+----------------------------------------------------------------------+ | mod_authnz_ibmdb2 README | +----------------------------------------------------------------------+ | Author: Helmut K. C. Tessarek | +----------------------------------------------------------------------+ | Website: http://tessus.github.io/mod_authnz_ibmdb2 | +----------------------------------------------------------------------+ 1) Install 2) Description of the module +----------------------------------------------------------------------+ | 1. Install | +----------------------------------------------------------------------+ see INSTALL +----------------------------------------------------------------------+ | 2. Description of the module | +----------------------------------------------------------------------+ mod_authnz_ibmdb2 is an Apache authentication module using IBM DB2 as the backend database for storing user and group information. Here is a list of the new directives that come with the module: AuthIBMDB2Database database name (no default) AuthIBMDB2Hostname database server hostname for uncataloged databases (no default) AuthIBMDB2Portnumber database instance port (default: 50000) AuthIBMDB2User user for connecting to the DB2 database (no default) AuthIBMDB2Password password for connecting to the DB2 database (no default) AuthIBMDB2UserTable name of the user table (no default) AuthIBMDB2GroupTable name of the group table (no default) AuthIBMDB2NameField name of the user field within the table (default: username) AuthIBMDB2GroupField name of the group field within the table (default: groupname) AuthIBMDB2PasswordField name of the password field within the table (default: password) AuthIBMDB2CryptedPasswords passwords are stored encrypted (default: yes) AuthIBMDB2KeepAlive connection kept open across requests (default: yes) AuthIBMDB2Authoritative lookup is authoritative (default: yes) AuthIBMDB2NoPasswd just check, if user is in usertable (default: no) AuthIBMDB2UserCondition restrict result set (no default) AuthIBMDB2GroupCondition restrict result set (no default) AuthIBMDB2UserProc stored procedure for user authentication (no default) AuthIBMDB2GroupProc stored procedure for group authentication (no default) AuthIBMDB2Caching user credentials are cached (default: off) AuthIBMDB2GroupCaching group information is cached (default: off) AuthIBMDB2CacheFile path to cache file (default: /tmp/auth_cred_cache) AuthIBMDB2CacheLifetime cache lifetime in seconds (default: 300) Example how to use the module in the httpd.conf: <Directory "/var/www/my_test_dir"> AuthName "DB2 Authentication" AuthType Basic AuthBasicProvider ibmdb2 AuthIBMDB2User db2inst1 AuthIBMDB2Password ibmdb2 AuthIBMDB2Database auth AuthIBMDB2UserTable web.users AuthIBMDB2NameField username AuthIBMDB2PasswordField passwd AuthIBMDB2CryptedPasswords On AuthIBMDB2KeepAlive On AuthIBMDB2Authoritative On AuthIBMDB2NoPasswd Off AuthIBMDB2GroupTable web.groups AuthIBMDB2GroupField groupname #require valid-user require group admin AllowOverride None </Directory> or <Directory "/var/www/my_test_dir"> AuthName "DB2 Authentication" AuthType Basic AuthBasicProvider ibmdb2 AuthIBMDB2User db2inst1 AuthIBMDB2Password ibmdb2 AuthIBMDB2Database auth AuthIBMDB2UserProc user_sp AuthIBMDB2GroupProc group_sp AuthIBMDB2Caching On AuthIBMDB2GroupCaching On require group admin AllowOverride None </Directory> where the stored procedures must have the following parameter format: CREATE PROCEDURE user_sp ( IN VARCHAR, OUT VARCHAR ) CREATE PROCEDURE group_sp ( IN VARCHAR ) The stored procedure for user authentication must return exactly one value - the password. If AuthIBMDB2NoPasswd is set to yes, then the username has to be returned instead of the password. The stored procedure for group authentication must return an open cursor to the resultset. Two examples for stored procedures are given in the documentation.