Monthly Archives: February 2013

Authentication in Apache2.4 using mod_auth_form and mod_dbd (part 1: installation)

Update: There’s a much easier way to install and setup Apache 2.4 with authentication using Vagrant and Puppet. Instructions and working example here.

In this lesson, we’re going to set up authentication for all the resources served by Apache2, including php pages, images, and even REST calls that pass through the apache proxy.

We’re going to use a module called mod_auth_form, which requires Apache2.4.

First things first. Let’s install Apache2.4.
You’ll need 2 pre-requisites though. Download these:
1) apr/apr-util
2) pcre
And of course, download Apache2.4 as well.

Step 1)
Copy the apr and apr-util source downloads into the apache’s srclib folder.
Make sure to remove the version numbers, so apr-1.4.6 becomes apr and apr-util-1.5.1 becomes apr-util

Step 2)
Install pcre. I placed the installation at /usr/local/pcre

./configure --prefix=/usr/local/pcre
make
make install

Step 3)
Install Apache

./configure --prefix=/usr/share/apache2.4 --with-included-apr --with-pcre=/usr/local/pcre --enable-so
make
make install

The “–with-included-apr” directive tells it to look for the apr libraries in the srclib folder (in step 1).
The “–with-pcre” directive tells it where to find the pcre library you just installed (in step 2).
The “–enable-so” directive enables shared modules which will make it easier to set up php later. (You won’t find this suggestion until you try to install php so you’re learning from my mistake.)
The “–enable-session-crypto” directive will allow the username and password to be encrypted when they’re being transferred back and forth between the browser and server.

Step 4)
Configure Apache
a) Add or uncomment the following lines in httpd.conf

LoadModule auth_form_module modules/mod_authn_core.so
LoadModule auth_form_module modules/mod_auth_form.so
LoadModule session_module modules/mod_session.so
LoadModule request_module modules/mod_request.so
LoadModule session_cookie_module modules/mod_session_cookie.so
LoadModule authn_dbd_module modules/mod_authn_dbd.so
LoadModule dbd_module modules/mod_dbd.so

The first 4 lines are to enable mod_auth_form.
The 5th and 6th lines are to use a database to store the user credentials.

b) Add the following lines in httpd.conf

DBDriver mysql
DBDParams "dbname=myDB,user=root,pass=XXX"
DBDMin  4
DBDKeep 8
DBDMax  20
DBDExptime 300
<Location /private>
  AuthFormProvider dbd
  AuthType form
  AuthName private

  Session On
  SessionCookieName session path=/
  SessionCryptoPassphrase secret
  ErrorDocument 401 /login.html

  # mod_authz_core configuration
  Require valid-user

  # mod_authn_dbd SQL query to authenticate a user
  AuthDBDUserPWQuery "SELECT password FROM apache_user WHERE username = %s"
</Location>

What you need to know (and change):
– DBDParams: define your mysql credentials here
– <Location PATH>: The PATH is the url that you want to secure
– ErrorDocument 401: This is the location of the login page where users will be redirected if they’re not logged in yet
– AuthDBDUserPWQuery: This is the mysql query to access the table where the credentials are stored

Step 4x)
I ran into an error when I tried to start up apache. You may not get this as I don’t think this is really what should happen.
Skip this unless you see the following error:

AH00526: Syntax error on line 260 of /usr/share/apache2.4/conf/httpd.conf:
Can't load driver file apr_dbd_mysql.so

When you compiled apr and apr-util, it should have included the needed apr_dbd_mysql.so libraries. This dynamically links to libmysqlclient_r.so libraries. (You can ‘ldd’ the apr_dbd_mysql.so library to see this dynamic link.) However, for whatever reason, my libmysqlclient_r.so could not be located by apache so I had to include its containing folder in LD_LIBRARY_PATH environment variable.
So first, locate your libmysqlclient_r.so file (use unix ‘locate’ command). Mine was in /usr/lib.
Then edit /usr/share/apache2.4/bin/envvars and find where LD_LIBRARY_PATH is set.

if test "x$LD_LIBRARY_PATH" != "x" ; then
  LD_LIBRARY_PATH="/usr/share/apache2.4/lib:$LD_LIBRARY_PATH"
else
  LD_LIBRARY_PATH="/usr/share/apache2.4/lib"
fi

Below where LD_LIBRARY_PATH is set, I added the folder of my libmysqlclient_r.so file

LD_LIBRARY_PATH="/usr/lib:$LD_LIBRARY_PATH"
Tagged , , , , ,

Mockup and Wireframing tools

Here’s a list and comparison of Mockup and Wireframing tools: http://socialcompare.com/en/comparison/mockup-wireframing-design-tools

After a brief look at the list, I decided to give MockupBuilder a try.

I found it very intuitive to use and it provided a ton of mockup capability and widgets. I used balsamiq briefly in the past, and I think this one is better. In about 4 hrs, I was able to mockup in pretty high detail an entire website.

It’s also free (for now).

The only downside was that I needed to use Safari. I wasn’t able to get it to work with Chrome or Firefox on my Mac. I was able to do some drag-and-drop but couldn’t type for some reason.
I think it’s a bit lacking in terms of collaboration and noting comments but I haven’t really explored this a lot.

Tagged ,

Adobe BrowserLab

How many times have you written some javascript code or css stylesheets, and it looks and works great in your browser but sucks ass in another?

Adobe BrowserLab promises that to help you by “Accurately preview web pages across multiple browsers and operating systems, navigate links, and use diagnostic tools to optimize websites efficiently.”

I’ve been meaning to try it out. I’ll come back with more interesting things to say when I do, or maybe you’ll get a chance to use it first and tell me about it…

Tagged ,

Adding new user to vsftpd (ftp in ubuntu)

Step 1)
Add a user with a home directory to the ubuntu server.
Here’s a HowTo.

And in case the content disappears, here it is:

sudo useradd -d /home/newftpuser -m newftpuser
sudo passwd newftpuser

Step 2)
Configure your vsftpd server.
Here’s a HowTo.

Here are the core steps for those too lazy (like me) to click the link above or want to hear my explanation for what each command does.

Edit /etc/vsftpd.conf and add/uncomment the following line:

chroot_list_enable=YES

You only have to do this the first time obviously.
This will allow all system users to browse around the file system except those listed in the /etc/vsftpd.chroot_list (which we’ll modify next).

Create or edit the /etc/vsftpd.chroot_list and add the user:

newftpuser

This will restrict this user’s ftp access to just their home folder at /home/newftpuser.

Step 3)
Restart the vsftpd service.

service vsftpd restart

Make sure all your ftp clients are disconnected from the ftp server or else the service waits till those users are done.

Tagged , ,