KaiGai Kohei wrote:
But, I would like to set up the query as follows:
AuthDBDUserRealmQuery \
"SELECT md5(uname || ':' || %s || ':' || upass) FROM uaccount WHERE uname =
%s"
^^... to be realm to be user
... ^^
It seems to me we have no way to put the replacement of the given
realm prior to username. Am I missing anything?
I don't think so ... unless there's some way to rewrite the query
so the username is the first parameter, I don't see any option with
the existing code.
If we have no reasonable workaround, I would like to suggest a new
directive: AuthDBDRealmUserQuery which specifies a query for digest
authentication with realm and user parameters in this order?
What's your opinion?
# This is an aside. I would like to include a few additional conditions
# in the query, such as remote address and so on.
# For example, we can consider a web-user who can access via a certain
# network address (like, 192.168.1.0/24), described as:
#
# SELECT md5(password) FROM uaccount \
# WHERE uname = %s AND unetwork >>= %s::inet;
I wonder if we could keep the existing config directives but
allow them to access an optional additional parameter (or set of
parameters). You could then write:
AuthDBDUserRealmQuery \
"SELECT %s FROM uaccount WHERE uname = %s AND foo = %s" \
R,u,a
where R,u,a meant realm, user, and remote IP address parameters
were to be passed in that order. (We'd likely want to follow
http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats
as much as possible for the available parameters.) Just an idea
at the moment ... alas, no matching implementation. Sigh. :-/
Chris.
--
GPG Key ID: 366A375B
GPG Key Fingerprint: 485E 5041 17E1 E2BB C263 E4DE C8E3 FA36 366A 375B