File: README

package info (click to toggle)
libapache-mod-auth-mysql 3.2-1
  • links: PTS
  • area: main
  • in suites: woody
  • size: 76 kB
  • ctags: 79
  • sloc: ansic: 567; makefile: 51
file content (195 lines) | stat: -rw-r--r-- 9,000 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
 
Apache authentication module for MySQL v3.2
============================================

Maintainer:		J. R. Westmoreland <jr@jrw.org>


What's New?
-----------

The following changes were done between v2.20 and v3.2.
The ability to use MD5 passwords has been added.
Also, a new Makefile that works with apache as a DSO was added.
Finally, a number of clean-ups have been done.

There were quite a few fixes and changes that warranted jumping from 2.11
to 2.20.  First, there were a couple of bugs that were fixed - namely,
with users who belonged to more than one group, and with with the
scrambled/encrypted passwords directives.

Apart from those fixes, two new directives that correspond to two new
functionalities were added.  First, it is now possible to instruct the module
to disconnect from the SQL server after every authentication request.  It is
still not possible to authenticate using more than one SQL server host, but
it is possible to prevent all of the SQL links from staying alive all the time.
Note that as far as I see it, there's no reason to use this option, and there
are reasons against it - but still, it seemed to bother some people, so I
added it.
Second - the code now has a fairly general encryption scheme support.  Right
now, only the three original encryption types are supported (no encryption,
DES crypt and MySQL's encryption), but it's now extremely easy and general
to add support for new encryption types.  Also, it's now possible to instruct
the module to try more than one encryption method in each authentication job.
E.g., you may want to allow both plaintext and crypt passwords in the database.

As far as downwards incompatible changes are concerned - there's one major
downwards incompatible change, which is a total renaming of the directives.
The 2.0x and 2.1x directive names were based on the original mod_auth_msql
directive names, and were extremely inconsistent and messed up in my opinion.
A very simple script is bundled with this distribution, that converts any of
your old .htaccess files to use the new directive names.  This script requires
the 'replace' utility, that is bundled with MySQL.  The script name is
'update_htaccess_files.sh', and will convert any .htaccess files under the
current directory and its subdirectories.  If your Apache per-directory
configuration file name isn't '.htaccess', edit this script and change
the name accordingly.

Last but not least, the package now comes with a configure script that allows
you to set your MySQL installation directory, as well as your Apache
installation directory.  It also supports the easy to use Apache 1.3.x module
configuration, even though it's still 100% Apache 1.2.x compatible.  Thanks
goes to Rasmus Lerdorf for helping me on this one.


General
-------

This module is originally based on the MySQL-patched mod_auth_msql.c, but the
truth is, very little (if any) remains from the previous
mod_auth_msql.c/mod_auth_mysql.c.  Since MySQL can handle lots of simultaneous
connections easily (unlike mSQL), I've more or less rebuilt the module from
the bottom up to keep the SQL link alive in between hits.  I've also cleaned
up the code (mostly be deleting it and writing it in another way), dumped the
large static query buffers in favour of pool-allocated memory, and possibly
some other stuff.


Who shouldn't use it
--------------------

Somebody who uses more than one MySQL *server* to authenticate users, from
within the same apache process.  This isn't possible right now, and as far as
I'm concerned, wouldn't be possible in the near future (one SQL link per httpd
is how it works now).


Who should use it
-----------------

Everybody else, and especially on a busy site.


Installation notes
------------------

Run the configure script, and then make, and follow the instructions.
The configure script defaults to look for MySQL in /usr/local,
and for Apache in /usr/local/etc/httpd.  If you have a different
setup, you can override these defaults using --with-mysql-dir
and --with-apache=dir, respectively.  For example:

./configure --with-mysql=/usr/local/mysql --with-apache=/usr/local/apache

Note that you must have MySQL installed prior to installing mod_auth_mysql.
You can obtain MySQL from http://www.tcx.se.


How do I use it?
----------------

Read the 'USAGE' file supplied with this package,
or take a look at http://bourbon.netvision.net.il/mod_auth_mysql/


Revision history
---------------

v3.2 - Added ability to use MD5 crypted passwords.       
       Replaced Makefile with a Makefile that makes a DSO module for apache.
       Removed the update_htaccess_files.sh script.
       Removed the autoconfig info since it didn't work.  Will add it back later.

v2.20 - A user that was a member of more than one group couldn't be
        authenticated using group authentication.  Fixed. 
        (thanks to Jonathan Roy for reporting that bug).
      - Turning scrambled passwords on and then encrypted passwords off, or
        turning encrypted passwords on and then scrambled passwords off,
        would result in both scrambled and encrypted passwords being off.
        Fixed.
      - Changed all directive names to be nicer and more consistent.  See the
        USAGE file for specific information.
      - Added Auth_MySQL_Encryption_Types directive to allow for nicer setting
        of which encryption types to use, and multiple encryption types.
      - Added Auth_MySQL_Non_Persistent directive to allow non-persistent
        links to the MySQL server.
      - ONLY_ONCE is no longer supported.  This was a compile-time macro that
        wasn't even documented, and made no much sense anyway.  The
        user:password SQL table should really have one row per user, and the
        username should most probably be a primary or otherwise unique key.
      - The module should now be possible to compile on platform that does
        not have the crypt() function.  The Crypt_DES encryption type
        will not be available.
v2.11 - Fixed a bug in the scrambled password implementation.  It probably had
        no symptoms whatsoever with just about any C compiler in existence,
        but still, from a pure C-language-definition point of view, it was
        incorrect.  Thanks for Marschall Peter for pointing that out.
      - Fixed a small typo in the string escaping routine, which caused it
        never to work right.  I guess nobody uses strings that need to be
        escaped anywhere :)  Thanks to Brent Metz for noticing that.
v2.10 - Added the necessary include file to make Apache 1.3b6 happy
      - Added some information to the USAGE file, loosely describing how to
        go about implementing multiple groups for a single user.
v2.09 - Made the full error message of the MySQL server appear in case of a
        failed connect
      - Added Auth_MYSQL on/off directive, so that it'll be easily possible
        to turn the MySQL authentication on/off serverwide or for a specific
        directory.
      - Fixed the groups authentication code so that it'll work with one
        query and multiple groups.  For good this time :)
      - Some code cleanups
v2.08 - Fixed a checking for NULL password fields (won't work, but won't
        crash either)
      - Fixed logic and possible crashes with the new scrambled password
        initialization routines
      - Optimized a couple of routines
      - Changed the query that is used to check user groups - users that belong
        to multiple groups should have multiple rows in the groups table
v2.07 - Fixed a bug in the escaping routine - strings that required escaping
        were not properly detected (thanks to Marschall Peter for noticing
        the bug!)
      - Added Auth_MYSQL_ScrambledPassword - boolean flag to instruct the
        module to assume that passwords are scrambled using MySQL's password()
        function (by Marschall Peter <Peter.Marschall@gedos.de>).
v2.06 - Rearranged some code to allow for a successful apache 1.3beta
        compilation.
        Please note that this is *untested*, I only got it to compile, I haven't
        actually tried to run apache 1.3.
v2.05 - Change the check for 'mysql server has gone away' to be case insenitive
v2.04 - Added USAGE file that explains how to use this module thoroughly
v2.03 - Added compilation information :)
v2.02 - Changed version number from 1.x to 2.x, so that people know that this is
        really newer than mod_auth_mysql v1.4 :)
        Added a tiny note at the top of the source file.
v1.02 - Fixed a bug in the groups code
v1.01 - Fixed a segmentation fault bug in case of aborted hits
v1.00 - Initial, unversioned release.


Disclaimer
----------

This comes with no warranty of any kind whatsoever, including but not limited to everything you can think of,
and everything your lawyers can think of.



Bugs
----

If you found a bug in this mod_auth_mysql ("it works for me"), please let me know.


Author
------

Email:  J. R. Westmoreland <jr@jrw.org>