Most of the documentation for getting apache’s mod-auth-mysql modules to work under ubuntu are painfully short of at least a couple of configuration lines, so here’s my attempt to be helpful to others that have trouble with this.
First, you have to install the module :
sudo apt-get install libapache2-mod-auth-mysql
And then enable it :
sudo a2enmod auth_mysql
The auth configuration can go in .htaccess files, in the main apache config, or wherever. Regardless of where it will live, it will look the same. In the example I’m going to show, I’m putting it inside a Location directive, which is inside a VirtualHost block.
In the example below, I’m assuming that the database holding my user info is on authdb.geekprotem.com, is named ‘htaccess’ with a user/pass of htaccess/secretpassword. Furthermore, I’m assuming all the data will be in a single table named ‘htusers’ with the columns of ‘username’, ‘password’, and ‘groups’, all meaning what you’d assume they mean.
AuthName "This area be protected, yo"
require group all fancypants
That code will allow anyone in the ‘fancypants’ or ‘all’ groups to access the site’s ‘/’ location. I’m also using plaintext to store the passwords, which is a pretty terrible idea, but makes testing and initial configuration much easier. When you feel like it, you can change the encryption type to something safer, as long as you update the database to have the encrypted passwords. You can’t also split up the database into multiple tables for better management if you need it.
If you have a configuration that already looks like this, but isn’t working, pay special attention to the ‘AuthUserFile’ and ‘AuthBasicAuthoritative’ directives. Those are the ones that need to be explicitly set the way shown, and are also the ones that aren’t always present in the configs available on the interwebs. I know that those are two options I usually forget.
Another note : if you are using this to give access to users for things like DAV or management tools like PHPMyAdmin, then make sure you don’t put it in the .htaccess file as the user will likely be able to at least read that file. I prefer to have this kind of thing in the virtual host configuration file for the site, but maybe that’s just me.