-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathREADME
133 lines (86 loc) · 4.75 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
+----------------------------------------------------------------------+
| mod_authnz_ibmdb2 README |
+----------------------------------------------------------------------+
| Author: Helmut K. C. Tessarek |
+----------------------------------------------------------------------+
| Website: http://tessus.github.io/mod_authnz_ibmdb2 |
+----------------------------------------------------------------------+
1) Install
2) Description of the module
+----------------------------------------------------------------------+
| 1. Install |
+----------------------------------------------------------------------+
see INSTALL
+----------------------------------------------------------------------+
| 2. Description of the module |
+----------------------------------------------------------------------+
mod_authnz_ibmdb2 is an Apache authentication module using IBM DB2 as the backend database for
storing user and group information.
Here is a list of the new directives that come with the module:
AuthIBMDB2Database database name (no default)
AuthIBMDB2Hostname database server hostname for uncataloged databases (no default)
AuthIBMDB2Portnumber database instance port (default: 50000)
AuthIBMDB2User user for connecting to the DB2 database (no default)
AuthIBMDB2Password password for connecting to the DB2 database (no default)
AuthIBMDB2UserTable name of the user table (no default)
AuthIBMDB2GroupTable name of the group table (no default)
AuthIBMDB2NameField name of the user field within the table (default: username)
AuthIBMDB2GroupField name of the group field within the table (default: groupname)
AuthIBMDB2PasswordField name of the password field within the table (default: password)
AuthIBMDB2CryptedPasswords passwords are stored encrypted (default: yes)
AuthIBMDB2KeepAlive connection kept open across requests (default: yes)
AuthIBMDB2Authoritative lookup is authoritative (default: yes)
AuthIBMDB2NoPasswd just check, if user is in usertable (default: no)
AuthIBMDB2UserCondition restrict result set (no default)
AuthIBMDB2GroupCondition restrict result set (no default)
AuthIBMDB2UserProc stored procedure for user authentication (no default)
AuthIBMDB2GroupProc stored procedure for group authentication (no default)
AuthIBMDB2Caching user credentials are cached (default: off)
AuthIBMDB2GroupCaching group information is cached (default: off)
AuthIBMDB2CacheFile path to cache file (default: /tmp/auth_cred_cache)
AuthIBMDB2CacheLifetime cache lifetime in seconds (default: 300)
Example how to use the module in the httpd.conf:
<Directory "/var/www/my_test_dir">
AuthName "DB2 Authentication"
AuthType Basic
AuthBasicProvider ibmdb2
AuthIBMDB2User db2inst1
AuthIBMDB2Password ibmdb2
AuthIBMDB2Database auth
AuthIBMDB2UserTable web.users
AuthIBMDB2NameField username
AuthIBMDB2PasswordField passwd
AuthIBMDB2CryptedPasswords On
AuthIBMDB2KeepAlive On
AuthIBMDB2Authoritative On
AuthIBMDB2NoPasswd Off
AuthIBMDB2GroupTable web.groups
AuthIBMDB2GroupField groupname
#require valid-user
require group admin
AllowOverride None
</Directory>
or
<Directory "/var/www/my_test_dir">
AuthName "DB2 Authentication"
AuthType Basic
AuthBasicProvider ibmdb2
AuthIBMDB2User db2inst1
AuthIBMDB2Password ibmdb2
AuthIBMDB2Database auth
AuthIBMDB2UserProc user_sp
AuthIBMDB2GroupProc group_sp
AuthIBMDB2Caching On
AuthIBMDB2GroupCaching On
require group admin
AllowOverride None
</Directory>
where the stored procedures must have the following parameter format:
CREATE PROCEDURE user_sp ( IN VARCHAR, OUT VARCHAR )
CREATE PROCEDURE group_sp ( IN VARCHAR )
The stored procedure for user authentication must return exactly one value -
the password. If AuthIBMDB2NoPasswd is set to yes, then the username has
to be returned instead of the password.
The stored procedure for group authentication must return an open cursor
to the resultset.
Two examples for stored procedures are given in the documentation.