Linux + Apache for user identity authentication

Source: Internet
Author: User
Article title: Linux + Apache implements user identity authentication. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
I. Preface
  
Currently, many websites impose strict restrictions on users' access permissions. users need to provide a "user name/password" to confirm their identity when accessing certain resources. Currently, the most frequently used authentication method is to store the user name and password in a database. when a user wants to access certain restricted resources, to enter the user name and password on a page, the program will compare the user's user name and password with the database's "user name/Password". if the input is correct, the resource will be used normally, otherwise, resource access is denied. However, this authentication method has two major problems. On the one hand, as long as one authentication succeeds, the user can record the link address of the restricted resource, and only need to enter this address during the next access, you can access restricted resources without passing the authentication process. on the other hand, you can right-click the hyperlink of the restricted resource and select "attribute ", you can view the link address of the restricted resource and directly access this address, so that identity authentication cannot achieve the expected effect.
  
Apache can solve the above problems well. Apache is a software for building WWW websites and runs on Linux, Unix, and Windows operating systems. The following uses Linux as an example to describe how Apache performs user identity authentication.
  
II. Basic principles
  
The basic principle of implementing identity authentication in Apache is: after the system administrator starts the identity authentication function, you can add a file with the default name ". htaccess" to the directory to be restricted. When a user accesses resources in this path, a dialog box is displayed, asking the user to enter "user name/Password ". That is to say, its identity authentication function is not manually controlled by the program, but directly controlled by the system. This prevents the user from recording the hyperlink of the resource to be authenticated and will not directly access the resource next time.
  
There are multiple authentication methods, including the pre-compiled mod-auth module in Apache and the self-built but uncompiled module in Apache, such: mod-auth-dbm module, mod-auth-db module, and mod-auth-msql module. There are also some third-party development modules, such as the mod-auth-MySQL module used in the MySQL database. they can all restrict a group of users or a specific user.
  
III. implementation
  
The following describes how to use the mod-auth module and mod-auth-MySQL module. However, no matter which authentication method is used, you must first set Apache as follows:
  
AccessFileName. htaccess
  
AllOerride All
  
(1) the mod-auth module completes identity authentication. it stores the group names, user names, and user passwords that are allowed to access resources in text files. the specific methods are as follows:
  
1. edit the group file used for authentication: it is mainly used to store the group names and users who can access restricted resources. edit the group file using Vi. htgroup is as follows:
  
Ptisi: lkch
  
Stored in the/sur/local/apache/secrets/. htgroup path, where ptisi is the group name and lkch is the username in the group.
  
2. create a user File: used to store the user name and password in a group
  
Htpasswd-c/usr/local/apache/secrets/. htpasswd lkch
  
Note: htpasswd is a program provided by Apache to implement the authentication function.-c indicates that a new. htpasswd file is generated. If an old file with the same name exists, the old file is overwritten. The program will ask for the password, type "hello", and then re-confirm the password.
  
3. edit the. htaccess file in the directory of the resource to be restricted
  
AuthName "This is a test ″
  
AuthType Basic
  
AuthUserFile/usr/local/apache/secrets/. htpasswd
  
AuthGroupFile/usr/local/apache/secrets/. htgroup
  
Repuire group ptisi
  
Note: The require group parameter specifies which groups of users can access authentication resources. in this way, the system will pop up a dialog box when you access the directories of the resources to be authenticated again, enter the "user name/Password ".
  
(2) the mod-auth-mysql module completes the identity authentication function. as Apache + PHP + MySQL has been regarded by many website builders as a prime combination of small and medium network databases, therefore, mod-auth-mysql is particularly powerful. It stores group names, user names, and user passwords that are allowed to access resources in text files.
  
1. create a database for authentication
  
Prompt> mysqladmin create http-auth
  
2. create a table for authentication and insert a row of data
  
Prompt> mysql http-auth
  
Mysql> create table mysql-auth (
  
-> Sername char (25) not null,
  
-> Passwd char (25 ),
  
-> Groups char (25 ),
  
-> Primary key (usrname)
  
-> -〉);
  
Mysql> insert mysql-auth (username, passwd, groups)
  
-> Values ("lkch", PASSWD ("hello"), "ptisi ″);
  
3. configure Apache
  
Add Auth-MySQL-Info [host] [username] [Password] to http. cont.
  
Username and password are the usernames and passwords of MySQL database users.
  
4. create a. htaccess file
  
AuthName "This is a test! ″
  
AuthType Basic
  
Auth-MySQL on
  
Auth-MySQL-Db http-auth
  
Auth-MySQL-Password-Table mysql-auth
  
Auth-MySQL-Group-Table mysql-auth
  
Auth-MySQL-Username-Field username
  
Auth-MySQL-Password-Field passwd
  
Auth-MySQL-Group-Field groups
  
Auth-MySQL-Encryption-Types Plaintext, Crypt-DES, MySQL
  
The last statement indicates the Password format during authentication, indicating no encryption, DES encryption, and MySQL Password () encryption.
  
The biggest advantage of this authentication method is that PHP provides a large number of functions for MySQL database operations, which can be easily processed remotely.
  

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.