Apache Basic Authentication: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
Line 231: Line 231:
* [https://httpd.apache.org/docs/2.4/mod/mod_authn_dbd.html User authentication using an SQL database]
* [https://httpd.apache.org/docs/2.4/mod/mod_authn_dbd.html User authentication using an SQL database]
* [https://httpd.apache.org/docs/2.4/mod/mod_authz_dbd.html Group Authorization and Login using SQL]
* [https://httpd.apache.org/docs/2.4/mod/mod_authz_dbd.html Group Authorization and Login using SQL]
* [https://httpd.apache.org/docs/2.4/misc/password_encryptions.html DBD Password Encryptions Format]
* [https://httpd.apache.org/docs/2.4/mod/mod_dbd.html#dbdparams User authentication DBD Params]
* [https://httpd.apache.org/docs/2.4/mod/mod_dbd.html#dbdparams User authentication DBD Params]
* [https://www.howtoforge.com/tutorial/password-protect-directories-with-mod_authn_dbd-mysql-on-apache-debian-jessie Apache 2 Basic Authentication]
* [https://www.howtoforge.com/tutorial/password-protect-directories-with-mod_authn_dbd-mysql-on-apache-debian-jessie Apache 2 Basic Authentication]

Revision as of 03:56, 17 January 2021

Install

apt -y install mariadb-server mariadb-client
apt install libaprutil1-dbd-mysql

a2enmod dbd
a2enmod authn_dbd
a2enmod authz_dbd
a2enmod authn_socache

systemctl restart mysql
update-rc.d mysql enable

systemctl restart apache2
update-rc.d apache2 enable

Config

# mod_dbd configuration
DBDriver mysql
DBDParams "dbname=apache_auth_dbms user=apache pass=password"
#DBDParams "host=localhost,user=apache,pass=password,dbname=apache_auth_dbms"

DBDMin  4
DBDKeep 8
DBDMax  20
DBDExptime 300

<Directory "/var/chorke/www/dev.chorke.org/soft/">
  AuthType Basic
  AuthName Team
  AuthBasicProvider dbd

  # mod_authn_dbd SQL
  AuthDBDUserPWQuery \
    "SELECT u.user_pass FROM m00te00x00 u WHERE u.user_name = %s AND u.is_signin = 1 AND u.is_active = 1 AND u.is_locked = 0 AND u.user_expired > trunc(sysdate) AND u.pass_expired > trunc(sysdate)"

  # mod_authz_core configuration
  Require dbd-group team

  # mod_authz_dbd configuration
  AuthzDBDQuery \
    "SELECT g.group_name FROM m00te00x00 u LEFT JOIN m00tj00x00 a ON u.user_code = a.user_code LEFT JOIN m00ts00x00 g ON a.group_code = g.group_code WHERE u.user_name = %s AND u.is_signin = 1 AND u.is_active = 1 AND u.is_locked = 0 AND u.user_expired > trunc(sysdate) AND u.pass_expired > trunc(sysdate) AND a.is_active = 1 AND g.is_active = 1"

  # when a user fails to be authenticated or authorized,
  # invite them to login; this page should provide a link
  # to /team-private/login.html
  ErrorDocument 401 "/login-info.html"

  <Files "login.html">
    AuthDBDUserPWQuery \
        "SELECT u.user_pass FROM m00te00x00 u WHERE u.user_name = %s AND u.is_signin = 1 AND u.is_active = 1 AND u.is_locked = 0 AND u.user_expired > trunc(sysdate) AND u.pass_expired > trunc(sysdate)"

    Require dbd-login
    AuthzDBDQuery \
        "UPDATE m00te00x00 SET is_signin = 1 WHERE user_name = %s"
    AuthzDBDLoginToReferer On
  </Files>

  <Files "logout.html">
    Require dbd-logout
    AuthzDBDQuery \
        "UPDATE m00te00x00 SET is_signin = 0 WHERE user_name = %s"
  </Files>
</Directory>

Query

Oracle

SELECT
    u.user_pass AS "password"
FROM
    m00te00x00 u
WHERE
    u.user_name     = '&user_name'
    AND u.is_signin = 1
    AND u.is_active = 1
    AND u.is_locked = 0
    AND u.user_expired > trunc(sysdate)
    AND u.pass_expired > trunc(sysdate);

-- update sign in
UPDATE m00te00x00
SET
    is_signin = 1
WHERE
    user_name = '&user_name';

--
-- find groups by user
--
SELECT
    g.group_name AS "group"
FROM
    m00te00x00 u
    LEFT JOIN m00tj00x00 a ON u.user_code  = a.user_code
    LEFT JOIN m00ts00x00 g ON a.group_code = g.group_code
WHERE
    u.user_name     = '&user_name'
    AND u.is_signin = 1
    AND u.is_active = 1
    AND u.is_locked = 0
    AND u.user_expired > trunc(sysdate)
    AND u.pass_expired > trunc(sysdate)
    AND a.is_active = 1
    AND g.is_active = 1;

MySQL

SELECT
    u.user_pass  AS "password"
FROM
    m00te00x00 u
WHERE
    u.user_name     = 'user_name'
    AND u.is_signin = 1
    AND u.is_active = 1
    AND u.is_locked = 0
    AND u.user_expired > DATE(SYSDATE())
    AND u.pass_expired > DATE(SYSDATE());

-- update sign in
UPDATE m00te00x00
SET
    is_signin = 1
WHERE
    user_name = 'user_name';

--
-- find groups by user
--
SELECT
    g.group_name AS "group"
FROM
    m00te00x00 u
    LEFT JOIN m00tj00x00 a ON u.user_code  = a.user_code
    LEFT JOIN m00ts00x00 g ON a.group_code = g.group_code
WHERE
    u.user_name     = 'user_name'
    AND u.is_signin = 1
    AND u.is_active = 1
    AND u.is_locked = 0
    AND u.user_expired > DATE(SYSDATE())
    AND u.pass_expired > DATE(SYSDATE())
    AND a.is_active = 1
    AND g.is_active = 1;

PgSQL

SELECT
    u.user_pass  AS "password"
FROM
    m00te00x00 u
WHERE
    u.user_name     = 'user_name'
    AND u.is_signin = 1
    AND u.is_active = 1
    AND u.is_locked = 0
    AND u.user_expired > DATE(NOW())
    AND u.pass_expired > DATE(NOW());

-- update sign in
UPDATE m00te00x00
SET
    is_signin = 1
WHERE
    user_name = 'user_name';

--
-- find groups by user
--
SELECT
    g.group_name AS "group"
FROM
    m00te00x00 u
    LEFT JOIN m00tj00x00 a ON u.user_code  = a.user_code
    LEFT JOIN m00ts00x00 g ON a.group_code = g.group_code
WHERE
    u.user_name     = 'user_name'
    AND u.is_signin = 1
    AND u.is_active = 1
    AND u.is_locked = 0
    AND u.user_expired > DATE(NOW())
    AND u.pass_expired > DATE(NOW())
    AND a.is_active = 1
    AND g.is_active = 1;

MySQL Apache User

CREATE USER 'apache'@'%' IDENTIFIED VIA mysql_native_password USING '***';
GRANT USAGE ON *.* TO 'apache'@'%' REQUIRE NONE WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;
CREATE DATABASE IF NOT EXISTS `apache`;
GRANT ALL PRIVILEGES ON `apache`.* TO 'apache'@'%';

Knowledge

ls -lah /usr/lib/apache2/modules/mod_authn_socache.so

References

Retrieved from "https://cdn.chorke.org/weke/index.php?title=Apache_Basic_Authentication&oldid=4486"