWQuery SQL query to look up a password for a user AuthDBDUserPWQuery query directory

The AuthDBDUserPWQuery specifies an SQL query to look up a password for a specified user. The query must take a single string (typically SQL varchar) argument (username), and return a single value (encrypted password).

AuthDBDUserPWQuery "SELECT password FROM authn WHERE username = %s"

If httpd was built against apr v1.3.0 or higher, any additional columns specified in the select statement will be inserted into the environment with the name AUTHENTICATE_<COLUMN>.

AuthDBDUserRealmQuery SQL query to look up a password hash for a user and realm. AuthDBDUserRealmQuery query directory

The AuthDBDUserRealmQuery specifies an SQL query to look up a password for a specified user and realm. The query must take two string (typically SQL varchar) arguments (username and realm), and return a single value (encrypted password).

AuthDBDUserRealmQuery "SELECT password FROM authn WHERE username = %s AND realm = %s"

If httpd was built against apr v1.3.0 or higher, any additional columns specified in the select statement will be inserted into the environment with the name AUTHENTICATE_<COLUMN>.