| |
问题:基于 MySQL认证+WebDAV配额 的配置(原创) 详述:基于 MySQL认证+WebDAV配额 的配置方法:环境: RedHat Enterprise4.0 + Apache-2.0.59 + MySQL-5.0.27写出来,大伙分享一下!1、
最佳答案:基于 MySQL认证+WebDAV配额 的配置方法:
环境: RedHat Enterprise4.0 + Apache-2.0.59 + MySQL-5.0.27
写出来,大伙分享一下!
1、先到一小日本的网站下载WebDAV模块的补丁包:[url]http://www.geocities.jp/t_sat7/webdav/webdav.html[/url]
请选择与Apache版本相应的patch,这里是非依存版本 webdav-2.0.59-quota-2.3any.txt。这个patch的作用是WebDAV模块能够提供限制配额的功能。
2、安装Apache
打上补丁先:
# cd /path/to/httpd-2.0.59
# patch -p2 < /path/to/webdav-2.0.59-quota-2.3any.txt
patching file modules/dav/main/mod_dav.c
patching file modules/dav/main/quotachk.h
patching file modules/dav/main/quotachk.c
patching file modules/dav/main/config5.m4
patching file configure
# ./configure --prefix=/path/to/httpd --enable-so --enable-mods-shared=all
# make
# make install
# make clean
在httpd.conf中可以找到以下连个动态加载的模块:
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
并处于激活状态
然后请注意httpd.conf中的apache用户和组,在这里我是新建立了www用户和组,把user和groupd修改为www(这个用户和组由自己来定).
建立webdav和test1目录
# mkdir -p /data/test/webdav
# mkdir -p /data/test/test1
# chown -R www:www /data/test/webdav /data/test/test1
3、安装Mysql
按照tar压缩包里面的INSTALL-SOURCE文件安装即可。
4、安装 mod_auth_mysql-3.0.0 ,下载点 [url]http://sourceforge.net/projects/modauthmysql/[/url]
编译 mod_auth_mysql.c 文件:
# /path/to/bin/apxs -c -L/path/to/lib/mysql -I/path/to/include/mysql -lmysqlclient -lm -lz mod_auth_mysql.c
如果没有错误,将会出现以下几个文件:
mod_auth_mysql.la mod_auth_mysql.lo mod_auth_mysql.o mod_auth_mysql.slo
以DSO模式安装mod_auth_mysql.so模块
# /path/to/bin/apxs -i mod_auth_mysql.la
会显示: 1). Libraries have been installed in: /path/to/apache/modules
2). chmod 755 /path/to/apache/modules/mod_auth_mysql.so
Next, add the following directive to httpd.conf(把以下指令添加到httpd.conf文件中):
LoadModule mysql_auth_module modules/mod_auth_mysql.so
这样,mysql_auth_module可以说是整合到Apache中,下面我们来做相关的配置.
5、建立相关的Mysql库和表
5.1 创建mysql_auth_module专用数据库
mysql> create database auth_apache;
5.2 创建 user_info表
mysql> create table user_info (
-> user_name CHAR(30) NOT NULL,
-> user_passwd CHAR(16) NOT NULL,
-> user_group CHAR(15),
-> PRIMARY KEY (user_name)
-> );
插入一条测试记录
mysql> insert into user_info (user_name,user_passwd,user_group) values ("test","test1","apache");
5.3 创建apache连接专用用户,我这里命名为apache,只需要select查询权限即可:
mysql> grant select on auth_apache.* to apache@localhost identified by \'test\';
6. 在Apach配置文件httpd.conf添加一些东西:
# Location of the WebDAV lock database.
DAVLockDB /data/test/test1/qing
Alias /webdav /data/test/webdav
Dav on
DAVSATMaxAreaSize 150
AuthType Basic
AuthName DAV-AUTH
AuthMySQLEnable On
AuthMySQLHost localhost
AuthMySQLPort 3306
AuthMySQLSocket /tmp/mysql.socket
AuthMySQLUser apache
AuthMySQLPassword test
AuthMySQLDB auth_apache
AuthMySQLUserTable user_info
AuthMySQLNameField user_name
AuthMySQLPasswordField user_passwd
AuthMySQLPwEncryption none
AuthMySQLAuthoritative On
Require valid-user
DAVSATMaxAreaSize 150 : WebDAV的空间限制为150K,以K为单位来计算.
AuthMySQLEnable 类似的指令就不介绍了,详细地请看mod_auth_mysql文件内的CONFIGURE文档,或者访问[url]http://modauthmysql.sourceforge.net[/url] .
7.然后通过WebDAV客户端来操作,利用test用户来测试所配置的环境.
8. 如果需要修改成组用户才能访问,那么在httpd.conf中添加:
AuthMySQLGroupField user_group ,然后把 " Require valid-user"修改成 "Require group www"即可.
在这里www组必须是user_info中的user_group字段的值才行.
然后添加www组用户,测试即可.
9.让我们继续完善这个配置
9.1 建立group表
mysql> create table user_group (
-> user_name char(30) DEFAULT \'\' NULL,
-> user_group char(15) DEFAULT \'\' NULL,
-> create_date int(10),
-> exprie_date int(10),
-> primary key (user_name,user_group)
-> );
插入一些记录, 表user_info和表user_group 中的user_name,user_group 两个字段保持一致.
把下面的指令httpd.conf中添加在 内:
AuthMySQLGroupTable user_group
AuthMySQLGroupField user_group
然后把 " Require valid-user"修改成 "Require group apache"即可.
在这里apache组必须是user_group中的user_group字段的值才行.
这样,当有多个表时比较清晰的对组用户访问权限的设置.
9.2 关于用户密码加密的设置,这里以MD5为例
由于在先前我们在user_info表中定义的user_passwd只有16个字符的长度,所以需要加长至32位。
mysql> use auth_apache;
mysql> describe user_info;
+-------------+----------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------+----------+------+-----+---------+-------+
| user_name | char(30) | NO | PRI | | |
| user_passwd | char(16) | NO | | | |
| user_group | char(15) | YES | | NULL | |
+-------------+----------+------+-----+---------+-------+
3 rows in set (0.00 sec)
mysql> alter table user_info change user_passwd user_passwd char(32) NOT NULL;
mysql> describe user_info;
+-------------+----------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------------+----------+------+-----+---------+-------+
| user_name | char(30) | NO | PRI | | |
| user_passwd | char(32) | NO | | | |
| user_group | char(15) | YES | | NULL | |
+-------------+----------+------+-----+---------+-------+
3 rows in set (0.01 sec)
然后我们添加一条记录测试下:
mysql> insert into user_info(user_name,user_passwd,user_group) values ("t5",MD5(\'t5\'),"apache");
mysql> insert into user_group(user_name,user_passwd) values ("t5","apache");
在httpd.conf 中,把 "AuthMySQLPwEncryption none" 修改为 "AuthMySQLPwEncryption md5".
# /path/to/bin/apachectl restart
通过WebDAV客户端可以进行测试了。其实像这样,我们可以通过整合已有的数据库来对WebDAV进行认证。
后记: 如果把 这样类似的的放入到虚拟主机中,那么可以取代FTP了。其实WebDAV配合数据库还有其他功能,这里就不详细介绍了。
顺便附上一些Mod_auth_mysql指令:
AuthMySQLEnable On | Off
Whether or not mod_auth_mysql should attempt to authorize the user.
Off: No authorization will be done by this module
On: Attempt to authorize the user
AuthMySQLHost localhost | host_name_or_ip_address
Identifies the MySQL host.
AuthMySQLPort tcp/ip_port_number
The tcp/ip port which should be used to access MySQL. MySQL normally uses
port 3306, but this can be changed in the MySQL configuration. See the MySQL
documentation for more details.
AuthMySQLSocket full_path_to_socket_file
The UNIX socket which should be used to access MySQL host "localhost" on a
UNIX system. The default is /tmp/mysql.sock, but this can be changed in the
MySQL configuration. See the mySQL documentation for more details.
AuthMySQLUser userid
The userid to be used to access MySQL. This user must have select access to
the appropriate tables. As the password must be in plain text (see
AuthMySQLPassword below), it is recommended you use a userid with limited
privileges (do NOT use "root"!).
AuthMySQLPassword password
The password for the userid specified in AuthMySQLUser. An, as the password
must be in plain text, it is recommended you use a userid with limited
privileges (do NOT use "root"!).
AuthMySQLDB database_name
The name of the MySQL database containing the authorization information. On
systems with case sensitive file systems (i.e. Unix), this field is case
sensitive.
AuthMySQLUserTable mysql_table_name
The name of the MySQL table in AuthMySQLDB which contains the userids and
passwords. On systems with case sensitive file systems (i.e. Unix), this
field is case sensitive.
If this field contains two or more table names, you will need to join the
tables in the AuthMySQLUserCondition (below).
AuthMySQLUserCondition
Additional conditions to be placed in the WHERE clause when retrieving user
information. Whatever is in this string is appended after an and condition
in the SQL statement.
If two or more tables have been specified in the AuthMySQLUserTable option
above, this option must contain the information required to join the tables.
AuthMySQLNameField mysql_column_name
The name of the column in AuthMySQLUserTable which contains the userids to be
authenticated. The column must contain unique, non-empty field values. Its
length is however long you want it to be. This value is case sensitive.
Values in this field are case sensitive ONLY if you define the column as
binary data (i.e. BINARY, VARBINARY, etc.). It is NOT case sensitive if the
column is defined with character data (i.e. CHAR, VARCHAR). See the MySQL
documentation for more information.
AuthMySQLPasswordField mysql_column_name
The name of the column in AuthMySQLUserTable which contains the passwords.
This value is case sensitive. It\'s length may be as long as you want it to
be for plaintext passwords. If the password is encrypted, the field must be
long enough to contain the encrypted data. See AuthMySQLPwEncryption below.
Passwords values are case sensitive.
AuthMySQLNoPasswd Off
No password is required for this resource.
AuthMySQLPwEncryption none | crypt | scrambled | md5 | aes | sha1
The encryption type used for the passwords in AuthMySQLPasswordField:
none: not encrypted (plain text)
crypt: UNIX crypt() encryption
scrambled: MySQL PASSWORD encryption
md5: MD5 hashing
aes: Advanced Encryption Standard (AES) encryption
sha1: Secure Hash Algorihm (SHA1)
WARNING: When using aes encryption, the password field MUST be a BLOB type
(i.e. TINYBLOB). MySQL will strip trailing x\'20\' characters (blanks), EVEN
IF THE COLUMN TYPE IS BINARY!
AuthMySQLSaltField | | mysql_column_name
Contains information on the salt field to be used for crypt and aes
encryption methods. It can contain one of the following:
: password itself is the salt field (use with crypt() only)
: "string" as the salt field
mysql_column_name: the salt is take from the mysql_column_name field in the
same row as the password
This field is required for aes encryption, optional for crypt encryption.
It is ignored for all other encryption types.
AuthMySQLGroupTable
Contains the name of the table with the group information when authorizing by
groups (Apache option require group).
As with the AuthMySQLUserTable, you can specify two or more tables in this
option, in which case you will need to join the tables in the
AuthMySQLGroupCondition below.
AuthMySQLGroupCondition
Additional conditions to be placed in the WHERE clause when retrieving group
information. Whatever is in this string is appended after an and condition
in the SQL statement.
If two or more tables have been specified in the AuthMySQLGroupTable option
above, this option must contain the information required to join the tables.
AuthMySQLGroupField
This option contains the name of the column containing the group information
when Apache group authorization is required. Values in the Apache require group
option will be matched against the retrieved rows.
AuthMySQLKeepAlive
Indicates whether to keep the connection to MySQL open or close it after each
request. Keeping the connection open can improve performance at the cost of
the resources necessary to maintain the connection. If this is Off, the connection
will be closed after each request.
Currently, only one connection to the server can have AuthMySQLKeepAlive on.
Note: This parameter currently does not work with Apache 2.x and is ignored.
We are aware of the bug.
AuthMySQLAuthoritative
Used to indicate if other modules should be called when mod_auth_mysql is not
able to authorize the user. If this is On, no other modules will be called
and the request will fail. If this is off, Apache will attempt to use
mod_auth and/or any other active modules to authorize the user.
AuthMySQLCharacterSet
Used to override the default characterset for the connection. This
parameter must specify a valid character set in MySQL. It is generally
required only in MySQL 4.1 and above, where the characterset encoding
for the tables being used is different that the default specified in
the MySQL configuration. |
| 网签地址:http://www.ainsel.cn/Linux_qiye/13980.html |
|
| |
我的简介 |
| |
|
|
|
|
|
| |
|
|
|
| << |
< 七月 2010 |
|
| 日 |
一 |
二 |
三 |
四 |
五 |
六 |
| |
|
|
|
1 |
2 |
3 |
| 4 |
5 |
6 |
7 |
8 |
9 |
10 |
| 11 |
12 |
13 |
14 |
15 |
16 |
17 |
| 18 |
19 |
20 |
21 |
22 |
23 |
24 |
| 25 |
26 |
27 |
28 |
29 |
30 |
31 |
|
|
|
|
|
|
|
|
|
|
|
RSS 0.90
1563