Difference between revisions of "NATS4 mod authn dbd"
Tmm vincent (talk | contribs) m |
Tmm vincent (talk | contribs) m (removing username uniqueness warning, explanation available in page discussion) |
||
Line 5: | Line 5: | ||
Apache Module mod_authn_dbd allows you to authenticate [[Ct#Member|members]] against the NATS database.<br> | Apache Module mod_authn_dbd allows you to authenticate [[Ct#Member|members]] against the NATS database.<br> | ||
− | + | ||
− | |||
This has been tested with Apache 2.4 | This has been tested with Apache 2.4 | ||
Revision as of 22:46, 1 November 2018
Apache Module mod_authn_dbd allows you to authenticate members against the NATS database.
This has been tested with Apache 2.4
Setting up mod_authn_dbd
Have your host install the apache module mod_authn_dbd on your server if not installed already.
Adjusting dbd_mysql.conf
To authenticate using mod_authn_dbd and the NATS database, you or your host would need to adjust the mod_authn_dbd configuraction file(dbd_mysql.conf). The following code consists of specific configuration settings for this module:
DBDriver mysql DBDParams "host=127.0.0.1 port=3306 user=xxUSERxx pass=xxPASSxx dbname=xxDBNAMExx" DBDMin 2 DBDKeep 4 DBDMax 10 DBDExptime 300
Replace "xxUSERxx", "xxPASSxx", and "xxDBNAMExx" with your NATS database username, password, and database name.
Note: For additional security, we suggest creating a separate db user with only the SELECT privilege to the member_auth table.
Turning on mod_authn_dbd
Have your host run the following commands which will activate this module:
a2enmod dbd a2enmod authn_dbd a2enconf dbd_mysql
Adjust Apache Site Configuration file
Once installed and configured, the next step would be to adjust the Apache Site configuration for the site in question. The following code consists of an example providing specific configuration settings for this module for a site:
<Directory /path/to/the/members/section> AuthName "You Must Login" AuthType Basic AuthBasicProvider dbd AuthDBDUserPWQuery "SELECT cryptpass FROM member_auth WHERE username = %s AND siteid = xxSiteidxx" Require valid-user </Directory>
Replace X in "siteid=xxSiteidxx" with the ID number of the site you would like to affect. If you would like to use a single member's area for all of your sites, simply remove "AND siteid=xxSiteidxx" from the line. For more options and information, please see our Multisite Access article.
Authenticating members using their encrypted password
When a member record is created in NATS, we use the crypt function with a random salt to create the cryptpass value. When authenticating members using custom php code, you need to call the php crypt() function using the current cryptpass value as the salt. And if the final result matches the existing cryptpass value, you can conclude the user entered password is correct. Here is an example:
<?php $cryptPass = <encrypted password, get from the db row for the matching username>; $userPass = <unencrypted password, get from the submitted login form>; $newCrypt = crypt($userPass, $cryptPass); if ($cryptPass == $newCrypt) <user is authenticated> else <password is not correct>