=============================================================================
LNF NOTES:
=============================================================================

MODULE_USAGE:
-------------
To be able to use the mod_myauth module you need to enable it in your 
httpd.conf of course. E.g.:

LoadModule myauth_module modules/mod_myauth.so


MD5Base64 encoding
------------------
MD5Base64 encoding is a LNF addition to the myauth package, to have
a database and OS independ encryption available.

  With openssl one would say:
        echo -n "$msg" | openssl dgst -md5 -binary | openssl base64

  In java one could do:
        import java.security.MessageDigest;
        import sun.misc.BASE64Encoder;
        ...
        public String md5base64(String msg) {
            byte[] hash = java.security.MessageDigest.getInstance("MD5")
                .digest(msg.getBytes());
            BASE64Encoder encoder = new BASE64Encoder();
            return encoder.encode(hash);
        }
        ...

  In the JBoss Application Server one could use:
    java -classpath ./jbosssx.jar org.jboss.security.Base64Encoder j2ee MD5

    or in the server/*/conf/login-config.xml file:

    <application-policy name="secured-app">
        <authentication>
        <login-module
            code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
            flag="required">
            <module-option name="dsJndiName">java:/MySqlDS</module-option>
            <module-option name="principalsQuery">
                SELECT password FROM users WHERE uname=?
            </module-option>
            <module-option name="hashAlgorithm">MD5</module-option>
            <module-option name="hashEncoding">base64</module-option>
            <module-option name="rolesQuery">
                SELECT gname,'Roles' FROM groups WHERE uname=?
            </module-option>
        </login-module>
        </authentication>
    </application-policy>

DB setup:
---------
mysql -u root -p
CREATE DATABASE jboss;
GRANT ALL PRIVILEGES ON jboss.* TO jboss@localhost IDENTIFIED BY 'jboss$1';
FLUSH PRIVILEGES;
USE jboss;
CREATE TABLE users (
    uname  VARCHAR(64) NOT NULL PRIMARY KEY,
    passwd VARCHAR(64) NOT NULL
) Type=InnoDB;
CREATE TABLE groups (
    gname VARCHAR(32) NOT NULL,
    uname VARCHAR(64) NOT NULL,
    PRIMARY KEY (gname,uname)
) Type=InnoDB;
# echo -n "masterpass" | openssl dgst -md5 -binary | openssl base64
# => 'qx5cuHvKgotUpKJMKzfqjw=='
INSERT INTO users VALUES('master','qx5cuHvKgotUpKJMKzfqjw==');
INSERT INTO groups VALUES('admin','master');
COMMIT;

Apache config:
--------------
<Directory "/opt/www/sites/www.spass.de/htdocs/schmutzigeWitze">
#   SSLRequireSSL
#   SSLOptions OptRenegotiate
    AuthName "Restricted Applications"
    AuthType Basic
    MyAuthHost      localhost
    MyAuthPort      3306
    MyAuthDB        jboss
    MyAuthDBUser    jboss
    MyAuthDBPassw   "masterpass"
    MyAuthUserTable     users
    MyAuthGroupTable    groups
    MyAuthUserField     uname
    MyAuthPasswordField passwd
    MyAuthGroupField    gname
    MyAuthEncryption    MD5Base64
    require group admin
    AllowOverride AuthConfig Limit
#   Order Allow,Deny
#
#   Allow from 127.0.0.1/32 192.168.1.0/24 
#   Deny from all
</Directory>