1 All the directives understood by this version of mod-auth-mysql are listed
2 below. The huge number of synonym directives is due to the merging of two
3 separate versions of the program, both of which had subtly different usage
4 symantics. I'm sure there will be rationalisation in the near future.
6 Auth_MySQL_Info <host> <user> <password>
7 Server-wide config option to specify the database host, username,
8 and password used to connect to the MySQL server.
10 This option affects all directories which do not override it via
11 AuthMySQL_Host, AuthMySQL_User, and/or AuthMySQL_Password.
13 AuthMySQL_DefaultHost <hostname>
14 Specifies the MySQL server to use for authentication.
16 This option affects all directories which do not override it via
19 AuthMySQL_Host <hostname>
20 Synonym for AuthMySQL_DefaultHost, to be used in .htaccess files and
21 directory-specific entries.
23 Auth_MySQL_DefaultPort <portnum>
24 Specifies a port to use to talk to a MySQL server. If left empty,
25 the default (3306) will be used.
27 This option affects all directories which do not override it via
30 Auth_MySQL_Port <portnum>
31 Specifies a non-default port to use (other than 3306) when talking
32 to the MySQL server on AuthMySQL_Host or AuthMySQL_DefaultHost.
34 Auth_MySQL_DefaultSocket <socketname>
35 If using a local MySQL server, you can
36 specify a non-default named pipe to use instead of the default pipe
37 name compiled into your MySQL client library.
39 This option affects all directories which do not override it via
42 Auth_MySQL_Socket <socketname>
43 If using a local MySQL server, you can specify a non-default named
44 pipe to use instead of the default one compiled into MySQL with this
47 AuthMySQL_DefaultUser <username>
48 Specifies the username for connection to the MySQL server.
50 AuthMySQL_User <username>
51 Synonym for AuthMySQL_DefaultUser, to be used in .htaccess files and
52 directory-specific entries.
54 AuthMySQL_DefaultPassword <password>
55 Specifies the password user together with the above user.
57 AuthMySQL_Password <password>
58 Synonym for AuthMySQL_Password, to be used in .htaccess files and
59 directory-specific entries.
61 Auth_MySQL_General_DB <database_name>
62 Server-wide, specifies a default database name to use.
64 Auth_MySQL_DB <database_name>
65 Synonym for Auth_MySQL_General_DB, to be used in .htaccess files and
66 directory-specific entries.
68 AuthMySQL_DefaultDB <database_name>
69 Synonym for Auth_MySQL_General_DB.
71 AuthMySQL_DB <database_name>
72 Synonym for Auth_MySQL_General_DB, to be used in .htaccess files and
73 directory-specific entries.
76 Describes the data you're guarding.
79 The authentication process used in the transaction. Stick with
80 Basic, no others work at present.
82 require <type> <identifier(s)>
83 Specify what is considered a valid authentication. <type> can be
84 either user, group, or valid-user. valid-user is the simplest -
85 anyone who gets the username and password right gets in. Otherwise,
86 the user must either have a username in the space-separated list of
87 identifiers (if using user) or must be a member of a group in the
88 list of identifiers (if user group).
90 Multiple require statements are allowed; if multiple require
91 statements are present in a configuration, then the user will be
92 considered authenticated if they can satisfy any of the require
95 Auth_MySQL_Password_Table <password_table_name>
96 The name of the MySQL table in the specified database which stores
97 username:password pairs. By default, it is 'mysql_auth'.
99 AuthMySQL_Password_Table <password_table_name>
100 Synonym for Auth_MySQL_Password_Table.
102 Auth_MySQL_Group_Table <group_table_name>
103 As per ...Password_Table above, stores username:group pairs.
104 Normally you'll store username:password:group triplets in the one
105 table, but we are nothing if not flexible. Defaults to
108 AuthMySQL_Group_Table <group_table_name>
109 Synonym for Auth_MySQL_Group_Table.
111 Auth_MySQL_Username_Field <username_field_name>
112 The name of the field which stores usernames. Defaults to
113 'username'. The username/password combo specified in Auth_MySQL_Info
114 must have select privileges to this field in the Password and Group
117 AuthMySQL_Username_Field <username_field_name>
118 Synonym for Auth_MySQL_Username_Field.
120 Auth_MySQL_Password_Field <password_field_name>
121 As per ...Username_Field above, but for passwords. Same MySQL
122 access privileges. Defaults to 'password'.
124 AuthMySQL_Password_Field <password_field_name>
125 Synonym for Auth_MySQL_Password_Field.
127 Auth_MySQL_Group_Field <group_field_name>
128 As per ...Username_Field above. Defaults to 'groups'. The query
129 will use FIND_IN_SET(<group_name>,<group_field_name>).
131 AuthMySQL_Group_Field <group_field_name>
132 Synonym for Auth_MySQL_Group_Field.
134 Auth_MySQL_Group_User_Field <field_name>
135 The name of the field in the groups table which stores the username.
136 Defaults to the field name specified for usernames in the passwords
139 AuthMySQL_Group_User_Field <field_name>
140 Synonym for Auth_MySQL_Group_User_Field.
142 Auth_MySQL_Password_Clause <SQL fragment>
143 Adds arbitrary clause to username:password matching query, for example:
144 " AND Allowed=1". Clause has to start with space. Default is empty.
146 Auth_MySQL_Group_Clause <SQL fragment>
147 Adds arbitrary clause to username:group matching query, for example:
148 " AND Allowed=1". Clause has to start with space. Default is empty.
150 Auth_MySQL_Empty_Passwords <on/off>
151 Whether or not to allow empty passwords. If the password field is
152 empty (equals to '') and this option is 'on', users would be able to
153 access the page by just specifying their username WITHOUT ANY
154 PASSWORD CHECKING. If this is 'off', they would be denied access.
157 AuthMySQL_Empty_Passwords <on/off>
158 Synonym for Auth_MySQL_Empty_Passwords.
160 Auth_MySQL_Encryption_Types <type_list>
162 Select which types of encryption to check, and in which order to
163 check them. It overrides the legacy Auth_MySQL_Scrambled_Passwords
164 and Auth_MySQL_Encrypted_Passwords directives. Multiple encryption
165 types may be specified, to instruct the module to check each
166 password in multiple encryption schemes - a useful feature for
167 legacy transitions. For example:
169 Auth_MySQL_Encryption_Types Plaintext Crypt_DES
171 Would instruct the module to do a direct comparison of the entered
172 password with the contents of the password field, and if that fails,
173 to do a DES crypt() check, a la Unix password handling.
175 The available encryption types supported at this time are:
178 Pretty self-explanatory. Not recommended.
181 Check the password via the standard Unix crypt() call, using
185 Check the password via the standard Unix crypt() call, using
189 Check the password via the standard Unix crypt() call,
190 without preference for the hashing scheme employed. This is
191 the generally preferred means of checking crypt()ed
192 passwords, because it allows you to use other schemes which
193 may be available on your system, such as blowfish.
196 Compares with an MD5 hash, encoded in the way that PHP and
197 MySQL handle MD5 hashes - 32 character hex code, with
201 Compares with a SHA1 hash, encoded the way that MySQL, PHP,
202 and the sha1sum command produce their output (a 40 character
203 lowercase hex representation).
206 The hashing scheme used by the MySQL PASSWORD() function.
208 AuthMySQL_Encryption_Types <type_list>
209 Synonym for Auth_MySQL_Encryption_Types.
211 Auth_MySQL_Encrypted_Passwords <on/off> (DEPRECATED)
212 Equivalent to: Auth_MySQL_Encryption_Types Crypt_DES
213 Only used if ...Encryption_Types is not set. Defaults to 'on'. If
214 both this option and ...Scrambled_Passwords are 'off' and
215 ...Encryption_Types is not set, passwords are expected to be in
218 AuthMySQL_Encrypted_Passwords <on/off> (DEPRECATED)
219 Synonym for Auth_MySQL_Encrypted_Passwords.
221 Auth_MySQL_Scrambled_Passwords <on/off> (DEPRECATED)
222 Equivalent to: Auth_MySQL_Encryption_Types MySQL
223 The same restrictions apply to this directive as to
224 ...Encrypted_Passwords.
226 AuthMySQL_Scrambled_Passwords <on/off> (DEPRECATED)
227 Synonym for Auth_MySQL_Scrambled_Passwords.
229 Auth_MySQL_Authoritative <on/off>
230 Whether or not to use other authentication schemes if the user is
231 successfully authenticated. That is, if the user passes the MySQL
232 authentication, they may still be rejected by a later module if this
233 option is set 'off'. The default is 'on' (i.e. if the user passes
234 the MySQL module, they're considered OK).
236 AuthMySQL_Authoritative <on/off>
237 Synonym for Auth_MySQL_Authoritative.
239 Auth_MySQL_Non_Persistent <on/off>
240 If set to 'on', the link to the MySQL server is explicitly closed
241 after each authentication request. Note that I can't think of any
242 possible good reason to do this, unless your platform makes MySQL go
243 crazy when it has plenty of simultaneous threads (bad handling of
244 file descriptors may cause that). In my opinion, one should
245 increase the maximum number of simultaneous threads in MySQL and
246 keep this option off. Default: off, and for good reason.
248 AuthMySQL_Persistent <on/off>
249 An antonym for Auth_MySQL_Non_Persistent.
251 AuthMySQL_AllowOverride <on/off>
252 Whether or not .htaccess files are allowed to use their own
253 Host/User/Password/DB specifications. If set to 'off', then the
254 defaults specified in the httpd.conf cannot be overridden.
257 Whether or not to enable MySQL authentication. If it's off, the
258 MySQL authentication will simply pass authentication off to other
262 Synonym for Auth_MYSQL.