Install a MySQL authentication module for Apache

Oct 06, '04 09:00:00AM

Contributed by: XJ0

After much trying to work out how to protect a directory with PHP so that full URLs couldn't access any of the static images, I finally found a mod for Apache (mod_auth_mysql) that allows authentication against mySQL. While this means that I end up not using the nice PHP form I had created, it does secure the files. This is my first attempt at a how-to, so be gentle. Hope it helps.

How to set up OS X 10.3.5 Apache (built in) and mySQL for authentication via mod_auth_mysql. Why? Because I like gross overkill.

Firstly you will need to install mySQL if you haven't already. I recommend getting the OS X binary from this page at mysql.com. It's version 4.0.21 at the time of writing. Many tutorials online tell you how to install mySQL for OS X. Most of them tell you to set up a user called mysql in your netinfo. This is not necessary, as it is already there. Install the package and follow the Readme to setup your root password. Install the MySQLStartupItem.pkg as well.

Now we test to see if it is working. Type the following in the Terminal:

$ alias mysql=/usr/local/mysql/bin/mysql
$ alias mysqladmin=/usr/local/mysql/bin/mysqladmin

$ mysqladmin -u root password root_password
$ mysql -u root -p
Enter Password:
MySQL should load at this point. This is a good time to create your database for user login:
mysql>CREATE DATABASE users;
mysql> USE users;

CREATE TABLE user_info (
  user_name CHAR(30) NOT NULL,
  user_passwd CHAR(20) NOT NULL,
    [ any other fields if needed ]
  PRIMARY KEY (user)
)

mysql>quit
YAY! Note : I suggest using phpMyAdmin to manage your database and populate it with data. [Download 2.6.0-pl1]

Once that is up and running, download the mod_auth_mysql package from sourceforge; the current version iis 2.6.0 at time of writing. Extract the archive and compile the package. The Readme that comes with the package tells you how to do this. Unfortunately, the apxs command in the Readme is incorrect. use these two lines instead:

$ apxs -c -D lmysqlclient -lm -lz -I/usr/local/mysql/include/ \
-L/usr/local/mysql/lib/  mod_auth_mysql.c
$ apxs -i mod_auth_mysql.so
Now you need to edit you httpd.conf to use the new mod. Open /etc/httpd/httpd.conf in your favorite editor. Note the editor must be run as sudo if you hope to save the file in its original location --i.e.: sudo vi httpd.conf. The Readme for mod_auth_mysql gives the standard Apache install tree for adding this mod to your config file. OS X has a slightly different tree for apache, so insert the following lines in the appropriate places instead of the original Readme lines:
LoadModule mysql_auth_module libexec/httpd/mod_auth_mysql.so

AddModule mod_auth_mysql.c
I used per-directory in the httpd.confinstead of .htaccess files, but both are usable. The mod_auth_mysql Readme gives a complete list of all the options available. While the Readme states that the mod assumes a particular table format in your database, I had to declare each field anyway:
<Directory "/dir/you/want/to/protect/">
 AuthName "SOME_THING_HERE"
 AuthType Basic
 AuthGroupFile /dev/null
 AuthMySQLEnable On
 AuthMySQLHost localhost
 AuthMySQLDB users
 AuthMySQLUserTable user_info
 AuthMySQLUser <user>
 AuthMySQLPassword <password>
 AuthMySQLPasswordField user_passwd
 AuthMySQLPwEncryption none
 AuthMySQLSaltField none
 AuthMySQLNoPasswd Off
 AuthMySQLAuthoritative On
 require valid-user
</Directory>
This config uses the following table in the database "users":
CREATE TABLE user_info (
  user_name CHAR(30) NOT NULL,
  user_passwd CHAR(20) NOT NULL,
    [ any other fields if needed ]
  PRIMARY KEY (user)
)
Save your file and check it with apachectl configtest; if that works out, then restart your server by typing sudo apachectl restart.

That should be it. Enjoy!

Comments (9)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20040929231757869