The following configuration directives, with the exception of AuthDBAPI_Driver can be placed in either the main configuration file, httpd.conf, or individual .htaccess files.
Other Required Directives: In order to enable authentication or authorization, Apache also requires other directives to be used, such as 'AuthName', 'AuthType', and 'require'. See the Apache documentation for more information.
This directive is valid only within the main httpd.conf file. This directive dictates which DBAPI backends are available to the Auth DBAPI module.
The directive takes one argument, the name of the module which can be used in a Python import line.
AuthDBAPI_Driver MySQLdb AuthDBAPI_Driver gadfly |
This directive is used to inform Auth DBAPI which backend to use for the current directory (or subdirectories). This is a required directive.
The directive takes one argument, a Python dictionary, indicating the configuration of the database. This is database dependent, and can include things such as passwords, host:port pairs to connect to, database names, etc. Examples of a few popular modules will be given in this section, however for exact options, please consult the documentation for the given DBAPI module. For DBAPI 1.0, this dictionary specifies arguments to the mod.mod constructor. For 2.0, this dictionary specifies arguments to the obj.connect function.
For MySQLdb:
AuthDBAPI_UseDB { 'driver':'MySQLdb', 'user':'dbase', 'passwd':'H0wdy', 'db':'foo'} |
For gadfly:
AuthDBAPI_UseDB { 'driver':'gadfly', 'databasename':'dbase', 'directory':'/dbase'} |
This directive specifies the layout of the database. This includes information about which table to use, which fields specify users, passwords or group information.
The directive takes one argument, a colon seperated string indicating which portions of the database to use for operation. The layout string takes the form: table:namefield:pwordfield:groupfield. The only required fields are the table and namefield fields. The data within the table in the groups field should be a comma separated list of groups that the user is in.
To tell Auth DBAPI to use the table 'foo' with users in the 'myuser' field, and passwords to be in the 'mypassword' field:
AuthDBAPI_DBLayout foo:myuser:mypassword: |
To also authorize with group information in the mygroups field:
AuthDBAPI_DBLayout foo:myuser:mypassword:mygroups |
The passwords stored in a database can take different formats. This routine tells Auth DBAPI which form the passwords take.
The directive takes one argument, either 'none', indicating that the passwords are plaintext, or 'apache', indicating that the password is encrypted by the htpasswd command which comes with Apache.
AuthDBAPI_PasswdFormat apache |
Apache has the ability to load many authentication and authorization modules. This directive tells Auth DBAPI whether or not to raise an error when the user is not found in the database, or to pass the request down to other authentication modules. This directive defaults to being on.
This directive takes one argument, either 'on' or 'off', indicating whether or not to be authoritative for user lookups.
AuthDBAPI_Authoritative on |
A .htaccess file in a directory where the webserver is to authenticate a user against a MySQL database called 'web' containing a table 'users' with their passwords in a field called 'pword' and names in 'name'. The database user is called 'dbase' and the password is 'ch!ck'. The passwords are stored in plain text.
AuthName "Secret pr0n"
AuthType Basic
AuthDBAPI_UseDB { 'driver':'MySQLdb', 'user':'dbase', 'passwd':'ch!ck, 'db':'web}
AuthDBAPI_DBLayout users:name:pword:
AuthDBAPI_PasswdFormat none
require valid-user |