Recent changes to feature-requests

Multiple hashes

ecourt — Wed, 21 Nov 2012 01:30:13 -0000

for security purposes, this module needs to be able to support USER DEFINED password hashes.
it should be able to support
md5(password)
md5(password + SALT)
AES(SALT + password)
AES(md5(password + SALT)
md5(md5(SALT + password)

This needs to be customizable, so it can be used with other programs hashing schemas, which will make it much more usable, and much more useful

Addition of Apache MD5 encryption algorithm

Anonymous — Wed, 05 Sep 2007 04:09:38 -0000

Currently there is an 'md5' option, but a popular (unsupported) format is the MD5 algorithm as modified for Apache.

You can generate this type of password by typing
htpasswd -nmb theusername thepassword

It would be great to have this "apachemd5" encryption format to allow for compatibility with Apache MD5 password files.

sha1 salt

JiiPee — Sun, 02 Sep 2007 20:14:11 -0000

Would be nice feature to add salt support for sha1 also, that would make it possible to do some auth against SMF forum database for example

Thanks

Stored Procedure

Ben Davies — Mon, 19 Mar 2007 10:14:31 -0000

Hi everyone,

I've been using mod_auth_mysql for a year or two now and am very very happy with it. However, there is one feature I would love to see implemented.

At the moment, I can't use mod_auth_mysql for projects that require Resources to be stored in a database. Generally, the permissions on who can access the resource are stored as meta data in each record. Unfortunately, there doesn't appear to be a way to get mod_auth_mysql to query a separate table to check the permissions of a resource before serving it. For example, I would like to use mod_auth_mysql to check the users permissions against the requested resource before using mod_rewrite to direct the User to a PHP file which returns the resource.

I thought one way would be to add a config parameter like AuthMySQLGroupTable which would allow you to assign a table to perform another check against, but I realised that this could get messy very quickly. To me the ideal solution would be to specify a stored procedure for mod_auth_mysql to call:

AuthMySQLStoredProc "spMyUserAuth";

mod_auth_mysql could call the specified stored proc then pass through a IN_OUT INT parameter which the stored procedure could set to either 1 (for authorized) or any other value for failed auth. It could then be left up to the web master to implement a stored procedure that determines if the user specified is authenticated/authorized.

That way, it would be trivial to 1) authenticate the user and 2) authorize the user for access to the requested resource. Additional parameters could be passed to the specified stored procedure:

IN_OUT success INT, IN username VARCHAR(30), IN password VARCHAR(30), IN dns VARCHAR, IN ipaddress VARCHAR, IN filename VARCHAR, IN virtualhostname VARCHAR, IN protocol VARCHAR, IN requestmethod VARCHAR, IN arguments VARCHAR, IN requestline VARCHAR, IN path VARCHAR

So I could create a stored procedure like so:

CREATE PROCEDURE spMyUserAuth( IN_OUT success INT, IN username VARCHAR(30), IN password VARCHAR(30), IN dns VARCHAR, IN ipaddress VARCHAR, IN filename VARCHAR, IN virtualhostname VARCHAR, IN protocol VARCHAR, IN requestmethod VARCHAR, IN arguments VARCHAR, IN requestline VARCHAR, IN path VARCHAR )
BEGIN

END;

Obviously this would only be a feature that works with MySQL 5.

What do you guys think? Is this a good idea?

Cheers,

Ben

REMOTE_GROUP and REMOTE_GROUPS

Anonymous — Sun, 25 Jun 2006 18:47:55 -0000

Please also consider populating the REMOTE_GROUP and
REMOTE_GROUPS $ENV variables. - mt

Post Auth SQL

Anonymous — Sun, 25 Jun 2006 04:46:21 -0000

Please consider adding a parameter to hold an SQL statement that is
execute after authentication. You might also consider separate params for
success and failure. The immediate use for this is logging, but you could
imagine a number of other uses such as initializing or updating session
data. - mt

Salt support

Anonymous — Sun, 07 May 2006 17:16:54 -0000

Salt support for md5, sha1, and other currently
wideused encryption types...

Provide SHA512 support

Anonymous — Fri, 03 Mar 2006 08:26:33 -0000

Would be great to have sha512 support.

http://confluence.atlassian.com/display/JIRAEXT/Integration+of+Jira+User+Management+with+Apache

brgds,

P.G.Taboada

AuthType Digest

Eric Pretorious — Wed, 29 Jun 2005 18:51:00 -0000

Support for MD5 Digest authentication would be a major
coup.

add a parameter to specify a password row in the group table

bimmerone — Wed, 09 Mar 2005 15:59:48 -0000

add a parameter to specify a password row in the group
table

Hi, I'm actually using 2 tables for username and group.
(see below)

Username
----------------------------------------------
| username | password | status |
----------------------------------------------

groups
----------------------------------------------
| FK_username | FK_groups |
----------------------------------------------

And I want to know how I can specify a different row for
the username in the group table. Because, actually, the
module (mod_auth_mysql 2.90) seen like using the row
name that I specify be the parameter
AuthMySQLNameField.

Does it exist a parameter like
AuthMySQLGroupUsernameField ?