I have tried to use mod_auth_mysql to get group restrictions enforced and I can't get it to work. It looks like mod_auth_mysql isn't even asking MySQL for the group info I specify. I was using the RPM that came with RHEL4 (2.6.0-rc600-modified-by-redhat_woo.rpm or whatever) and thought that an upgrade to a source-based 3.0 might fix it (it did not). Because it doesn't seem to be a version problem, I am assuming that the problem is Between The Monitor And The Chair, so now I come to you.
FYI: usernames are email address, if that matters at all.
My Config:
<Directory /path/to/web/files>
AuthName phpmyadmin
AuthType Basic
AuthMySQLEnable on
AuthMySQLHost localhost
AuthMySQLDB mail
AuthMySQLUser mail
AuthMySQLPassword xxxxxx
AuthMySQLUserTable accountuser
AuthMySQLNameField username
AuthMySQLPasswordField password
AuthMySQLGroupTable webdav
AuthMySQLGroupField domain
AuthMySQLPwEncryption crypt
AuthMySQLAuthoritative On
AuthMySQLNoPasswd Off
Require valid-user
Require group phpmyadmin
</Directory>
And my tables:
accountuser:
username
password
webdav:
username
domain
What I get from the MySQL SQL log:
051102 14:50:19 135503 Connect mail@localhost on mail
135503 Quit
135504 Connect mail@localhost on mail
135504 Quit
051102 14:50:37 135505 Connect mail@localhost on
135505 Init DB mail
135505 Query SELECT password, length(password) FROM accountuser WHERE username='user@domain.com'
135506 Connect mail@localhost on
135506 Init DB mail
135506 Query SELECT password, length(password) FROM accountuser WHERE username='user@domain.com'
135507 Connect mail@localhost on
135507 Init DB mail
135507 Query SELECT password, length(password) FROM accountuser WHERE username='user@domain.com'
Any ideas?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Sorry for the delay in getting back to you, but I've been out of town.
I don't know of any problems in the group authorization, but as you know it's always possible! However, I also don't see any problems with your configuration off hand. It should work.
I'm on a dial-up line in my hotel right now, so I really can't do any testing. I will be back in the office next week, and will look into it further.
In the meantime, authenticating via the AuthMySQLUserCondition as tscbh suggested should work fine.
Jerry
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have tried to use mod_auth_mysql to get group restrictions enforced and I can't get it to work. It looks like mod_auth_mysql isn't even asking MySQL for the group info I specify. I was using the RPM that came with RHEL4 (2.6.0-rc600-modified-by-redhat_woo.rpm or whatever) and thought that an upgrade to a source-based 3.0 might fix it (it did not). Because it doesn't seem to be a version problem, I am assuming that the problem is Between The Monitor And The Chair, so now I come to you.
FYI: usernames are email address, if that matters at all.
My Config:
<Directory /path/to/web/files>
AuthName phpmyadmin
AuthType Basic
AuthMySQLEnable on
AuthMySQLHost localhost
AuthMySQLDB mail
AuthMySQLUser mail
AuthMySQLPassword xxxxxx
AuthMySQLUserTable accountuser
AuthMySQLNameField username
AuthMySQLPasswordField password
AuthMySQLGroupTable webdav
AuthMySQLGroupField domain
AuthMySQLPwEncryption crypt
AuthMySQLAuthoritative On
AuthMySQLNoPasswd Off
Require valid-user
Require group phpmyadmin
</Directory>
And my tables:
accountuser:
username
password
webdav:
username
domain
What I get from the MySQL SQL log:
051102 14:50:19 135503 Connect mail@localhost on mail
135503 Quit
135504 Connect mail@localhost on mail
135504 Quit
051102 14:50:37 135505 Connect mail@localhost on
135505 Init DB mail
135505 Query SELECT password, length(password) FROM accountuser WHERE username='user@domain.com'
135506 Connect mail@localhost on
135506 Init DB mail
135506 Query SELECT password, length(password) FROM accountuser WHERE username='user@domain.com'
135507 Connect mail@localhost on
135507 Init DB mail
135507 Query SELECT password, length(password) FROM accountuser WHERE username='user@domain.com'
Any ideas?
I used to get the same problem, then I try to authenticate usergroup from UserCondition. This works perfectly.
Nick,
Sorry for the delay in getting back to you, but I've been out of town.
I don't know of any problems in the group authorization, but as you know it's always possible! However, I also don't see any problems with your configuration off hand. It should work.
I'm on a dial-up line in my hotel right now, so I really can't do any testing. I will be back in the office next week, and will look into it further.
In the meantime, authenticating via the AuthMySQLUserCondition as tscbh suggested should work fine.
Jerry
Nick,
Sorry for taking so long to get back to you, but when I got back from my business trip all heck broke loose. I didn't have much time to look at this.
I have looked at it since, though, and don't see a problem in the code.
However, I think you're problem is these two statements:
Require valid-user
Require group phpmyadmin
This is an "or" condition - if you have a valid user, it doesn't follow the group.
Actually, valid-user is basically the default. Even if you have a require group statement, the user must first pass userid/password checking.
So try taking the first line out. It should work.
And sorry about not catching this before.
Jerry