Apache::AuthzDBI - Authorization via Perl's DBI
# Configuration in httpd.conf or srm.conf: PerlModule Apache::AuthzDBI # Authorization in .htaccess: AuthName DBI AuthType Basic #authorize via DBI PerlAuthzHandler Apache::AuthzDBI PerlSetVar Auth_DBI_data_source dbi:driver:dsn PerlSetVar Auth_DBI_username db_username PerlSetVar Auth_DBI_password db_password #DBI->connect($data_source, $username, $password) PerlSetVar Auth_DBI_grp_table users PerlSetVar Auth_DBI_uid_field username PerlSetVar Auth_DBI_grp_field groupname #SELECT grp_field FROM grp_table WHERE uid_field=$user AND grp_field=$group <Limit GET> require user user_1 user_2 ... require group group_1 group_2 ... </Limit>
The AuthType is limited to Basic. You may use one or more valid require lines. For a single require line with the tokens valid-user or with distinct user names it is sufficient to use only the AuthenDBI module.
This module allows authorization against a database using Perl's DBI. For supported DBI drivers see:
http://www.hermetica.com/technologia/DBI/
When the authorization handler is called, the authentication has already been done. This means, that the given username/password has been validated.
The handler analyzes and processes the requirements line by line. The request is accepted only if all requirement lines are accepted.
In case of one or more user-names, they are compared with the given user-name until the first match. If there is no match and the authoritative directive is set to 'on' the request is rejected.
In case of one or more group-names, for every group the given user is looked up in the database with the constraint, that the user must be a member of this group. If there is no match and the authoritative directive is set to 'on' the request is rejected.
In case of 'valid-user' the request is accepted.
In case the authorization succeeds, the environment variable REMOTE_GROUP is set to the group name, so scripts that are protected by AuthzDBI don't need to bang on the database server again to get the group name.
Auth_DBI_data_source
The data_source value should begin with 'dbi:driver_name:'. This value (with the 'dbi:...:' prefix removed) is passed to the database driver for processing during connect.
Auth_DBI_username
The username argument is passed to the database driver for processing during connect.
Auth_DBI_password
The password argument is passed to the database driver for processing during connect.
Auth_DBI_grp_table
Contains at least the fields with the username and the groupname.
Auth_DBI_uid_field
Field-name containing the username in the Auth_DBI_grp_table.
Auth_DBI_grp_field
Field-name containing the groupname in the Auth_DBI_grp_table.
Auth_DBI_authoritative < on / off>
Default is 'on'. When set 'on', there is no fall-through to other authorization methods if the authorization check fails. When this directive is set to 'off', control is passed on to any other authorization modules. Be sure you know what you are doing when you decide to switch it off.
Auth_DBI_casesensitive < on / off >
Default is 'on'. When set 'off', the entered userid and password is converted to lower case.
The module should be loaded upon startup of the Apache daemon. It needs the AuthenDBI module for the authentication part. Add the following lines to your httpd.conf or srm.conf:
PerlModule Apache::AuthenDBI PerlModule Apache::AuthzDBI
For AuthzDBI you need to enable the appropriate call-back hooks when making mod_perl:
perl Makefile.PL PERL_AUTHEN=1 PERL_AUTHZ=1.
Apache, mod_perl, DBI
mod_perl by Doug MacEachern <dougm@osf.org>
DBI by Tim Bunce <Tim.Bunce@ig.co.uk>
Apache::AuthzDBI by Edmund Mergl <E.Mergl@bawue.de>
The Apache::AuthzDBI module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
4 POD Errors
The following errors were encountered while parsing the POD:
'=item' outside of any '=over'
You forgot a '=back' before '=head1'
To install mod_perl, copy and paste the appropriate command in to your terminal.
cpanm
cpanm mod_perl
CPAN shell
perl -MCPAN -e shell install mod_perl
For more information on module installation, please visit the detailed CPAN module installation guide.