<-
Apache > HTTP Server > Documentation > Version 2.2 > Modules

Apache Module mod_authn_dbd

Available Languages:  en 

Description:User authentication using an SQL database
Status:Extension
Module Identifier:authn_dbd_module
Source File:mod_authn_dbd.c
Compatibility:Available in Apache 2.1 and later

Summary

This module provides authentication front-ends such as mod_auth_digest and mod_auth_basic to authenticate users by looking up users in SQL tables. Similar functionality is provided by, for example, mod_authn_file.

This module relies on mod_dbd to specify the backend database driver and connection parameters, and manage the database connections.

When using mod_auth_basic or mod_auth_digest, this module is invoked via the AuthBasicProvider or AuthDigestProvider with the dbd value.

Directives

Topics

See also

top

Configuration Example

This simple example shows use of this module in the context of the Authentication and DBD frameworks.

#Database Management

#Use the PostgreSQL driver
DBDriver pgsql

#Connection string: database name and login credentials
DBDParams "dbname=htpasswd user=apache password=xxxxxx"

#Parameters for Connection Pool Management
DBDMin  1
DBDKeep 2
DBDMax  10
DBDExptime 60

#Authentication Section
<Directory /usr/www/myhost/private>

    #mod_auth configuration for authn_dbd
    AuthType Basic
    AuthName "My Server"
    AuthBasicProvider dbd

    #authz configuration
    Require valid-user

    #SQL query to verify a user
    #(note: DBD drivers recognise both stdio-like %s and native syntax)
    AuthDBDUserPWQuery "select password from authn where username = %s"
</Directory>
top

Exposing Login Information

Whenever a query is made to the database server, all columns returned by the query are placed in the environment, using environment variables with the prefix "AUTHENTICATE_".

If a database query for example returned the username, full name and telephone number of a user, a CGI program will have access to this information without the need to make a second independent database query to gather this additional information.

This has the potential to dramatically simplify the coding and configuration required in some web applications.

top

AuthDBDUserPWQuery Directive

Description:SQL query to look up a password for a user
Syntax:AuthDBDUserPWQuery query
Context:directory
Status:Extension
Module:mod_authn_dbd

The AuthDBDUserPWQuery specifies an SQL query to look up a password for a specified user. The query must take a single string (typically SQL varchar) argument (username), and return a single value (encrypted password).

AuthDBDUserPWQuery "SELECT password FROM authn WHERE username = %s"

If httpd was built against apr v1.3.0 or higher, any additional columns specified in the select statement will be inserted into the environment with the name AUTHENTICATE_<COLUMN>.

top

AuthDBDUserRealmQuery Directive

Description:SQL query to look up a password hash for a user and realm.
Syntax:AuthDBDUserRealmQuery query
Context:directory
Status:Extension
Module:mod_authn_dbd

The AuthDBDUserRealmQuery specifies an SQL query to look up a password for a specified user and realm. The query must take two string (typically SQL varchar) arguments (username and realm), and return a single value (encrypted password).

AuthDBDUserRealmQuery "SELECT password FROM authn WHERE username = %s AND realm = %s"

If httpd was built against apr v1.3.0 or higher, any additional columns specified in the select statement will be inserted into the environment with the name AUTHENTICATE_<COLUMN>.

Available Languages:  en