Apache Basic Authentication: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
Line 40: Line 40:
   # mod_authn_dbd SQL
   # mod_authn_dbd SQL
   AuthDBDUserPWQuery \
   AuthDBDUserPWQuery \
     "SELECT password FROM authn WHERE user = %s AND login = 'true'"
     "SELECT u.user_pass FROM m00te00x00 u LEFT JOIN m00tj00x00 a on u.user_code = a.user_code LEFT JOIN m00ts00x00 g on a.group_code = g.group_code WHERE u.user_name = %s AND u.is_signin = 1 AND u.is_active = 1 AND u.is_locked = 0 AND u.user_expired > trunc(sysdate) AND u.pass_expired > trunc(sysdate)"


   # mod_authz_core configuration
   # mod_authz_core configuration
Line 46: Line 46:


   # mod_authz_dbd configuration
   # mod_authz_dbd configuration
   AuthzDBDQuery "SELECT group FROM authz WHERE user = %s"
   AuthzDBDQuery \
    "SELECT g.group_name FROM m00te00x00 u LEFT JOIN m00tj00x00 a ON u.user_code = a.user_code LEFT JOIN m00ts00x00 g ON a.group_code = g.group_code WHERE u.user_name = %s AND u.is_signin = 1 AND u.is_active = 1 AND u.is_locked = 0 AND u.user_expired > trunc(sysdate) AND u.pass_expired > trunc(sysdate) AND a.is_active = 1 AND g.is_active = 1"


   # when a user fails to be authenticated or authorized,
   # when a user fails to be authenticated or authorized,
Line 54: Line 55:


   <Files "login.html">
   <Files "login.html">
     AuthDBDUserPWQuery "SELECT password FROM authn WHERE user = %s"
     AuthDBDUserPWQuery \
        "SELECT u.user_pass FROM m00te00x00 u LEFT JOIN m00tj00x00 a on u.user_code = a.user_code LEFT JOIN m00ts00x00 g on a.group_code = g.group_code WHERE u.user_name = %s AND u.is_signin = 1 AND u.is_active = 1 AND u.is_locked = 0 AND u.user_expired > trunc(sysdate) AND u.pass_expired > trunc(sysdate)"


     Require dbd-login
     Require dbd-login
     AuthzDBDQuery "UPDATE authn SET login = 'true' WHERE user = %s"
     AuthzDBDQuery \
        "UPDATE m00te00x00 SET is_signin = 1 WHERE user_name = %s"
     AuthzDBDLoginToReferer On
     AuthzDBDLoginToReferer On
   </Files>
   </Files>
Line 63: Line 66:
   <Files "logout.html">
   <Files "logout.html">
     Require dbd-logout
     Require dbd-logout
     AuthzDBDQuery "UPDATE authn SET login = 'false' WHERE user = %s"
     AuthzDBDQuery \
        "UPDATE m00te00x00 SET is_signin = 0 WHERE user_name = %s"
   </Files>
   </Files>
</Directory>
</Directory>

Revision as of 20:38, 30 January 2020

Install

apt -y install mariadb-server mariadb-client
apt install libaprutil1-dbd-mysql

a2enmod dbd
a2enmod authn_dbd
a2enmod authz_dbd
authn_socache

systemctl restart mysql
update-rc.d mysql enable

systemctl restart apache2
update-rc.d apache2enable

Config

# mod_dbd configuration
DBDriver mysql
DBDParams "dbname=apache_auth user=apache pass=password"

DBDMin  4
DBDKeep 8
DBDMax  20
DBDExptime 300

<Directory "/var/chorke/www/dev.chorke.org/soft/">
  AuthType Basic
  AuthName Team
  AuthBasicProvider dbd

  # mod_authn_dbd SQL
  AuthDBDUserPWQuery \
    "SELECT u.user_pass FROM m00te00x00 u LEFT JOIN m00tj00x00 a on u.user_code = a.user_code LEFT JOIN m00ts00x00 g on a.group_code = g.group_code WHERE u.user_name = %s AND u.is_signin = 1 AND u.is_active = 1 AND u.is_locked = 0 AND u.user_expired > trunc(sysdate) AND u.pass_expired > trunc(sysdate)"

  # mod_authz_core configuration
  Require dbd-group team

  # mod_authz_dbd configuration
  AuthzDBDQuery \
    "SELECT g.group_name FROM m00te00x00 u LEFT JOIN m00tj00x00 a ON u.user_code = a.user_code LEFT JOIN m00ts00x00 g ON a.group_code = g.group_code WHERE u.user_name = %s AND u.is_signin = 1 AND u.is_active = 1 AND u.is_locked = 0 AND u.user_expired > trunc(sysdate) AND u.pass_expired > trunc(sysdate) AND a.is_active = 1 AND g.is_active = 1"

  # when a user fails to be authenticated or authorized,
  # invite them to login; this page should provide a link
  # to /team-private/login.html
  ErrorDocument 401 "/login-info.html"

  <Files "login.html">
    AuthDBDUserPWQuery \
        "SELECT u.user_pass FROM m00te00x00 u LEFT JOIN m00tj00x00 a on u.user_code = a.user_code LEFT JOIN m00ts00x00 g on a.group_code = g.group_code WHERE u.user_name = %s AND u.is_signin = 1 AND u.is_active = 1 AND u.is_locked = 0 AND u.user_expired > trunc(sysdate) AND u.pass_expired > trunc(sysdate)"

    Require dbd-login
    AuthzDBDQuery \
        "UPDATE m00te00x00 SET is_signin = 1 WHERE user_name = %s"
    AuthzDBDLoginToReferer On
  </Files>

  <Files "logout.html">
    Require dbd-logout
    AuthzDBDQuery \
        "UPDATE m00te00x00 SET is_signin = 0 WHERE user_name = %s"
  </Files>
</Directory>

References

Retrieved from "https://cdn.chorke.org/weke/index.php?title=Apache_Basic_Authentication&oldid=2422"