KaiGai Kohei wrote:
I'm now trying to set up mod_authn_dbb for authentication purpose.
However, I faced to a concern for AuthDBDUserRealmQuery directive.
The example shows the query:
AuthDBDUserRealmQuery \
"SELECT password FROM authn WHERE user = %s AND realm = %s"
But, I would like to set up the query as follows:
AuthDBDUserRealmQuery \
"SELECT md5(uname || ':' || %s || ':' || upass) FROM uaccount WHERE uname =
%s"
^^... to be realm to be user
... ^^
It seems to me we have no way to put the replacement of the given
realm prior to username. Am I missing anything?
One common solution to the 'order of parameters' problem is to create a stored procedure in your
database. For example, if you are using MySQL 5.0+, you can create a stored procedure like this:
DROP PROCEDURE IF EXISTS digest;
CREATE PROCEDURE digest(username VARCHAR(64), realm VARCHAR(64))
SELECT md5(concat(uname ,':',realm ,':',upass)) FROM uaccount WHERE uname =
username;
Then in your conf file use:
AuthDBDUserRealmQuery "CALL digest(%s, %s)"
-tom-
