2 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
3 <?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
4 <!-- $LastChangedRevision$ -->
7 Licensed to the Apache Software Foundation (ASF) under one or more
8 contributor license agreements. See the NOTICE file distributed with
9 this work for additional information regarding copyright ownership.
10 The ASF licenses this file to You under the Apache License, Version 2.0
11 (the "License"); you may not use this file except in compliance with
12 the License. You may obtain a copy of the License at
14 http://www.apache.org/licenses/LICENSE-2.0
16 Unless required by applicable law or agreed to in writing, software
17 distributed under the License is distributed on an "AS IS" BASIS,
18 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19 See the License for the specific language governing permissions and
20 limitations under the License.
23 <modulesynopsis metafile="mod_authn_dbd.xml.meta">
25 <name>mod_authn_dbd</name>
26 <description>User authentication using an SQL database</description>
27 <status>Extension</status>
28 <sourcefile>mod_authn_dbd.c</sourcefile>
29 <identifier>authn_dbd_module</identifier>
30 <compatibility>Available in Apache 2.1 and later</compatibility>
33 <p>This module provides authentication front-ends such as
34 <module>mod_auth_digest</module> and <module>mod_auth_basic</module>
35 to authenticate users by looking up users in SQL tables.
36 Similar functionality is provided by, for example,
37 <module>mod_authn_file</module>.</p>
38 <p>This module relies on <module>mod_dbd</module> to specify
39 the backend database driver and connection parameters, and
40 manage the database connections.</p>
42 <p>When using <module>mod_auth_basic</module> or
43 <module>mod_auth_digest</module>, this module is invoked via the
44 <directive module="mod_auth_basic">AuthBasicProvider</directive> or
45 <directive module="mod_auth_digest">AuthDigestProvider</directive>
46 with the <code>dbd</code> value.</p>
49 <seealso><directive module="mod_authn_core">AuthName</directive></seealso>
50 <seealso><directive module="mod_authn_core">AuthType</directive></seealso>
52 <directive module="mod_auth_basic">AuthBasicProvider</directive>
55 <directive module="mod_auth_digest">AuthDigestProvider</directive>
57 <seealso><directive module="mod_dbd">DBDriver</directive></seealso>
58 <seealso><directive module="mod_dbd">DBDParams</directive></seealso>
59 <seealso><a href="../misc/password_encryptions.html">Password Formats</a></seealso>
61 <section id="socache">
62 <title>Performance and Cacheing</title>
63 <p>Some users of DBD authentication in HTTPD 2.2 have reported that it
64 imposes a problematic load on the database. This is most likely where
65 an HTML page contains hundreds of objects (e.g. images, scripts, etc)
66 each of which requires authentication. Users affected (or concerned)
67 by this kind of problem should use <module>mod_authn_socache</module>
68 to cache credentials and take most of the load off the database.</p>
71 <section id="example">
72 <title>Configuration Example</title>
73 <p>This simple example shows use of this module in the context of
74 the Authentication and DBD frameworks.</p>
76 # mod_dbd configuration
77 # UPDATED to include authentication cacheing
79 DBDParams "dbname=apacheauth user=apache password=xxxxxx"
86 <Directory /usr/www/myhost/private>
87 # mod_authn_core and mod_auth_basic configuration
92 # To cache credentials, put socache ahead of dbd here
93 AuthBasicProvider socache dbd
95 # Also required for caching: tell the cache to cache dbd lookups!
96 AuthnCacheProvideFor dbd
97 AuthnCacheContext my-server
99 # mod_authz_core configuration
102 # mod_authn_dbd SQL query to authenticate a user
104 "SELECT password FROM authn WHERE user = %s"
109 <section id="exposed">
110 <title>Exposing Login Information</title>
112 If httpd was built against <glossary>APR</glossary> version 1.3.0
113 or higher, then whenever a query is made to the database server, all
114 column values in the first row returned by the query are placed in the
115 environment, using environment variables with the prefix "AUTHENTICATE_".
117 <p>If a database query for example returned the username, full name
118 and telephone number of a user, a CGI program will have access to
119 this information without the need to make a second independent database
120 query to gather this additional information.</p>
121 <p>This has the potential to dramatically simplify the coding and
122 configuration required in some web applications.
127 <name>AuthDBDUserPWQuery</name>
128 <description>SQL query to look up a password for a user</description>
129 <syntax>AuthDBDUserPWQuery <var>query</var></syntax>
130 <contextlist><context>directory</context>
134 <p>The <directive>AuthDBDUserPWQuery</directive> specifies an
135 SQL query to look up a password for a specified user. The user's ID
136 will be passed as a single string parameter when the SQL query is
137 executed. It may be referenced within the query statement using
138 a <code>%s</code> format specifier.</p>
139 <example><title>Example</title><pre>
141 "SELECT password FROM authn WHERE user = %s"
143 <p>The first column value of the first row returned by the query
144 statement should be a string containing the encrypted password.
145 Subsequent rows will be ignored. If no rows are returned, the user
146 will not be authenticated through <module>mod_authn_dbd</module>.</p>
147 <p>If httpd was built against <glossary>APR</glossary> version 1.3.0
148 or higher, any additional column values in the first row returned by
149 the query statement will be stored as environment variables with
150 names of the form <code>AUTHENTICATE_<var>COLUMN</var></code>.
152 <p>The encrypted password format depends on which authentication
153 frontend (e.g. <module>mod_auth_basic</module> or
154 <module>mod_auth_digest</module>) is being used. See <a
155 href="../misc/password_encryptions.html">Password Formats</a> for
156 more information.</p>
161 <name>AuthDBDUserRealmQuery</name>
162 <description>SQL query to look up a password hash for a user and realm.
164 <syntax>AuthDBDUserRealmQuery <var>query</var></syntax>
165 <contextlist><context>directory</context>
169 <p>The <directive>AuthDBDUserRealmQuery</directive> specifies an
170 SQL query to look up a password for a specified user and realm.
171 The user's ID and the realm, in that order, will be passed as string
172 parameters when the SQL query is executed. They may be referenced
173 within the query statement using <code>%s</code> format specifiers.</p>
174 <example><title>Example</title><pre>
175 AuthDBDUserRealmQuery \
176 "SELECT password FROM authn WHERE user = %s AND realm = %s"
178 <p>The first column value of the first row returned by the query
179 statement should be a string containing the encrypted password.
180 Subsequent rows will be ignored. If no rows are returned, the user
181 will not be authenticated through <module>mod_authn_dbd</module>.</p>
182 <p>If httpd was built against <glossary>APR</glossary> version 1.3.0
183 or higher, any additional column values in the first row returned by
184 the query statement will be stored as environment variables with
185 names of the form <code>AUTHENTICATE_<var>COLUMN</var></code>.
187 <p>The encrypted password format depends on which authentication
188 frontend (e.g. <module>mod_auth_basic</module> or
189 <module>mod_auth_digest</module>) is being used. See <a
190 href="../misc/password_encryptions.html">Password Formats</a> for
191 more information.</p>