Article title: Linux + Apache implements user identity authentication. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
I. Preface
Currently, many websites impose strict restrictions on users' access permissions. users need to provide a "user name/password" to confirm their identity when accessing certain resources. Currently, the most frequently used authentication method is to store the user name and password in a database. when a user wants to access certain restricted resources, to enter the user name and password on a page, the program will compare the user's user name and password with the database's "user name/Password". if the input is correct, the resource will be used normally, otherwise, resource access is denied. However, this authentication method has two major problems. On the one hand, as long as one authentication succeeds, the user can record the link address of the restricted resource, and only need to enter this address during the next access, you can access restricted resources without passing the authentication process. on the other hand, you can right-click the hyperlink of the restricted resource and select "attribute ", you can view the link address of the restricted resource and directly access this address, so that identity authentication cannot achieve the expected effect.
Apache can solve the above problems well. Apache is a software for building WWW websites and runs on Linux, Unix, and Windows operating systems. The following uses Linux as an example to describe how Apache performs user identity authentication.
II. Basic principles
The basic principle of implementing identity authentication in Apache is: after the system administrator starts the identity authentication function, you can add a file with the default name ". htaccess" to the directory to be restricted. When a user accesses resources in this path, a dialog box is displayed, asking the user to enter "user name/Password ". That is to say, its identity authentication function is not manually controlled by the program, but directly controlled by the system. This prevents the user from recording the hyperlink of the resource to be authenticated and will not directly access the resource next time.
There are multiple authentication methods, including the pre-compiled mod-auth module in Apache and the self-built but uncompiled module in Apache, such: mod-auth-dbm module, mod-auth-db module, and mod-auth-msql module. There are also some third-party development modules, such as the mod-auth-MySQL module used in the MySQL database. they can all restrict a group of users or a specific user.
III. implementation
The following describes how to use the mod-auth module and mod-auth-MySQL module. However, no matter which authentication method is used, you must first set Apache as follows:
AccessFileName. htaccess
AllOerride All
(1) the mod-auth module completes identity authentication. it stores the group names, user names, and user passwords that are allowed to access resources in text files. the specific methods are as follows:
1. edit the group file used for authentication: it is mainly used to store the group names and users who can access restricted resources. edit the group file using Vi. htgroup is as follows:
Ptisi: lkch
Stored in the/sur/local/apache/secrets/. htgroup path, where ptisi is the group name and lkch is the username in the group.
2. create a user File: used to store the user name and password in a group
Note: htpasswd is a program provided by Apache to implement the authentication function.-c indicates that a new. htpasswd file is generated. If an old file with the same name exists, the old file is overwritten. The program will ask for the password, type "hello", and then re-confirm the password.
3. edit the. htaccess file in the directory of the resource to be restricted
AuthName "This is a test ″
AuthType Basic
AuthUserFile/usr/local/apache/secrets/. htpasswd
AuthGroupFile/usr/local/apache/secrets/. htgroup
Repuire group ptisi
Note: The require group parameter specifies which groups of users can access authentication resources. in this way, the system will pop up a dialog box when you access the directories of the resources to be authenticated again, enter the "user name/Password ".
(2) the mod-auth-mysql module completes the identity authentication function. as Apache + PHP + MySQL has been regarded by many website builders as a prime combination of small and medium network databases, therefore, mod-auth-mysql is particularly powerful. It stores group names, user names, and user passwords that are allowed to access resources in text files.
1. create a database for authentication
Prompt> mysqladmin create http-auth
2. create a table for authentication and insert a row of data
Add Auth-MySQL-Info [host] [username] [Password] to http. cont.
Username and password are the usernames and passwords of MySQL database users.
4. create a. htaccess file
AuthName "This is a test! ″
AuthType Basic
Auth-MySQL on
Auth-MySQL-Db http-auth
Auth-MySQL-Password-Table mysql-auth
Auth-MySQL-Group-Table mysql-auth
Auth-MySQL-Username-Field username
Auth-MySQL-Password-Field passwd
Auth-MySQL-Group-Field groups
Auth-MySQL-Encryption-Types Plaintext, Crypt-DES, MySQL
The last statement indicates the Password format during authentication, indicating no encryption, DES encryption, and MySQL Password () encryption.
The biggest advantage of this authentication method is that PHP provides a large number of functions for MySQL database operations, which can be easily processed remotely.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.