Dan Dan - 2 months ago 11
Apache Configuration Question

Get additional fields in environment variable from Apache mod_authn_dbd

In the documentation of apache 2.4 is mentioned, that it is possible to get additional columns from the db table when using mod_authn_dbd for authentication:


If httpd was built against APR version 1.3.0 or higher, any additional column values in the first row returned by the query statement will be stored as environment variables with names of the form AUTHENTICATE_COLUMN.


But e.g. the output of "phpinfo" doesn't show additional environment variables.

We use


openSUSE - 13.2 (x86_64)

apache2 - 2.4.10-28.1

libapr-util1-dbd-mysql


MySQL-Table:

CREATE TABLE IF NOT EXISTS `USERS` (
`USER` varchar(20) NOT NULL,
`PASSWORD` varchar(150) NOT NULL,
`KUNDE` varchar(20) NOT NULL,
`TIMESTAMP` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
`REMOTE_IP` varchar(15) NOT NULL,
`CLIENT_IP` varchar(15) NOT NULL,
PRIMARY KEY (`USER`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;


Apache configuration:

# mod_dbd configuration
DBDriver mysql
DBDParams "host=127.0.0.1 dbname=Auth port=3306 user=Auth pass=XXXXXXXX"
DBDMin 2
DBDKeep 4
DBDMax 10
DBDExptime 60

Alias /test2/ "/path/test2/"
<Directory "/path/test2/">
Options Indexes
AllowOverride All
require ip 192.168.xxx.0/24 10.xxx.xxx.0/24
</Directory>

<Directory "/path/test2/secure">
AuthType Basic
AuthName "Test"
AuthBasicProvider socache dbd
AuthnCacheProvideFor dbd
AuthnCacheContext Test
AuthnCacheTimeout 60
AuthDBDUserPWQuery "SELECT PASSWORD FROM USERS WHERE USER = %s"
</Directory>


Maybe someone could help and knows how to use it.

Thanks.

Answer

Maybe because you don't have any other columns in your query? Try for example

AuthDBDUserPWQuery "SELECT KUNDE, PASSWORD FROM USERS WHERE USER = %s"

Please also note that this approach isn't really secure because you appear to be storing plain text passwords.

Comments