=============================================================================
LNF NOTES:
=============================================================================
MODULE_USAGE:
-------------
To be able to use the mod_myauth module you need to enable it in your
httpd.conf of course. E.g.:
LoadModule myauth_module modules/mod_myauth.so
MD5Base64 encoding
------------------
MD5Base64 encoding is a LNF addition to the myauth package, to have
a database and OS independ encryption available.
With openssl one would say:
echo -n "$msg" | openssl dgst -md5 -binary | openssl base64
In java one could do:
import java.security.MessageDigest;
import sun.misc.BASE64Encoder;
...
public String md5base64(String msg) {
byte[] hash = java.security.MessageDigest.getInstance("MD5")
.digest(msg.getBytes());
BASE64Encoder encoder = new BASE64Encoder();
return encoder.encode(hash);
}
...
In the JBoss Application Server one could use:
java -classpath ./jbosssx.jar org.jboss.security.Base64Encoder j2ee MD5
or in the server/*/conf/login-config.xml file:
java:/MySqlDS
SELECT password FROM users WHERE uname=?
MD5
base64
SELECT gname,'Roles' FROM groups WHERE uname=?
DB setup:
---------
mysql -u root -p
CREATE DATABASE jboss;
GRANT ALL PRIVILEGES ON jboss.* TO jboss@localhost IDENTIFIED BY 'jboss$1';
FLUSH PRIVILEGES;
USE jboss;
CREATE TABLE users (
uname VARCHAR(64) NOT NULL PRIMARY KEY,
passwd VARCHAR(64) NOT NULL
) Type=InnoDB;
CREATE TABLE groups (
gname VARCHAR(32) NOT NULL,
uname VARCHAR(64) NOT NULL,
PRIMARY KEY (gname,uname)
) Type=InnoDB;
# echo -n "masterpass" | openssl dgst -md5 -binary | openssl base64
# => 'qx5cuHvKgotUpKJMKzfqjw=='
INSERT INTO users VALUES('master','qx5cuHvKgotUpKJMKzfqjw==');
INSERT INTO groups VALUES('admin','master');
COMMIT;
Apache config:
--------------
# SSLRequireSSL
# SSLOptions OptRenegotiate
AuthName "Restricted Applications"
AuthType Basic
MyAuthHost localhost
MyAuthPort 3306
MyAuthDB jboss
MyAuthDBUser jboss
MyAuthDBPassw "masterpass"
MyAuthUserTable users
MyAuthGroupTable groups
MyAuthUserField uname
MyAuthPasswordField passwd
MyAuthGroupField gname
MyAuthEncryption MD5Base64
require group admin
AllowOverride AuthConfig Limit
# Order Allow,Deny
#
# Allow from 127.0.0.1/32 192.168.1.0/24
# Deny from all