Article Index
Zone security MySQL with Apache
Installing the module
Configuration and Usage
Configuration Options
Configuration ..

Configuration and Usage

Once you have your database tables ready and modules installed, all that remains is to tell Apache what needs to be protected. Like standard Apache basic authentication, you'll need to add some configuration directives to either a <Directory> section in httpd.conf, or create a .htaccess file in the directory you choose to protect.

Telling Apache to validate user credentials against your MySQL database would usually involve the following at a minimum:

    AuthName "<zone name>"

     AuthType Basic

     AuthMySQLDB dbname

     AuthMySQLUser userid

     AuthMySQLPassword password

     AuthMySQLEnable On

     require valid-user

The first two lines and the last line of these directives should already be familiar to you. They simply define the name of the protected area, the type of authentication, and that any valid user found in the checked resource is allowed access.

The other lines tell Apache where to find the authentication information. Instead of giving Apache the name of a file that contains the passwords for each valid user, you're supplying database information -- database name, username, and password -- so that Apache and mod_auth_mysql know where to look. The sixth line, AuthMySQLEnable On, simply tells Apache to actually use mod_auth_mysql -- it's a way to disable MySQL authentication without having to completely unload or remove the module.

To use the authentication tables you created earlier, you would add the following in your <Directory>
or .htaccess definitions:

    AuthName "MySQLAuth"

     AuthType Basic

     AuthMySQLDB apacheauth

     AuthMySQLUser apache

     AuthMySQLPassword apachepass

     AuthMySQLEnable On

     AuthMySQLPwEncryption sha1

     require valid-user

Here, you're telling Apache and mod_auth_mysql to authenticate users against your apacheauth  database. Apache will be logging into the database using the apache account you created earlier, and  you're also telling mod_auth_mysql to hash the given password with SHA1, before matching it against  the value in the database.

At this point, you should be able to log into your protected area via a web browser, supply the user  credentials added to the user_info table (testuser:testpass), and be successfully authenticated in the directory.

While this example is rather simplistic and stripped down, mod_auth_mysql actually provides a boatload of configuration options, so you can customize your authentication for nearly any situation. The following sections describe some of the configuration options.