Difference between revisions of "NATS4 mod authn dbd"
Tmm vincent (talk | contribs) (fixing cryptpass authentication code example) |
Tmm vincent (talk | contribs) (added warning to ensure member usernames are unique across all sites) |
||
Line 5: | Line 5: | ||
Apache Module mod_authn_dbd allows you to authenticate [[Ct#Member|members]] against the NATS database.<br> | Apache Module mod_authn_dbd allows you to authenticate [[Ct#Member|members]] against the NATS database.<br> | ||
+ | <pre style="color: red;font-weight: bold;">Please note: Usernames MUST be unique across all sites if using this method to authenticate members. | ||
+ | You can confirm this by checking the Surfer section of your Configuration Admin to ensure the 'UNIQUE_MEMBER_NAMES' setting is set to 'For all sites'.</pre> | ||
This has been tested with Apache 2.4 | This has been tested with Apache 2.4 | ||
Revision as of 19:06, 31 October 2018
Apache Module mod_authn_dbd allows you to authenticate members against the NATS database.
Please note: Usernames MUST be unique across all sites if using this method to authenticate members. You can confirm this by checking the Surfer section of your Configuration Admin to ensure the 'UNIQUE_MEMBER_NAMES' setting is set to 'For all sites'.
This has been tested with Apache 2.4
Setting up mod_authn_dbd
Have your host install the apache module mod_authn_dbd on your server if not installed already.
Adjusting dbd_mysql.conf
To authenticate using mod_authn_dbd and the NATS database, you or your host would need to adjust the mod_authn_dbd configuraction file(dbd_mysql.conf). The following code consists of specific configuration settings for this module:
DBDriver mysql DBDParams "host=127.0.0.1 port=3306 user=xxUSERxx pass=xxPASSxx dbname=xxDBNAMExx" DBDMin 2 DBDKeep 4 DBDMax 10 DBDExptime 300
Replace "xxUSERxx", "xxPASSxx", and "xxDBNAMExx" with your NATS database username, password, and database name.
Note: For additional security, we suggest creating a separate db user with only the SELECT privilege to the member_auth table.
Turning on mod_authn_dbd
Have your host run the following commands which will activate this module:
a2enmod dbd a2enmod authn_dbd a2enconf dbd_mysql
Adjust Apache Site Configuration file
Once installed and configured, the next step would be to adjust the Apache Site configuration for the site in question. The following code consists of an example providing specific configuration settings for this module for a site:
<Directory /path/to/the/members/section> AuthName "You Must Login" AuthType Basic AuthBasicProvider dbd AuthDBDUserPWQuery "SELECT cryptpass FROM member_auth WHERE username = %s AND siteid = xxSiteidxx" Require valid-user </Directory>
Replace X in "siteid=xxSiteidxx" with the ID number of the site you would like to affect. If you would like to use a single member's area for all of your sites, simply remove "AND siteid=xxSiteidxx" from the line. For more options and information, please see our Multisite Access article.
Authenticating members using their encrypted password
When a member record is created in NATS, we use the crypt function with a random salt to create the cryptpass value. When authenticating members using custom php code, you need to call the php crypt() function using the current cryptpass value as the salt. And if the final result matches the existing cryptpass value, you can conclude the user entered password is correct. Here is an example:
<?php $cryptPass = <encrypted password, get from the db row for the matching username>; $userPass = <unencrypted password, get from the submitted login form>; $newCrypt = crypt($userPass, $cryptPass); if ($cryptPass == $newCrypt) <user is authenticated> else <password is not correct>