Sitemap 1l1p

Apache HTTP Server Version 2.4

<-
Apache > HTTP Server > Documentation > Modules

Apache Module mod_authn_dbd 4u3e2i

Available Languages:  fr 

Description: authentication using an SQL database
Status: Extension
Module Identifier: authn_dbd_module
Source File: mod_authn_dbd.c
Compatibility: Available in Apache 2.1 and later

Summary 6m2os

This module provides authentication front-ends such as mod_authn_file.

This module relies on mod_dbd to specify the backend database driver and connection parameters, and manage the database connections.

When using AuthDigestProvider with the dbd value.

Apache!

Topics 2c136y

Directives 1a4l6m

Bugfix checklist 4i2533

See also 27136x

top

Performance and Caching 1n6r6a

Some s of DBD authentication in HTTPD 2.2/2.4 have reported that it imposes a problematic load on the database. This is most likely where an HTML page contains hundreds of objects (e.g. images, scripts, etc) each of which requires authentication. s affected (or concerned) by this kind of problem should use mod_authn_socache to cache credentials and take most of the load off the database.

top

Configuration Example j3v69

This simple example shows use of this module in the context of the Authentication and DBD frameworks.

# mod_dbd configuration
# UPDATED to include authentication caching
DBDriver pgsql
DBDParams "dbname=apacheauth =apache =xxxxxx"

DBDMin  4
DBDKeep 8
DBDMax  20
DBDExptime 300

<Directory "/usr/www/myhost/private">
  # mod_authn_core and mod_auth_basic configuration
  # for mod_authn_dbd
  AuthType Basic
  AuthName "My Server"

  # To cache credentials, put socache ahead of dbd here
  AuthBasirovider socache dbd

  # Also required for caching: tell the cache to cache dbd lookups!
  AuthnCacheProvideFor dbd
  AuthnCacheContext my-server

  # mod_authz_core configuration
  Require valid-

  # mod_authn_dbd SQL query to authenticate a 
  AuthDBDPWQuery "SELECT  FROM authn WHERE  = %s"
</Directory>
top

Exposing Information 494j60

If httpd was built against APR version 1.3.0 or higher, then whenever a query is made to the database server, all column values in the first row returned by the query are placed in the environment, using environment variables with the prefix "AUTHENTICATE_".

If a database query for example returned the name, full name and telephone number of a , a CGI program will have access to this information without the need to make a second independent database query to gather this additional information.

This has the potential to dramatically simplify the coding and configuration required in some web applications.

top

AuthDBDPWQuery Directive 4132q

Description: SQL query to look up a for a
Syntax: AuthDBDPWQuery query
Context: directory
Status: Extension
Module: mod_authn_dbd

The AuthDBDPWQuery specifies an SQL query to look up a for a specified . The 's ID will be ed as a single string parameter when the SQL query is executed. It may be referenced within the query statement using a %s format specifier.

AuthDBDPWQuery "SELECT  FROM authn WHERE  = %s"

The first column value of the first row returned by the query statement should be a string containing the encrypted . Subsequent rows will be ignored. If no rows are returned, the will not be authenticated through mod_authn_dbd.

If httpd was built against APR version 1.3.0 or higher, any additional column values in the first row returned by the query statement will be stored as environment variables with names of the form AUTHENTICATE_COLUMN.

The encrypted format depends on which authentication frontend (e.g. Formats for more information.

top

AuthDBDRealmQuery Directive 4301t

Description: SQL query to look up a hash for a and realm.
Syntax: AuthDBDRealmQuery query
Context: directory
Status: Extension
Module: mod_authn_dbd

The AuthDBDRealmQuery specifies an SQL query to look up a for a specified and realm in a digest authentication process. The 's ID and the realm, in that order, will be ed as string parameters when the SQL query is executed. They may be referenced within the query statement using %s format specifiers.

AuthDBDRealmQuery "SELECT  FROM authn WHERE  = %s AND realm = %s"

The first column value of the first row returned by the query statement should be a string containing the encrypted . Subsequent rows will be ignored. If no rows are returned, the will not be authenticated through mod_authn_dbd.

If httpd was built against APR version 1.3.0 or higher, any additional column values in the first row returned by the query statement will be stored as environment variables with names of the form AUTHENTICATE_COLUMN.

The encrypted format depends on which authentication frontend (e.g. Formats for more information.

Available Languages:  fr 

top

Comments 2p1l6j

Notice:
This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our s if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our mailing lists.