After upgrading from version 20030510 to version 2.90, I find that ALL authentication requests seem to be going through mod_auth_mysql, even if there is no reference to it in httpd.conf at all. Just the fact that the .so file is loaded seems to make it try to handle the authentication of every request.
When I look in /var/log/httpd/error_log, I see:
[Thu Apr 07 16:59:19 2005] [error] [client 192.168.0.104] MySQL ERROR: Access denied for user 'apache'@'localhost' (using password: NO), referer: http://dev1/phpMyAdmin/left.php
[Thu Apr 07 16:59:19 2005] [error] [client 192.168.0.104] MySQL user russellg not found: /phpMyAdmin/tbl_properties_structure.php, referer: http://dev1/phpMyAdmin/left.php
Notice that the request is for the /phpMyAdmin directory, which isn't using the mod_auth_mysql module. As a matter of fact, I've removed all references to the module from httpd.conf completely, so the module is being loaded, but never used. The /phpMyAdmin directory is controlled by a Directory directive in the httpd.conf file, which points it to a standard password file created with htpasswd.
Why is it trying to access MySQL as "apache@localhost"? If I don't have any reference to the module anywhere in the file, I assumed it wouldn't use it. That's the way version 20030510 worked anyway, which worked fine before upgrading to 2.90. And even if it did have access to MySQL, how it would know which table to access, or which field to look at?
I'm using Apache 2.0.46 on Centos 3.4, and there are no .htaccess files on the system -- all configuration is done in httpd.conf, plus the file auth_mysql.conf, which just loads the module.
Thanks for any help,
Russell
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
When an authentication module is loaded (LoadModule command), it registers itself with Apache. This tells Apache this is an authentication module and documents the configuration statements it will handle.
Now - when a request comes in for access to a protected resource, Apache doesn't have any idea which module(s) should handle it. Apache therefore calls each authentication module in turn until either the request is approved or Apache is told to stop.
Each module, in turn, decides whether it is to handle the request or not. In mod_auth_mysql, this is handled by the AuthMySQLEnable statement. The default can be set at compile time with the -DENABLE=(1|0) option.
Please see the files CONFIGURATION and BUILD for more information on these options.
Jerry
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
After upgrading from version 20030510 to version 2.90, I find that ALL authentication requests seem to be going through mod_auth_mysql, even if there is no reference to it in httpd.conf at all. Just the fact that the .so file is loaded seems to make it try to handle the authentication of every request.
When I look in /var/log/httpd/error_log, I see:
[Thu Apr 07 16:59:19 2005] [error] [client 192.168.0.104] MySQL ERROR: Access denied for user 'apache'@'localhost' (using password: NO), referer: http://dev1/phpMyAdmin/left.php
[Thu Apr 07 16:59:19 2005] [error] [client 192.168.0.104] MySQL user russellg not found: /phpMyAdmin/tbl_properties_structure.php, referer: http://dev1/phpMyAdmin/left.php
Notice that the request is for the /phpMyAdmin directory, which isn't using the mod_auth_mysql module. As a matter of fact, I've removed all references to the module from httpd.conf completely, so the module is being loaded, but never used. The /phpMyAdmin directory is controlled by a Directory directive in the httpd.conf file, which points it to a standard password file created with htpasswd.
Why is it trying to access MySQL as "apache@localhost"? If I don't have any reference to the module anywhere in the file, I assumed it wouldn't use it. That's the way version 20030510 worked anyway, which worked fine before upgrading to 2.90. And even if it did have access to MySQL, how it would know which table to access, or which field to look at?
I'm using Apache 2.0.46 on Centos 3.4, and there are no .htaccess files on the system -- all configuration is done in httpd.conf, plus the file auth_mysql.conf, which just loads the module.
Thanks for any help,
Russell
Russell,
This is normal operation.
When an authentication module is loaded (LoadModule command), it registers itself with Apache. This tells Apache this is an authentication module and documents the configuration statements it will handle.
Now - when a request comes in for access to a protected resource, Apache doesn't have any idea which module(s) should handle it. Apache therefore calls each authentication module in turn until either the request is approved or Apache is told to stop.
Each module, in turn, decides whether it is to handle the request or not. In mod_auth_mysql, this is handled by the AuthMySQLEnable statement. The default can be set at compile time with the -DENABLE=(1|0) option.
Please see the files CONFIGURATION and BUILD for more information on these options.
Jerry