Configuring authentication and authorization in Apache2 with MySQL
https://stackoverflow.com/questions/3962815
-
09-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am trying to configure Apache2 so I can use MySQL for authenticating users to access certain pages. Also authorization needs to work so different groups can reach differen pages.
Now, I have googled a lot but can't find out how to do this. At least not for the configuration I am having. There doesn't seem to be any version of mod_auth_mysql that supports my configuration.
OSX 10.6.4
Apache 2.2
Now, how do I achieve this not creating my own login-application in php but using the built in support of Apache2? I'm totally stuck on this one...
Thanks in advance!
Regards, Niklas
Solution
I also would like to use a taylormade login page, not pop-up
....
how do I achieve this not creating my own login-application in php but using the built in support of Apache2
Short answer is that you can't. Unless you rewrite the Apache source code or create your own module, you can't mix HTTP based authentication with non-pop-up login prompts.
However if you are using PHP then a relatively low impact solution would be to use auto-prepend to prefix every protected page with a check on the users session. Obviously this would need a bit more thought if it is to be applied to files other than PHP source files (it'll work perfectly well if you tell Apache to apply the php engine to, say .gif files, but your script will need to detect and return the appropriate mime type).
A simpler solution might be to put a tool like squid in front of the webserver as a reverse proxy, then make the session handling data available to the squid url-rewriter.
OTHER TIPS
You can build mod_auth_mysql from the source. Have a look at this post.
I you want your own log-in page, you cannot use Apache to do authentication.
Apache authentication uses the Authentication portion of the HTTP standard, and as a result you're reliant on the browser to handle the interaction with the user. There are plugins (like mod_auth_mysql) to use a database as the backend for this, but Apache can't ask the user for their credentials any other way.
The fastest approach might well be to set up Drupal or Joomla, which will get you user and group management as well as full content editing, in a way that will let you control who can edit what.
