openbsd-ports/www/mod_auth_mysql/patches/patch-USAGE

$OpenBSD: patch-USAGE,v 1.2 2008/03/25 23:23:15 simon Exp $
--- USAGE.orig	Mon Sep 10 16:11:37 2001
+++ USAGE	Wed Mar 26 00:10:48 2008
@@ -28,10 +28,11 @@ can skip to the next phase.  Otherwise:
     NOTE:  You *don't* have to have this table in a seperate database, you
     can skip creating a new database and use an existing database if it fits
     your needs.
+
 2.  Create the auth table, e.g.:
     prompt> mysql http_auth
     mysql> create table mysql_auth (
-        ->   username char(25),
+        ->   username char(25) not null,
         ->   passwd char(25),
         ->   groups char(25),
         ->   primary key (username)
@@ -48,6 +49,7 @@ can skip to the next phase.  Otherwise:
              that, you should have one row in the username/passwd table, and
              multiple rows in the username/group table, one for each group
              the user is in.
+
 3.  Insert the information into the table.  Both the username and group fields
     are plaintext, whereas the password field should contain standard UNIX DES
     encrypted passwords (this can be overriden using a directive as well, but
@@ -62,40 +64,58 @@ Telling apache to protect the page using that informat
     server, and/or you need to specify a password for that user, you'd need
     to add the following line somewhere in your httpd.conf (doesn't really
     matter where):
+
     Auth_MySQL_Info <host> <user> <password>
+
     This information can *only* be specified in the server's httpd.conf, since
     it's used server-wide.
+
+    you can specify socket name or port number in <host>.
+    ex.1: Auth_MySQL_Info 'localhost:/tmp/mysql.sock' <user> <password>
+    ex.2: Auth_MySQL_Info 'remotesrv:3333' <user> <password>
+
 2.  If you're going to use mainly one MySQL database for all of your pages,
     you should probably add the following line to your httpd.conf as well:
+
     Auth_MySQL_General_DB <database_name>
+
     The database can be set on a per-directory basis using a different
     directive in .htaccess, as mentioned later in this file.
+
 3.  Create (or update) a file named .htaccess inside the directory you would
     like to protect.  Here are a few simple .htaccess files (full
     documentation about the various possible non-MySQL-auth specific directives
     can be obtained from the apache docs):
+
     
 (I)  Protect your company's financial information (not recommended to put on
      the web:) to any user that's in the SQL auth table:
+
 AuthName        My Company's Financial Information   <-- the realm name, use some informative name
 AuthType Basic                                       <-- keep it that way
 require valid-user                                   <-- allow any valid user to access
 
+
 (II)  Allow access only to specific users:
+
 AuthName        My Company's Financial Information   <-- the realm name, use some informative name
 AuthType Basic                                       <-- keep it that way
 require user johndoe devnull                         <-- let only johndoe and devnull access
 
+
 (III) Allow only members of group 'executives' access the information:
+
 AuthName        My Company's Financial Information   <-- the realm name, use some informative name
 AuthType Basic                                       <-- keep it that way
 require group executives                             <-- allow only members of this group to access
 
 Note that with Apache 1.3, you would have to encapsulate the AuthName
 with double quotes if it contains spaces, e.g.
+
 AuthName        "My Company's Financial Information"
 
 
+
 4.  Take a look at the following directives, and see if you need to
     use any of them:
 
@@ -130,16 +150,25 @@ Auth_MySQL_Empty_Passwords on/off
     the page by just specifying their username without any password checking.
     If this is 'Off', they would be denied access.  Default:  On.
     
-Auth_MySQL_Encryption_Types [Plaintext, Crypt_DES, Crypt_MD5, MySQL]
+Auth_MySQL_Encryption_Types [Plaintext, Crypt_DES, Crypt_MD5, MySQL, MD5]
     This directive tells the authentication module which encryption type(s)
     to use.  It overrides the Auth_MySQL_Scrambled_Passwords and
     Auth_MySQL_Encrypted_Passwords directives if it appears after them.
     More than one encryption type may be specified, to instruct the module to
     check each password through more than one encryption scheme.  For example,
+
     Auth_MySQL_Encryption_Types Plaintext Crypt_DES
+
     will instruct the module to check each password both as-is, and through
     DES crypt.
 
+    Crypt_MD5: if your system support crypt function which can handle md5,
+    apache compare password strings by using md5.
+
+    MD5: if you choise MD5, your passwd field must have md5 encrypted strings.
+    in this case, md5 password are stored into MySQL, and,
+    your system does not need to have crypt_md5 function.
+
 Auth_MySQL_Encrypted_Passwords on/off
     Whether or not to use standard UNIX DES encrypted passwords.  If turned
     on, the module expects the password field to contain standard UNIX DES
@@ -178,3 +207,13 @@ Auth_MYSQL on/off
     authentication modules (e.g. the flatfile auth module).  If it's on,
     and a database name was specified - the MySQL module will be used for
     authentication.
+
+
+Auth_MySQL_Where "strings..."
+    if you set:
+
+       Auth_MySQL_Where "active='Y'"
+
+    then, mod_mysql send next SQL statment to MySQL server:
+
+       SELECT passwd FROM mysql_auth WHERE username='id' AND active='Y'
Let it work with mysql >= 4.x, add support for socket connections, plain MD5 encryption and an option to specify additional conditions. Problem reported by Simon Hamilton, request by Markus Liljergren, tested by both. 2008-03-25 19:23:15 -04:00			$OpenBSD: patch-USAGE,v 1.2 2008/03/25 23:23:15 simon Exp $
			`--- USAGE.orig Mon Sep 10 16:11:37 2001`
			`+++ USAGE Wed Mar 26 00:10:48 2008`
			`@@ -28,10 +28,11 @@ can skip to the next phase. Otherwise:`
			`NOTE: You don't have to have this table in a seperate database, you`
			`can skip creating a new database and use an existing database if it fits`
			`your needs.`
			`+`
MySQL authentication support for Apache, submitted by Sam Smith 2002-09-15 15:28:36 -04:00			`2. Create the auth table, e.g.:`
			`prompt> mysql http_auth`
			`mysql> create table mysql_auth (`
			`- -> username char(25),`
			`+ -> username char(25) not null,`
			`-> passwd char(25),`
			`-> groups char(25),`
			`-> primary key (username)`
Let it work with mysql >= 4.x, add support for socket connections, plain MD5 encryption and an option to specify additional conditions. Problem reported by Simon Hamilton, request by Markus Liljergren, tested by both. 2008-03-25 19:23:15 -04:00			`@@ -48,6 +49,7 @@ can skip to the next phase. Otherwise:`
			`that, you should have one row in the username/passwd table, and`
			`multiple rows in the username/group table, one for each group`
			`the user is in.`
			`+`
			`3. Insert the information into the table. Both the username and group fields`
			`are plaintext, whereas the password field should contain standard UNIX DES`
			`encrypted passwords (this can be overriden using a directive as well, but`
			`@@ -62,40 +64,58 @@ Telling apache to protect the page using that informat`
			`server, and/or you need to specify a password for that user, you'd need`
			`to add the following line somewhere in your httpd.conf (doesn't really`
			`matter where):`
			`+`
			`Auth_MySQL_Info <host> <user> <password>`
			`+`
			`This information can only be specified in the server's httpd.conf, since`
			`it's used server-wide.`
			`+`
			`+ you can specify socket name or port number in <host>.`
			`+ ex.1: Auth_MySQL_Info 'localhost:/tmp/mysql.sock' <user> <password>`
			`+ ex.2: Auth_MySQL_Info 'remotesrv:3333' <user> <password>`
			`+`
			`2. If you're going to use mainly one MySQL database for all of your pages,`
			`you should probably add the following line to your httpd.conf as well:`
			`+`
			`Auth_MySQL_General_DB <database_name>`
			`+`
			`The database can be set on a per-directory basis using a different`
			`directive in .htaccess, as mentioned later in this file.`
			`+`
			`3. Create (or update) a file named .htaccess inside the directory you would`
			`like to protect. Here are a few simple .htaccess files (full`
			`documentation about the various possible non-MySQL-auth specific directives`
			`can be obtained from the apache docs):`
			`+`

			`(I) Protect your company's financial information (not recommended to put on`
			`the web:) to any user that's in the SQL auth table:`
			`+`
			`AuthName My Company's Financial Information <-- the realm name, use some informative name`
			`AuthType Basic <-- keep it that way`
			`require valid-user <-- allow any valid user to access`

			`+`
			`(II) Allow access only to specific users:`
			`+`
			`AuthName My Company's Financial Information <-- the realm name, use some informative name`
			`AuthType Basic <-- keep it that way`
			`require user johndoe devnull <-- let only johndoe and devnull access`

			`+`
			`(III) Allow only members of group 'executives' access the information:`
			`+`
			`AuthName My Company's Financial Information <-- the realm name, use some informative name`
			`AuthType Basic <-- keep it that way`
			`require group executives <-- allow only members of this group to access`

			`Note that with Apache 1.3, you would have to encapsulate the AuthName`
			`with double quotes if it contains spaces, e.g.`
			`+`
			`AuthName "My Company's Financial Information"`


			`+`
			`4. Take a look at the following directives, and see if you need to`
			`use any of them:`

			`@@ -130,16 +150,25 @@ Auth_MySQL_Empty_Passwords on/off`
			`the page by just specifying their username without any password checking.`
			`If this is 'Off', they would be denied access. Default: On.`

			`-Auth_MySQL_Encryption_Types [Plaintext, Crypt_DES, Crypt_MD5, MySQL]`
			`+Auth_MySQL_Encryption_Types [Plaintext, Crypt_DES, Crypt_MD5, MySQL, MD5]`
			`This directive tells the authentication module which encryption type(s)`
			`to use. It overrides the Auth_MySQL_Scrambled_Passwords and`
			`Auth_MySQL_Encrypted_Passwords directives if it appears after them.`
			`More than one encryption type may be specified, to instruct the module to`
			`check each password through more than one encryption scheme. For example,`
			`+`
			`Auth_MySQL_Encryption_Types Plaintext Crypt_DES`
			`+`
			`will instruct the module to check each password both as-is, and through`
			`DES crypt.`

			`+ Crypt_MD5: if your system support crypt function which can handle md5,`
			`+ apache compare password strings by using md5.`
			`+`
			`+ MD5: if you choise MD5, your passwd field must have md5 encrypted strings.`
			`+ in this case, md5 password are stored into MySQL, and,`
			`+ your system does not need to have crypt_md5 function.`
			`+`
			`Auth_MySQL_Encrypted_Passwords on/off`
			`Whether or not to use standard UNIX DES encrypted passwords. If turned`
			`on, the module expects the password field to contain standard UNIX DES`
			`@@ -178,3 +207,13 @@ Auth_MYSQL on/off`
			`authentication modules (e.g. the flatfile auth module). If it's on,`
			`and a database name was specified - the MySQL module will be used for`
			`authentication.`
			`+`
			`+`
			`+Auth_MySQL_Where "strings..."`
			`+ if you set:`
			`+`
			`+ Auth_MySQL_Where "active='Y'"`
			`+`
			`+ then, mod_mysql send next SQL statment to MySQL server:`
			`+`
			`+ SELECT passwd FROM mysql_auth WHERE username='id' AND active='Y'`