mod_auth_mysql makes managing Apache authentication simple

Posted on June 12th, 2007 in General,Linux System Administration by Brandon

I administer about 20 different web applications, each of which uses Apache authentication to control access. In the past, I’ve just used simple htpasswd authentication because it works and is readily available. However when adding or removing employee’s access, it required pretty manual editing of all of the htpasswd files every time that we added or removed and employee

I just starting using mod_auth_mysql which provides a way to centralize the authentication. It is available as a package on any distro that I’ve used, and is pretty simple to configure. Just create a database with the following tables:

CREATE TABLE users (
  user_name CHAR(30) NOT NULL,
  user_passwd CHAR(20) NOT NULL,
  PRIMARY KEY (user_name)
);
CREATE TABLE groups (
  user_name CHAR(30) NOT NULL,
  user_group CHAR(20) NOT NULL,
  PRIMARY KEY (user_name, user_group)
);

Populate the users table with username/passwords taken straight from the .htpasswd file. Optionally, you can make users a member of a group via the groups table. Create a database user with permission to SELECT from those two tables.

Then configure the following in the Apache config or .htaccess file for each your web applications:

AuthName "Some Webapp"
AuthType Basic
AuthMySQLEnable on
AuthMySQLHost myauthserver.someplace.com
AuthMySQLUser YourDatabaseName
AuthMySQLPassword YourDatabaseUserPassword
AuthMySQLDB YourDatabaseName
AuthMySQLUserTable users
AuthMySQLNameField user_name
AuthMySQLPasswordField user_passwd
AuthMySQLGroupTable groups
AuthMySQLGroupField user_group

require valid-user
#require group ThisApp

Now you can centrally manage your Apache authentication. Uncomment the ‘require group’ line and add an appropriate entry in the groups table for any users you want to allow specifically to this app.

3 Responses to 'mod_auth_mysql makes managing Apache authentication simple'

Subscribe to comments with RSS or TrackBack to 'mod_auth_mysql makes managing Apache authentication simple'.

  1. Kevin said,

    on June 12th, 2007 at 11:38 pm

    Very cool. This is a great solution to a common problem when you have multiple servers/applications. Glad you posted your find, I’m sure I will use it in the future.

  2. Brandon said,

    on March 15th, 2009 at 8:36 pm

    FYI, I released a program for managing these users via a web-based program at http://www.brandonchecketts.com/webpasswd/


  3. on March 15th, 2009 at 8:44 pm

    [...] Linux distribution, so installing and configuring it takes less than 5 minutes. I started using it almost 2 years ago, and over that time have made a simple web application for managing the users and granting them [...]

Post a comment

Please copy the string XoLLd5 to the field below: