mod_authn_dbd

Overview

mod_authn_dbd module provides user authentication by searching users in SQL tables.

This module relies on mod_dbd to specify the backend database driver and connection parameters, and manage the database connections. The functionality is similar to this of mod_authn_file , the only difference is the storage for passwords - for mod_authn_file it's plain text file and for mod_authn_dbd it's SQL table.

To apply this module to mod_auth_basic or mod_auth_digest , it should be defined in AuthBasicProvider or AuthDigestProvider respectively with dbd value.

Quick start

Sample mod_authn_dbd configuration in .htaccess 

# mod_dbd configuration
DBDriver mssql
DBDParams "Data Source=db_server;Initial Catalog=users_db;Persist Security Info=True;User ID=sa;Password=your_password"

# mod_auth_basic configuration
AuthType Basic
AuthName "My Server"
AuthBasicProvider dbd
Require valid-user

# mod_authn_dbd SQL query to authenticate a user
AuthDBDUserPWQuery "SELECT password FROM users_table WHERE user = @USERNAME"

Related articles and topics

Enviroment variables

Name Context Description
enable_plaintext_passwords S V D .h Enables plain text passwords in password file; by default it is disabled

Directives

Name Context Description
AuthDBDUserPWQuery S V D .h Contains SQL query to look up the password for the user
AuthDBDUserRealmQuery S V D .h Contains SQL query to look up the password hash for the user and realm

AuthDBDUserPWQuery

AuthDBDUserPWQuery directive contains the SQL query that will be used to search password for the specified user. The user's ID will be passed as a single string parameter when the SQL query is executed. It may be referenced within the query statement using a @USERNAME format specifier.

The first column value of the first row returned by the query is a string containing the encrypted password. Subsequent rows will be ignored. If no rows are returned, the user will not be authenticated through mod_authn_dbd.

Syntax 

AuthDBDUserPWQuery query

Example 

AuthDBDUserPWQuery "SELECT password FROM users_table WHERE user = @USERNAME"

Note! This directive is used for Basic authentication .

To generate passwords for Basic authentication, open Helicon Ape Manager, create new file ( File -> New ) and go to Options -> Insert user password... In the opened dialog select Basic authentication type, desired encryption type, username and password. The password to be inserted into the passwords SQL table is the part of the Result after the semicolon. 

user1:$apr1$INLVN...$vGlaWUKqx3A8vsO4qgtVC.

Note! If you don't need the password to be encrypted, you may write it as is into the proper SQL table column.

AuthDBDUserRealmQuery

AuthDBDUserRealmQuery directive contains the SQL query that will be used to search password for the specified user and realm. The user's ID and the realm (in such order) will be passed as a string parameters when the SQL query is executed. They may be referenced within the query statement using @USERNAME and @REALM format specifiers.

The first column value of the first row returned by the query is a string containing the encrypted password. Subsequent rows will be ignored. If no rows are returned, the user will not be authenticated through mod_authn_dbd.

Syntax 

AuthDBDUserRealmQuery query

Example 

AuthDBDUserRealmQuery "SELECT password FROM users_table WHERE user = @USERNAME AND realm = @REALM"

Note! No single quotes around @REALM and @USERNAME values should be put.

Note! This directive is used for Digest authentication .

To generate passwords for Digest authentication open Helicon Ape Manager, create new file ( File -> New ) and go to Options -> Insert user password... In the opened dialog select Digest authentication type, desired encryption type, username, password and realm. The password to be inserted into the passwords SQL table is the part of the Result after the second semicolon. 

user2:realm2:c9e7e0ea0dfb6f2bd070e76e75e5dfa9