Hi,
I compiled and loaded succesfully the module mod_auth_mysql (no errors nor warnings) with apache 2.0.52 with DSO.
I created all the necessary stuff in the MySQL DB (and tested correctly the connection from the host running apache).
When I use an .htaccess file or a corresponding Directory/Location section in httpd.conf with all the necessary "authmysql" directives for the basic authentication scheme, simply the authentication is not enabled (the browser don't receive the header with HTTP status 401) as if the directives are not present at all.
None is reported in the apache error log and the access log report a standard 200 request/response.
Any suggestion?
Thanks in advance,
Mauro
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
These are the entries I used in .htaccess or httpd.conf
#######################
AuthName "MySQL Testing"
AuthType Basic
AuthMySQLHost HOST_NAME
AuthMySQLPort DB_PORT
AuthMySQLDB DB_NAME
AuthMySQLUserTable TABLE_NAME
AuthMySQLUser MYSQL_USER_NAME
AuthMySQLPassword MYSQL_PASSWORD
require valid-user
#################
Thanks for your help,
Mauro
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I think this is the problem:
1) I have another .htaccess file in a directory parent of the directory in which I want mysql authentication
2) in this parent .htaccess file I set simply a "Deny All" and an "Allow from my_host"
3) if I use the standard basic authentication of apache (file based) in the .htaccess of the child directory all work fine, but MySQL_auth don't work (even with "AuthMySQLEnable On" and "AuthMySQLAuthoritative On")
4) if I remove the .htaccess in the parent directory, the MySQL auth work fine!
5) just a little bit: the README code for the CREATE table is not coherent with the default settings of the module (the password field name is different)
Mauro
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
More precisely, this is the PARENT .htaccess:
##################
AuthName "Test"
AuthType Basic
AuthUserFile /path/to/passwd_file
order deny,allow
deny from all
allow from IP_A
allow from IP_B
require valid-user
satisfy any
##################
With this .htaccess in the parent directory, any mysql_auth entries in .htaccess files in child directories seems to be simply ignored
Mauro
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Another info:
in the previous conditions (the above .htaccess in the parent directory) if I add the entry "AuthMySQLEnable On" in the child .htaccess, apache output a 500 Internal Server Error, with this line in the error log:
"/path/to/child/.htaccess: Invalid command 'AuthMySQLEnable', perhaps mis-spelled or defined by a module not included in the server configuration"
Thanks,
Mauro
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
If you're using version 2.6.0 or later of mod_auth_mysql, AuthMySQLEnable should be valid. Are you sure you didn't mistype it? (I've done that before :-) )
Apache's authentication is a little complex. If you have authentication in the .htaccess file of the parent directory as well as the subdirectory, BOTH authorizations must succeed. So, even if the mod_auth_mysql authentication succeeds, if the parent directory authorization fails, the request to the subdirectory will fail. This is how Apache works; there isn't anything we can do with mod_auth_mysql to change it.
So, in your case, you allow access only from IP_A and IP_B; this will have to succeed along with any additionaly mod_auth_mysql authentication.
Also - thanks for the heads up in the password field. It should have been user_passwd, as indicated in the doc (this one slipped by me). I have it corrected for the next release.
Jerry
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm using mod_auth_mysql 2.7.0 & apache 2.0.52.
I verified any possible mstype and I'm sure of the correct syntax of all entries.
I confirm your explanation of apache's authentication scheme, but I tested that when the authentication of the parent dir is successful, further authentication (in a subdirectory .htaccess) is IGNORED if I use mod_auth_mysql and ENFORCED only if I use mod_auth or other standard modules.
Mauro
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
OK, after some digging, I found your problem. It is in your setup.
When you specified "satisfy any" in the parent directory, this was passed on to the subdirectory. Any valid authorization in the parent directory then allows authentication to the subdirectory.
To correct this, you need to specify "satsify all" in the subdirectory.
If you have further problems, please follow up in the Apache groups.
Jerry
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
So, I have added this code in my htaccess to ask for login upon page visit. But it gives a 500 Internal Server Error when I open the page. The database connection is fine. I checked it. What can be wrong with the code? I dont get any errors in the error log.
AuthUserFile /dev/null
AuthBasicAuthoritative Off
AuthMySQL on
AuthMySQL_Authoritative on
Auth_MySQL_Host "Database Host"
Auth_MySQL_User "UserName"
Auth_MySQL_Password "Password"
AuthMySQL_DB "Databse"
AuthMySQL_Password_Table ftp_users
AuthMySQL_Username_Field user_name
AuthMySQL_Password_Field password
AuthMySQL_Empty_Passwords off
AuthMySQL_Encryption_Types PHP_MD5
Auth_MySQL_Password_Clause " and active=1 "
AuthName "Password"
AuthType Basic
require valid-user
<Files.htaccess>
Auth_MySQL_Password_Clause " and active=1 "
</Files>
How can I check if AuthMysql is installed on the server?
In the php.ini I found
>auth_plugin_mysql_native_password,auth_plugin_mysql_clear_password,auth_plugin_sha256_password
plugins loaded
Any help will be appreciated.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
I compiled and loaded succesfully the module mod_auth_mysql (no errors nor warnings) with apache 2.0.52 with DSO.
I created all the necessary stuff in the MySQL DB (and tested correctly the connection from the host running apache).
When I use an .htaccess file or a corresponding Directory/Location section in httpd.conf with all the necessary "authmysql" directives for the basic authentication scheme, simply the authentication is not enabled (the browser don't receive the header with HTTP status 401) as if the directives are not present at all.
None is reported in the apache error log and the access log report a standard 200 request/response.
Any suggestion?
Thanks in advance,
Mauro
Hello, Mauro,
I'm sorry, but you haven't provided enough information to help with your problem.
Can you post the applicable entries in your httpd.conf and .htaccess files? That would help with a start, anyway.
Jerry
Yes, I apologize.
These are the entries I used in .htaccess or httpd.conf
#######################
AuthName "MySQL Testing"
AuthType Basic
AuthMySQLHost HOST_NAME
AuthMySQLPort DB_PORT
AuthMySQLDB DB_NAME
AuthMySQLUserTable TABLE_NAME
AuthMySQLUser MYSQL_USER_NAME
AuthMySQLPassword MYSQL_PASSWORD
require valid-user
#################
Thanks for your help,
Mauro
When you compiled it, did you set -D ENABLE=1? If not, you also need "AuthMySQLEnable On" in your httpd.conf or .htaccess file.
See the README file for more details.
Jerry
I think this is the problem:
1) I have another .htaccess file in a directory parent of the directory in which I want mysql authentication
2) in this parent .htaccess file I set simply a "Deny All" and an "Allow from my_host"
3) if I use the standard basic authentication of apache (file based) in the .htaccess of the child directory all work fine, but MySQL_auth don't work (even with "AuthMySQLEnable On" and "AuthMySQLAuthoritative On")
4) if I remove the .htaccess in the parent directory, the MySQL auth work fine!
5) just a little bit: the README code for the CREATE table is not coherent with the default settings of the module (the password field name is different)
Mauro
More precisely, this is the PARENT .htaccess:
##################
AuthName "Test"
AuthType Basic
AuthUserFile /path/to/passwd_file
order deny,allow
deny from all
allow from IP_A
allow from IP_B
require valid-user
satisfy any
##################
With this .htaccess in the parent directory, any mysql_auth entries in .htaccess files in child directories seems to be simply ignored
Mauro
Another info:
in the previous conditions (the above .htaccess in the parent directory) if I add the entry "AuthMySQLEnable On" in the child .htaccess, apache output a 500 Internal Server Error, with this line in the error log:
"/path/to/child/.htaccess: Invalid command 'AuthMySQLEnable', perhaps mis-spelled or defined by a module not included in the server configuration"
Thanks,
Mauro
Mauro,
If you're using version 2.6.0 or later of mod_auth_mysql, AuthMySQLEnable should be valid. Are you sure you didn't mistype it? (I've done that before :-) )
Apache's authentication is a little complex. If you have authentication in the .htaccess file of the parent directory as well as the subdirectory, BOTH authorizations must succeed. So, even if the mod_auth_mysql authentication succeeds, if the parent directory authorization fails, the request to the subdirectory will fail. This is how Apache works; there isn't anything we can do with mod_auth_mysql to change it.
So, in your case, you allow access only from IP_A and IP_B; this will have to succeed along with any additionaly mod_auth_mysql authentication.
Also - thanks for the heads up in the password field. It should have been user_passwd, as indicated in the doc (this one slipped by me). I have it corrected for the next release.
Jerry
Jerry, thanks your time.
I'm using mod_auth_mysql 2.7.0 & apache 2.0.52.
I verified any possible mstype and I'm sure of the correct syntax of all entries.
I confirm your explanation of apache's authentication scheme, but I tested that when the authentication of the parent dir is successful, further authentication (in a subdirectory .htaccess) is IGNORED if I use mod_auth_mysql and ENFORCED only if I use mod_auth or other standard modules.
Mauro
Mauro,
OK, after some digging, I found your problem. It is in your setup.
When you specified "satisfy any" in the parent directory, this was passed on to the subdirectory. Any valid authorization in the parent directory then allows authentication to the subdirectory.
To correct this, you need to specify "satsify all" in the subdirectory.
If you have further problems, please follow up in the Apache groups.
Jerry
You're right, Jerry!
Using basic authentication both in parent and subdirectories seem's to let confused both me and apache itself!
Thank You very much!
Mauro
So, I have added this code in my htaccess to ask for login upon page visit. But it gives a 500 Internal Server Error when I open the page. The database connection is fine. I checked it. What can be wrong with the code? I dont get any errors in the error log.
How can I check if AuthMysql is installed on the server?
In the php.ini I found
>auth_plugin_mysql_native_password,auth_plugin_mysql_clear_password,auth_plugin_sha256_password
plugins loaded
Any help will be appreciated.