免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
最近访问板块 发新帖
查看: 2979 | 回复: 0

基于 MySQL认证+WebDAV配额 的配置(原创) [复制链接]

论坛徽章:
0
发表于 2006-12-06 17:52 |显示全部楼层
基于 MySQL认证+WebDAV配额 的配置方法:

环境: RedHat Enterprise4.0 + Apache-2.0.59 + MySQL-5.0.27

写出来,大伙分享一下!

1、先到一小日本的网站下载WebDAV模块的补丁包:http://www.geocities.jp/t_sat7/webdav/webdav.html
   请选择与Apache版本相应的patch,这里是非依存版本 webdav-2.0.59-quota-2.3any.txt。这个patch的作用是WebDAV模块能够提供限制配额的功能。

2、安装Apache

    打上补丁先:
  #  cd /path/to/httpd-2.0.59
  #  patch -p2 <  /path/to/webdav-2.0.59-quota-2.3any.txt
   patching file modules/dav/main/mod_dav.c
   patching file modules/dav/main/quotachk.h
   patching file modules/dav/main/quotachk.c
   patching file modules/dav/main/config5.m4
   patching file configure
  
  # ./configure --prefix=/path/to/httpd --enable-so --enable-mods-shared=all
  #  make
  #  make install
  #  make clean
  在httpd.conf中可以找到以下连个动态加载的模块:
  LoadModule dav_module modules/mod_dav.so
  LoadModule dav_fs_module modules/mod_dav_fs.so
  并处于激活状态

然后请注意httpd.conf中的apache用户和组,在这里我是新建立了www用户和组,把user和groupd修改为www(这个用户和组由自己来定).

   建立webdav和test1目录
   #  mkdir -p /data/test/webdav
   #  mkdir -p /data/test/test1
   #  chown -R www:www  /data/test/webdav /data/test/test1
  

3、安装Mysql
   按照tar压缩包里面的INSTALL-SOURCE文件安装即可。

4、安装 mod_auth_mysql-3.0.0 ,下载点 http://sourceforge.net/projects/modauthmysql/
  编译 mod_auth_mysql.c 文件:
  # /path/to/bin/apxs -c -L/path/to/lib/mysql -I/path/to/include/mysql -lmysqlclient -lm -lz mod_auth_mysql.c
    如果没有错误,将会出现以下几个文件:
    mod_auth_mysql.la  mod_auth_mysql.lo  mod_auth_mysql.o  mod_auth_mysql.slo
  
  以DSO模式安装mod_auth_mysql.so模块
  # /path/to/bin/apxs -i mod_auth_mysql.la

     会显示:  1).   Libraries have been installed in:   /path/to/apache/modules
              2).   chmod 755 /path/to/apache/modules/mod_auth_mysql.so

  Next, add the following directive to httpd.conf(把以下指令添加到httpd.conf文件中):
    LoadModule mysql_auth_module modules/mod_auth_mysql.so
  
   这样,mysql_auth_module可以说是整合到Apache中,下面我们来做相关的配置.

5、建立相关的Mysql库和表
   5.1 创建mysql_auth_module专用数据库
   mysql> create database auth_apache;
   
   5.2 创建 user_info表
   mysql> create table user_info (  
       -> user_name CHAR(30) NOT NULL,
       -> user_passwd CHAR(16) NOT NULL,
       -> user_group CHAR(15),
       -> PRIMARY KEY (user_name)
       -> );
      
  插入一条测试记录
  mysql> insert into user_info (user_name,user_passwd,user_group) values ("test","test1","apache");

  5.3 创建apache连接专用用户,我这里命名为apache,只需要select查询权限即可:
  mysql> grant select on auth_apache.* to apache@localhost identified  by 'test';

6. 在Apach配置文件httpd.conf添加一些东西:

   <IfModule mod_dav_fs.c>
    # Location of the WebDAV lock database.
    DAVLockDB /data/test/test1/qing
   </IfModule>

   Alias /webdav /data/test/webdav

   <Location /webdav>
    Dav on
    DAVSATMaxAreaSize 150
    AuthType Basic
    AuthName DAV-AUTH

    AuthMySQLEnable On
    AuthMySQLHost localhost
    AuthMySQLPort 3306
    AuthMySQLSocket /tmp/mysql.socket
    AuthMySQLUser  apache
    AuthMySQLPassword test
    AuthMySQLDB auth_apache
    AuthMySQLUserTable user_info
    AuthMySQLNameField user_name
    AuthMySQLPasswordField user_passwd
    AuthMySQLPwEncryption none
    AuthMySQLAuthoritative On

    <LimitExcept GET OPTIONS>
     Require valid-user
    </LimitExcept>
  </Location>

DAVSATMaxAreaSize 150 : WebDAV的空间限制为150K,以K为单位来计算.
AuthMySQLEnable 类似的指令就不介绍了,详细地请看mod_auth_mysql文件内的CONFIGURE文档,或者访问http://modauthmysql.sourceforge.net .

7.然后通过WebDAV客户端来操作,利用test用户来测试所配置的环境.

8. 如果需要修改成组用户才能访问,那么在httpd.conf中添加:
   AuthMySQLGroupField user_group    ,然后把  " Require valid-user"修改成 "Require group www"即可.
   在这里www组必须是user_info中的user_group字段的值才行.
   然后添加www组用户,测试即可.

9.让我们继续完善这个配置
  9.1 建立group表
   mysql> create table user_group (
    -> user_name char(30) DEFAULT '' NULL,
    -> user_group char(15) DEFAULT '' NULL,
    -> create_date int(10),
    -> exprie_date int(10),
    -> primary key (user_name,user_group)
    -> );
   
   插入一些记录, 表user_info和表user_group 中的user_name,user_group 两个字段保持一致.
  
   把下面的指令httpd.conf中添加在<Location /webdav> 内:
    AuthMySQLGroupTable  user_group
    AuthMySQLGroupField  user_group
  
   然后把  " Require valid-user"修改成 "Require group apache"即可.
   在这里apache组必须是user_group中的user_group字段的值才行.
  
    这样,当有多个表时比较清晰的对组用户访问权限的设置.

  9.2 关于用户密码加密的设置,这里以MD5为例
    由于在先前我们在user_info表中定义的user_passwd只有16个字符的长度,所以需要加长至32位。
   mysql> use auth_apache;
   mysql> describe user_info;
     +-------------+----------+------+-----+---------+-------+
     | Field       | Type     | Null | Key | Default | Extra |
     +-------------+----------+------+-----+---------+-------+
     | user_name   | char(30) | NO   | PRI |         |       |
     | user_passwd | char(16) | NO   |     |         |       |
     | user_group  | char(15) | YES  |     | NULL    |       |
     +-------------+----------+------+-----+---------+-------+
     3 rows in set (0.00 sec)
   
   mysql> alter table user_info change user_passwd user_passwd char(32) NOT NULL;
   mysql> describe user_info;
    +-------------+----------+------+-----+---------+-------+
    | Field       | Type     | Null | Key | Default | Extra |
    +-------------+----------+------+-----+---------+-------+
    | user_name   | char(30) | NO   | PRI |         |       |
    | user_passwd | char(32) | NO   |     |         |       |
    | user_group  | char(15) | YES  |     | NULL    |       |
    +-------------+----------+------+-----+---------+-------+
    3 rows in set (0.01 sec)

     然后我们添加一条记录测试下:
   mysql>  insert into user_info(user_name,user_passwd,user_group) values ("t5",MD5('t5'),"apache");
   mysql>  insert into user_group(user_name,user_passwd) values ("t5","apache");
   
    在httpd.conf 中,把 "AuthMySQLPwEncryption none" 修改为 "AuthMySQLPwEncryption md5".
   # /path/to/bin/apachectl restart
   通过WebDAV客户端可以进行测试了。其实像这样,我们可以通过整合已有的数据库来对WebDAV进行认证。
  
  后记: 如果把 <Location /webdav>这样类似的的放入到虚拟主机中,那么可以取代FTP了。其实WebDAV配合数据库还有其他功能,这里就不详细介绍了。
        顺便附上一些Mod_auth_mysql指令:
   AuthMySQLEnable On | Off
  Whether or not mod_auth_mysql should attempt to authorize the user.
    Off: No authorization will be done by this module
    On:  Attempt to authorize the user

AuthMySQLHost localhost | host_name_or_ip_address
  Identifies the MySQL host.

AuthMySQLPort tcp/ip_port_number
  The tcp/ip port which should be used to access MySQL.  MySQL normally uses
  port 3306, but this can be changed in the MySQL configuration.  See the MySQL
  documentation for more details.
  
AuthMySQLSocket full_path_to_socket_file
  The UNIX socket which should be used to access MySQL host "localhost" on a
  UNIX system.  The default is /tmp/mysql.sock, but this can be changed in the
  MySQL configuration.  See the mySQL documentation for more details.

AuthMySQLUser userid
  The userid to be used to access MySQL.  This user must have SELECT access to
  the appropriate tables.  As the password must be in plain text (see
  AuthMySQLPassword below), it is recommended you use a userid with limited
  privileges (do NOT use "root"!).

AuthMySQLPassword password
  The password for the userid specified in AuthMySQLUser.  An, as the password
  must be in plain text, it is recommended you use a userid with limited
  privileges (do NOT use "root"!).
  
AuthMySQLDB database_name
  The name of the MySQL database containing the authorization information.  On
  systems with case sensitive file systems (i.e. Unix), this field is case
  sensitive.

AuthMySQLUserTable mysql_table_name
  The name of the MySQL table in AuthMySQLDB which contains the userids and
  passwords.  On systems with case sensitive file systems (i.e. Unix), this
  field is case sensitive.

  If this field contains two or more table names, you will need to join the
  tables in the AuthMySQLUserCondition (below).

AuthMySQLUserCondition
  Additional conditions to be placed in the WHERE clause when retrieving user
  information.  Whatever is in this string is appended after an AND condition
  in the SQL statement.

  If two or more tables have been specified in the AuthMySQLUserTable option
  above, this option must contain the information required to join the tables.

AuthMySQLNameField mysql_column_name
  The name of the column in AuthMySQLUserTable which contains the userids to be
  authenticated.  The column must contain unique, non-empty field values.  Its
  length is however long you want it to be.  This value is case sensitive.

  Values in this field are case sensitive ONLY if you define the column as
  binary data (i.e. BINARY, VARBINARY, etc.).  It is NOT case sensitive if the
  column is defined with character data (i.e. CHAR, VARCHAR).  See the MySQL
  documentation for more information.

AuthMySQLPasswordField mysql_column_name
  The name of the column in AuthMySQLUserTable which contains the passwords.
  This value is case sensitive.  It's length may be as long as you want it to
  be for plaintext passwords.  If the password is encrypted, the field must be
  long enough to contain the encrypted data.  See AuthMySQLPwEncryption below.

  Passwords values are case sensitive.

AuthMySQLNoPasswd Off
  No password is required for this resource.

AuthMySQLPwEncryption none | crypt | scrambled | md5 | aes | sha1
  The encryption type used for the passwords in AuthMySQLPasswordField:
    none: not encrypted (plain text)
    crypt: UNIX crypt() encryption
    scrambled: MySQL PASSWORD encryption
    md5: MD5 hashing
    aes: Advanced Encryption Standard (AES) encryption
    sha1: Secure Hash Algorihm (SHA1)

  WARNING: When using aes encryption, the password field MUST be a BLOB type
  (i.e.  TINYBLOB).  MySQL will strip trailing x'20' characters (blanks), EVEN
  IF THE COLUMN TYPE IS BINARY!

AuthMySQLSaltField <> | <string> | mysql_column_name

  Contains information on the salt field to be used for crypt and aes
  encryption methods.  It can contain one of the following:
    <>: password itself is the salt field (use with crypt() only)
    <string>: "string" as the salt field
    mysql_column_name: the salt is take from the mysql_column_name field in the
      same row as the password

  This field is required for aes encryption, optional for crypt encryption.
  It is ignored for all other encryption types.

AuthMySQLGroupTable
  Contains the name of the table with the group information when authorizing by
  groups (Apache option require group).

  As with the AuthMySQLUserTable, you can specify two or more tables in this
  option, in which case you will need to join the tables in the
  AuthMySQLGroupCondition below.  

AuthMySQLGroupCondition
  Additional conditions to be placed in the WHERE clause when retrieving group
  information.  Whatever is in this string is appended after an AND condition
  in the SQL statement.

  If two or more tables have been specified in the AuthMySQLGroupTable option
  above, this option must contain the information required to join the tables.

AuthMySQLGroupField
  This option contains the name of the column containing the group information
  when Apache group authorization is required.  Values in the Apache require group
  option will be matched against the retrieved rows.
   
AuthMySQLKeepAlive
  Indicates whether to keep the connection to MySQL open or close it after each
  request.  Keeping the connection open can improve performance at the cost of
  the resources necessary to maintain the connection.  If this is Off, the connection
  will be closed after each request.  

  Currently, only one connection to the server can have AuthMySQLKeepAlive on.  

  Note: This parameter currently does not work with Apache 2.x and is ignored.
  We are aware of the bug.

AuthMySQLAuthoritative
  Used to indicate if other modules should be called when mod_auth_mysql is not
  able to authorize the user.  If this is On, no other modules will be called
  and the request will fail.  If this is off, Apache will attempt to use
  mod_auth and/or any other active modules to authorize the user.

AuthMySQLCharacterSet
  Used to override the default characterset for the connection.  This
  parameter must specify a valid character set in MySQL.  It is generally
  required only in MySQL 4.1 and above, where the characterset encoding
  for the tables being used is different that the default specified in
  the MySQL configuration.
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP