1 OK, so it's compiled cleanly and now it's time to use it. You've come to
4 Creating the necessary SQL information
5 --------------------------------------
7 At the very least, you need a table in your database which has a list of
8 usernames and their corresponding passwords. Having a field listing the
9 group users belong to, or a separate table for that, is useful too, but you
10 need usernames and passwords as a minimum.
14 create table mysql_auth (
15 username char(25) not null,
18 primary key (username)
21 This would work quite well. Remember that the passwd field needs to be long
22 enough to store the entire password string -- for example, if you are using
23 MD5 passwords, passwd needs to be 32 characters long, and if you are using
24 SHA1 it must be 40 characters long.
26 NOTE 1: You don't have to use a new table for the purpose of storing
27 usernames and passwords; I quite happily use a 'members' table (with all
28 sorts of other interesting information in it) with mod-auth-mysql.
30 NOTE 2: The names given above are merely the defaults for the module. They
31 can all be overridden if you have different names for your fields (eg
32 password instead of passwd).
34 Once your table(s) is/are created, you need to put the data in as
38 Telling Apache to protect the website
39 -------------------------------------
41 First up, tell the module where it should be getting it's info from:
43 Auth_MySQL_Info <host> <user> <password>
47 AuthMySQL_DefaultHost <host>
48 AuthMySQL_DefaultUser <user>
49 AuthMySQL_DefaultPassword <password>
51 This should be placed globally.
53 If you're going to use the same database all over your web server, you can
56 Auth_MySQL_General_DB <database>
58 to set that. This setting can be overridden in .htaccess files if
59 AuthMySQL_AllowOverride is set.
61 On that topic, if you want .htaccess files to be restricted in what they're
62 able to connect to database-wise, you can
64 AuthMySQL_AllowOverride no
66 and the host, user, password, and database name cannot be changed.
68 Create a .htaccess file in the directory you want to protect (or put the
69 directives inside a Directory section in httpd.conf) with something like the
72 AuthName "My Company's Financial Information - Top Secret"
76 This will allow any user who can supply a username and password access.
78 If you replace the require line with
80 require user bill fred jane
82 then only users who can successfully authenticate as bill, fred, or jane
83 will be allowed access. Or, if you set the require line to
85 require group executives
87 then only users who are a part of the executives group will be allowed
88 access to the documents in that directory.
90 A special note: multiple require lines are logically OR'd -- if the user's
91 details match *any* of the require lines supplied, the user will be
92 considered authenticated. For example,
95 require group executives
97 means that if the user is jane or joe, or the user is in the executives
98 group, they will be let in. Neither jane nor joe have to be in the
104 There is also the slight matter of how the passwords are stored in the
105 database. Several different methods are available:
110 Crypt (basically Crypt_DES and Crypt_MD5, plus any other schemes your local
111 crypt() call implements)
112 PHP_MD5 (MD5 hashes, encoded the way PHP and MySQL both do it)
113 SHA1Sum (SHA1 hashes, encoded as a 40 character lowercase hex string)
114 MySQL (the hashing scheme used by the MySQL PASSWORD() function)
116 You should list all of the available ways your passwords can be encoded in
117 the Auth_MySQL_Encryption_Types config item. By default, only Crypt_DES is
118 enabled. A common example, if you're using a PHP script to manage
121 Auth_MySQL_Encryption_Types PHP_MD5 Crypt
123 Note that adding more types to be checked slows down authentication, and
124 allowing the Plaintext type means that any hashed passwords stored in the DB
125 become plaintext equivalents.
127 The full set of directives available are now listed in the file DIRECTIVES,