»

Dec 20

mod_auth_mysql trixbox

 

You want to password protect the user/maint on your trixbox server?   Give this a shot!!

 

yum install mod_auth_mysql

 

Now, inside /etc/httpd/conf.d/auth_mysql.conf

put the following, or something like it.

 

LoadModule mysql_auth_module modules/mod_auth_mysql.so

<Directory /var/www/html>

    AuthName “Authentication Required”

    AuthType Basic

    AuthMYSQLEnable on

    AuthMySQLUser root

    AuthMySQLPassword passw0rd

    AuthMySQLDB userauth 

    AuthMySQLUserTable users

    AuthMySQLNameField user_name

    AuthMySQLPasswordField user_passwd

    AuthMySQLGroupTable groups

    AuthMySQLGroupField user_group

    require group user

    require valid-user

</Directory>


<Directory /var/www/html/maint>

    AuthName “Authentication Required”

    AuthType Basic

    AuthMYSQLEnable on

    AuthMySQLUser root

    AuthMySQLPassword passw0rd

    AuthMySQLDB userauth

    AuthMySQLUserTable users

    AuthMySQLNameField user_name

    AuthMySQLPasswordField user_passwd

    AuthMySQLGroupTable groups

    AuthMySQLGroupField user_group

    require group admin

</Directory>

 

 

 

Here is the schema for the userauth mysql database.  Copy and paste this into a file called userauth.schema.sql

 

— MySQL dump 10.10


— Host: localhost    Database: userauth

— ——————————————————

— Server version5.0.22


/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;

/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;

/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;

/*!40101 SET NAMES utf8 */;

/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;

/*!40103 SET TIME_ZONE=’+00:00′ */;

/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;

/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;

/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE=’NO_AUTO_VALUE_ON_ZERO’ */;

/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;



— Current Database: `userauth`



CREATE DATABASE /*!32312 IF NOT EXISTS*/ `userauth` /*!40100 DEFAULT CHARACTER SET latin1 */;


USE `userauth`;



— Table structure for table `groups`



DROP TABLE IF EXISTS `groups`;

CREATE TABLE `groups` (

  `user_name` char(30) NOT NULL,

  `user_group` char(20) NOT NULL,

  PRIMARY KEY  (`user_name`,`user_group`)

) ENGINE=MyISAM DEFAULT CHARSET=latin1;



— Table structure for table `users`



DROP TABLE IF EXISTS `users`;

CREATE TABLE `users` (

  `user_name` char(30) NOT NULL,

  `user_passwd` char(20) NOT NULL,

  `extension` int(10) NOT NULL,

  `email` char(50) NOT NULL,

  PRIMARY KEY  (`user_name`)

) ENGINE=MyISAM DEFAULT CHARSET=latin1;

/*!40103 SET [email protected]_TIME_ZONE */;


/*!40101 SET [email protected]_SQL_MODE */;

/*!40014 SET [email protected]_FOREIGN_KEY_CHECKS */;

/*!40014 SET [email protected]_UNIQUE_CHECKS */;

/*!40101 SET [email protected]_CHARACTER_SET_CLIENT */;

/*!40101 SET [email protected]_CHARACTER_SET_RESULTS */;

/*!40101 SET [email protected]_COLLATION_CONNECTION */;

/*!40111 SET [email protected]_SQL_NOTES */;

 

 

Now create the database and import the schema.

mysqladmin -uroot -p create userauth

mysql -uroot -p userauth < userauth.schema.sql

 

Now you need to create some users.  I don’t recommend that you use the older maint/password if your server is facing the internet.  I am going to create a engineertim login that is in both the user and admin group.   For my one user, I will create a separate login called kerry.

login to mysql and use the following commands, replace engineertim and kerry with your own users.

mysql -uroot -p

mysql> use userauth;

INSERT INTO `userauth`.`users` (`user_name` ,`user_passwd` ,`extension` ,`email`) VALUES (‘engineertim’, ENCRYPT(‘letmein’),”,” );


INSERT INTO `userauth`.`users` (`user_name` ,`user_passwd` ,`extension` ,`email`) VALUES (‘kerry’, ENCRYPT(‘letmein’),”,” );


INSERT INTO `groups` VALUES (‘engineertim’,’user’),(‘engineertim’,’admin’),(‘kerry’,’user’);

mysql> exit


You now need to edit the /etc/httpd/conf/httpd.conf and add a comment to the last line that should be a Include.

#Include /etc/trixbox/httpdconf/*


Restart apache for everything to take affect.

service httpd restart


Now try and login to your trixbox with the new username and passwords.  If you have issues, you can remove the comment from httpd.conf, restart apache and use the old login while you debug.  You might also want to use tbm-phpmyadmin.