Linux + Apache for user identity authentication

Article title: Linux + Apache implements user identity authentication. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
I. Preface
　　
Currently, many websites impose strict restrictions on users' access permissions. users need to provide a "user name/password" to confirm their identity when accessing certain resources. Currently, the most frequently used authentication method is to store the user name and password in a database. when a user wants to access certain restricted resources, to enter the user name and password on a page, the program will compare the user's user name and password with the database's "user name/Password". if the input is correct, the resource will be used normally, otherwise, resource access is denied. However, this authentication method has two major problems. On the one hand, as long as one authentication succeeds, the user can record the link address of the restricted resource, and only need to enter this address during the next access, you can access restricted resources without passing the authentication process. on the other hand, you can right-click the hyperlink of the restricted resource and select "attribute ", you can view the link address of the restricted resource and directly access this address, so that identity authentication cannot achieve the expected effect.
　　
Apache can solve the above problems well. Apache is a software for building WWW websites and runs on Linux, Unix, and Windows operating systems. The following uses Linux as an example to describe how Apache performs user identity authentication.
　　
II. Basic principles
　　
The basic principle of implementing identity authentication in Apache is: after the system administrator starts the identity authentication function, you can add a file with the default name ". htaccess" to the directory to be restricted. When a user accesses resources in this path, a dialog box is displayed, asking the user to enter "user name/Password ". That is to say, its identity authentication function is not manually controlled by the program, but directly controlled by the system. This prevents the user from recording the hyperlink of the resource to be authenticated and will not directly access the resource next time.
　　
There are multiple authentication methods, including the pre-compiled mod-auth module in Apache and the self-built but uncompiled module in Apache, such: mod-auth-dbm module, mod-auth-db module, and mod-auth-msql module. There are also some third-party development modules, such as the mod-auth-MySQL module used in the MySQL database. they can all restrict a group of users or a specific user.
　　
III. implementation
　　
The following describes how to use the mod-auth module and mod-auth-MySQL module. However, no matter which authentication method is used, you must first set Apache as follows:
　　
AccessFileName. htaccess
　　
AllOerride All
　　
(1) the mod-auth module completes identity authentication. it stores the group names, user names, and user passwords that are allowed to access resources in text files. the specific methods are as follows:
　　
1. edit the group file used for authentication: it is mainly used to store the group names and users who can access restricted resources. edit the group file using Vi. htgroup is as follows:
　　
Ptisi: lkch
　　
Stored in the/sur/local/apache/secrets/. htgroup path, where ptisi is the group name and lkch is the username in the group.
　　
2. create a user File: used to store the user name and password in a group
　　
Htpasswd-c/usr/local/apache/secrets/. htpasswd lkch
　　
Note: htpasswd is a program provided by Apache to implement the authentication function.-c indicates that a new. htpasswd file is generated. If an old file with the same name exists, the old file is overwritten. The program will ask for the password, type "hello", and then re-confirm the password.
　　
3. edit the. htaccess file in the directory of the resource to be restricted
　　
AuthName "This is a test ″
　　
AuthType Basic
　　
AuthUserFile/usr/local/apache/secrets/. htpasswd
　　
AuthGroupFile/usr/local/apache/secrets/. htgroup
　　
Repuire group ptisi
　　
Note: The require group parameter specifies which groups of users can access authentication resources. in this way, the system will pop up a dialog box when you access the directories of the resources to be authenticated again, enter the "user name/Password ".
　　
(2) the mod-auth-mysql module completes the identity authentication function. as Apache + PHP + MySQL has been regarded by many website builders as a prime combination of small and medium network databases, therefore, mod-auth-mysql is particularly powerful. It stores group names, user names, and user passwords that are allowed to access resources in text files.
　　
1. create a database for authentication
　　
Prompt> mysqladmin create http-auth
　　
2. create a table for authentication and insert a row of data
　　
Prompt> mysql http-auth
　　
Mysql> create table mysql-auth (
　　
-> Sername char (25) not null,
　　
-> Passwd char (25 ),
　　
-> Groups char (25 ),
　　
-> Primary key (usrname)
　　
-> -〉);
　　
Mysql> insert mysql-auth (username, passwd, groups)
　　
-> Values ("lkch", PASSWD ("hello"), "ptisi ″);
　　
3. configure Apache
　　
Add Auth-MySQL-Info [host] [username] [Password] to http. cont.
　　
Username and password are the usernames and passwords of MySQL database users.
　　
4. create a. htaccess file
　　
AuthName "This is a test! ″
　　
AuthType Basic
　　
Auth-MySQL on
　　
Auth-MySQL-Db http-auth
　　
Auth-MySQL-Password-Table mysql-auth
　　
Auth-MySQL-Group-Table mysql-auth
　　
Auth-MySQL-Username-Field username
　　
Auth-MySQL-Password-Field passwd
　　
Auth-MySQL-Group-Field groups
　　
Auth-MySQL-Encryption-Types Plaintext, Crypt-DES, MySQL
　　
The last statement indicates the Password format during authentication, indicating no encryption, DES encryption, and MySQL Password () encryption.
　　
The biggest advantage of this authentication method is that PHP provides a large number of functions for MySQL database operations, which can be easily processed remotely.