Ubuntu Apache/MySQL Auth

Most of the documentation for getting apache’s mod-auth-mysql modules to work under ubuntu are painfully short of at least a couple of configuration lines, so here’s my attempt to be helpful to others that have trouble with this.

First, you have to install the module :
sudo apt-get install libapache2-mod-auth-mysql
And then enable it :
sudo a2enmod auth_mysql

The auth configuration can go in .htaccess files, in the main apache config, or wherever. Regardless of where it will live, it will look the same. In the example I’m going to show, I’m putting it inside a Location directive, which is inside a VirtualHost block.

In the example below, I’m assuming that the database holding my user info is on authdb.geekprotem.com, is named ‘htaccess’ with a user/pass of htaccess/secretpassword. Furthermore, I’m assuming all the data will be in a single table named ‘htusers’ with the columns of ‘username’, ‘password’, and ‘groups’, all meaning what you’d assume they mean.

<Location />
AuthName "This area be protected, yo"
AuthType Basic
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthBasicAuthoritative Off

Auth_MySQL on
Auth_MySQL_Authoritative on
Auth_MySQL_DB htaccess
Auth_MySQL_Host authdb.geekprotem.com
Auth_MySQL_Username htaccess
Auth_MySQL_Password secretpassword
Auth_MySQL_Password_Table htusers
Auth_MySQL_Username_Field username
Auth_MySQL_Password_Field password
Auth_MySQL_Group_Table htusers
Auth_MySQL_Group_Field groups
Auth_MySQL_Empty_Passwords off
Auth_MySQL_Encryption_Types Plaintext

require group all fancypants
require valid-user

That code will allow anyone in the ‘fancypants’ or ‘all’ groups to access the site’s ‘/’ location. I’m also using plaintext to store the passwords, which is a pretty terrible idea, but makes testing and initial configuration much easier. When you feel like it, you can change the encryption type to something safer, as long as you update the database to have the encrypted passwords. You can’t also split up the database into multiple tables for better management if you need it.

If you have a configuration that already looks like this, but isn’t working, pay special attention to the ‘AuthUserFile’ and ‘AuthBasicAuthoritative’ directives. Those are the ones that need to be explicitly set the way shown, and are also the ones that aren’t always present in the configs available on the interwebs. I know that those are two options I usually forget.

Another note : if you are using this to give access to users for things like DAV or management tools like PHPMyAdmin, then make sure you don’t put it in the .htaccess file as the user will likely be able to at least read that file. I prefer to have this kind of thing in the virtual host configuration file for the site, but maybe that’s just me.

Ubuntu Apache/MySQL Auth

Leave a Reply