One database, and one (or two) tables. One table holds the username and the encrypted password. The other table holds the username and the names of the group to which the user belongs. It is possible to have username, groupname and password in the same table.
This page documents version 0.7 (November 1998) of mod_auth_pgsql.c require Apache 1.3.3 and PostreSQL 6.4
Example| Technical Notes | Compilation Notes| Utility Program
Specifies the host on which the postmaster is running.
Specifies the TCP/IP port number at which the postmaster can be found.
Specifies an option string to be passed to the postgres95 backend process. Refer to the Postgres95 user manual for a description of the available options.
Specifies the name of the database that stores the authentication information.
Gives the name of the relation which contains the username and password information.
Gives the name of the relation which contains the username and group information. This can be the same table specified with Auth_PGpwd_table. This directive is only necessary if you want to authenticate by user groups.
Specifies the attribute name of the field containing the user name in the Auth_PGpwd_table relation.
Specifies the attribute name of the field containing the encrypted password in the Auth_PGpwd_table relation.
Specifies the attribute name of the field containing the group name in the Auth_PGgrp_table relation. This directive is only necessary if you want to authenticate by user groups.
This option is off by default. Turning it on will cause a user to be validated when their password field is empty. The password entered will be ignored. Exercise caution when turning this on.
This option is on by default. Turning it off will cause low level errors such a user not being found or a simple configuration error to fall through to other authentication directives which may be defined for this area. For example, if a parent directory has another authorization scheme and a user name is not found for the Postgres95 scheme, the parent directory scheme will be given the chance to try and authenticate the user. Exercise caution when turning this option off. It can be a security risk.
Defaults to on. Controls weather this module expects passwords in the database to be encrypted or not. When turned off, you can use unencrypted passwords in your database. Exercise caution when deciding to turn this off!
This option allows you to exercise greater control over the SQL code used to retrieve the user name and password from the database. You can use this to search for the username using more attributes in the table than the pwd_field.
The basic SQL statement used to retrieve a user's password for checking looks like this:
The pwd_whereclause will be added to the end of this statement and must fit logically. The where clause must be double quoted.
This option allows you to exercise greater control over the SQL code used to retrieve the group name and corresponding user from the database. You can use this to search for the group name using more attributes in the table than the gid_field.
The basic SQL statement used to retrieve a group name and user name for checking looks like this:
Auth_PGhost localhost Auth_PGport 5432 Auth_PGdatabase www Auth_PGpwd_table valid_users Auth_PGuid_field user Auth_PGpwd_field password AuthName My Postgres95 Authenticator AuthType basic <LIMIT GET POST> require valid-user </LIMIT>