Authentication in Apache2.4 using mod_auth_form and mod_dbd (part 1: installation)

Update: There’s a much easier way to install and setup Apache 2.4 with authentication using Vagrant and Puppet. Instructions and working example here.

In this lesson, we’re going to set up authentication for all the resources served by Apache2, including php pages, images, and even REST calls that pass through the apache proxy.

We’re going to use a module called mod_auth_form, which requires Apache2.4.

First things first. Let’s install Apache2.4.
You’ll need 2 pre-requisites though. Download these:
1) apr/apr-util
2) pcre
And of course, download Apache2.4 as well.

Step 1)
Copy the apr and apr-util source downloads into the apache’s srclib folder.
Make sure to remove the version numbers, so apr-1.4.6 becomes apr and apr-util-1.5.1 becomes apr-util

Step 2)
Install pcre. I placed the installation at /usr/local/pcre

./configure --prefix=/usr/local/pcre
make
make install

Step 3)
Install Apache

./configure --prefix=/usr/share/apache2.4 --with-included-apr --with-pcre=/usr/local/pcre --enable-so
make
make install

The “–with-included-apr” directive tells it to look for the apr libraries in the srclib folder (in step 1).
The “–with-pcre” directive tells it where to find the pcre library you just installed (in step 2).
The “–enable-so” directive enables shared modules which will make it easier to set up php later. (You won’t find this suggestion until you try to install php so you’re learning from my mistake.)
The “–enable-session-crypto” directive will allow the username and password to be encrypted when they’re being transferred back and forth between the browser and server.

Step 4)
Configure Apache
a) Add or uncomment the following lines in httpd.conf

LoadModule auth_form_module modules/mod_authn_core.so
LoadModule auth_form_module modules/mod_auth_form.so
LoadModule session_module modules/mod_session.so
LoadModule request_module modules/mod_request.so
LoadModule session_cookie_module modules/mod_session_cookie.so
LoadModule authn_dbd_module modules/mod_authn_dbd.so
LoadModule dbd_module modules/mod_dbd.so

The first 4 lines are to enable mod_auth_form.
The 5th and 6th lines are to use a database to store the user credentials.

b) Add the following lines in httpd.conf

DBDriver mysql
DBDParams "dbname=myDB,user=root,pass=XXX"
DBDMin  4
DBDKeep 8
DBDMax  20
DBDExptime 300
<Location /private>
  AuthFormProvider dbd
  AuthType form
  AuthName private

  Session On
  SessionCookieName session path=/
  SessionCryptoPassphrase secret
  ErrorDocument 401 /login.html

  # mod_authz_core configuration
  Require valid-user

  # mod_authn_dbd SQL query to authenticate a user
  AuthDBDUserPWQuery "SELECT password FROM apache_user WHERE username = %s"
</Location>

What you need to know (and change):
– DBDParams: define your mysql credentials here
– <Location PATH>: The PATH is the url that you want to secure
– ErrorDocument 401: This is the location of the login page where users will be redirected if they’re not logged in yet
– AuthDBDUserPWQuery: This is the mysql query to access the table where the credentials are stored

Step 4x)
I ran into an error when I tried to start up apache. You may not get this as I don’t think this is really what should happen.
Skip this unless you see the following error:

AH00526: Syntax error on line 260 of /usr/share/apache2.4/conf/httpd.conf:
Can't load driver file apr_dbd_mysql.so

When you compiled apr and apr-util, it should have included the needed apr_dbd_mysql.so libraries. This dynamically links to libmysqlclient_r.so libraries. (You can ‘ldd’ the apr_dbd_mysql.so library to see this dynamic link.) However, for whatever reason, my libmysqlclient_r.so could not be located by apache so I had to include its containing folder in LD_LIBRARY_PATH environment variable.
So first, locate your libmysqlclient_r.so file (use unix ‘locate’ command). Mine was in /usr/lib.
Then edit /usr/share/apache2.4/bin/envvars and find where LD_LIBRARY_PATH is set.

if test "x$LD_LIBRARY_PATH" != "x" ; then
  LD_LIBRARY_PATH="/usr/share/apache2.4/lib:$LD_LIBRARY_PATH"
else
  LD_LIBRARY_PATH="/usr/share/apache2.4/lib"
fi

Below where LD_LIBRARY_PATH is set, I added the folder of my libmysqlclient_r.so file

LD_LIBRARY_PATH="/usr/lib:$LD_LIBRARY_PATH"
Advertisements
Tagged , , , , ,

2 thoughts on “Authentication in Apache2.4 using mod_auth_form and mod_dbd (part 1: installation)

  1. […] time ago, I detailed in horrific detail how to build and set up Apache 2.4 in Ubuntu 12: part I and part II. It worked but it was a […]

  2. Thomas says:

    Hi, nice tutorial but i got this error apache :
    “AuthUserFile not specified in the configuration”

    But i don’t need any file because i have users password in database, right ?
    How i can solve that ?
    Thanks a lot !

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: