Tuesday, August 4, 2009

Add MySQL Authentication feature to Apache2 on Ubuntu

mod_auth_mysql is said to have served the web community pretty well along the time and most developers, even though not all of them, find it useful and love it. I can see the complaints about this module as the development of Apache server keeps going. In terms of security and management, using MySQL as a permanent store for user accounts is better than using plain text file. As long as the way to carry out web authentication is shifted from traditional pop-up browser window, to Application Server's own session control, it is still valuable to retain such usage for MySQL Authentication. As new version of XAMPP package comes out, the mod_auth_mysql module seems to be missed out. Actually, you need to build one yourself. Of course, I assume you are using Ubuntu.

An article from Europe may help building DSO module ourselves. Just download the right stuff, patch it, build it and install it.

Something else need to be done according to the linked article, mostly likely a little change in .htaccess under the protected directory.

Another article aims at clarifying the usage and configuration of mod_auth_mysql module in .htaccess file. Very useful! I have missed out some parameters mentioned there and couldn't make the authentication work on Ubuntu.

For .htacess, I do have the following comments:

To eliminate any unnecessary complaints from Apache itself, add the following line first:
AuthUserFile /dev/null

However, some articles point out that the following line should be COMMENTED OUT, especially for Apache2.X:
#AuthGroupFile /dev/null

When using mod_auth_mysql, it is a must to tell Apache which MySQL socket be used. Otherwise, you may receive complaint like:
MySQL ERROR: Can't connect to local MySQL server through socket '...'
MySQL user ... not found:...


This problem can be solved by adding the following line:

AuthMySQLSocket "full/path/to/mysql.sock"

This helps Apache finding the right MySQL socket for successful connections.

It seems that we'd better declare everything whether it is default or not. This will help identifying any problem in the configuration.

No comments:

Post a Comment