/mod_authnz_ibmdb2

Apache 2.2+ authentication module for IBM DB2

Primary LanguageCApache License 2.0Apache-2.0

+----------------------------------------------------------------------+
| mod_authnz_ibmdb2                                             README |
+----------------------------------------------------------------------+
| Author: Helmut K. C. Tessarek                                        |
+----------------------------------------------------------------------+
| Website: http://tessus.github.io/mod_authnz_ibmdb2                   |
+----------------------------------------------------------------------+

1) Install
2) Description of the module

+----------------------------------------------------------------------+
| 1. Install                                                           |
+----------------------------------------------------------------------+

see INSTALL

+----------------------------------------------------------------------+
| 2. Description of the module                                         |
+----------------------------------------------------------------------+

mod_authnz_ibmdb2 is an Apache authentication module using IBM DB2 as the backend database for
storing user and group information.

Here is a list of the new directives that come with the module:


AuthIBMDB2Database              database name (no default)

AuthIBMDB2Hostname              database server hostname for uncataloged databases (no default)

AuthIBMDB2Portnumber            database instance port (default: 50000)

AuthIBMDB2User                  user for connecting to the DB2 database (no default)

AuthIBMDB2Password              password for connecting to the DB2 database (no default)

AuthIBMDB2UserTable             name of the user table (no default)

AuthIBMDB2GroupTable            name of the group table (no default)

AuthIBMDB2NameField             name of the user field within the table (default: username)

AuthIBMDB2GroupField            name of the group field within the table (default: groupname)

AuthIBMDB2PasswordField         name of the password field within the table (default: password)

AuthIBMDB2CryptedPasswords      passwords are stored encrypted (default: yes)

AuthIBMDB2KeepAlive             connection kept open across requests (default: yes)

AuthIBMDB2Authoritative         lookup is authoritative (default: yes)

AuthIBMDB2NoPasswd              just check, if user is in usertable (default: no)

AuthIBMDB2UserCondition         restrict result set (no default)

AuthIBMDB2GroupCondition        restrict result set (no default)

AuthIBMDB2UserProc              stored procedure for user authentication (no default)

AuthIBMDB2GroupProc             stored procedure for group authentication (no default)

AuthIBMDB2Caching               user credentials are cached (default: off)

AuthIBMDB2GroupCaching          group information is cached (default: off)

AuthIBMDB2CacheFile             path to cache file (default: /tmp/auth_cred_cache)

AuthIBMDB2CacheLifetime         cache lifetime in seconds (default: 300)



Example how to use the module in the httpd.conf:

<Directory "/var/www/my_test_dir">
    AuthName                     "DB2 Authentication"
    AuthType                     Basic
    AuthBasicProvider            ibmdb2

    AuthIBMDB2User               db2inst1
    AuthIBMDB2Password           ibmdb2
    AuthIBMDB2Database           auth
    AuthIBMDB2UserTable          web.users
    AuthIBMDB2NameField          username
    AuthIBMDB2PasswordField      passwd

    AuthIBMDB2CryptedPasswords   On
    AuthIBMDB2KeepAlive          On
    AuthIBMDB2Authoritative      On
    AuthIBMDB2NoPasswd           Off

    AuthIBMDB2GroupTable         web.groups
    AuthIBMDB2GroupField         groupname

    #require                     valid-user
    require group                admin
    AllowOverride                None
</Directory>

or

<Directory "/var/www/my_test_dir">
    AuthName                     "DB2 Authentication"
    AuthType                     Basic
    AuthBasicProvider            ibmdb2

    AuthIBMDB2User               db2inst1
    AuthIBMDB2Password           ibmdb2
    AuthIBMDB2Database           auth
    AuthIBMDB2UserProc           user_sp
    AuthIBMDB2GroupProc          group_sp

    AuthIBMDB2Caching            On
    AuthIBMDB2GroupCaching       On

    require group                admin
    AllowOverride                None
</Directory>

where the stored procedures must have the following parameter format:

CREATE PROCEDURE user_sp  ( IN VARCHAR, OUT VARCHAR )
CREATE PROCEDURE group_sp ( IN VARCHAR )

The stored procedure for user authentication must return exactly one value -
the password. If AuthIBMDB2NoPasswd is set to yes, then the username has
to be returned instead of the password.

The stored procedure for group authentication must return an open cursor
to the resultset.

Two examples for stored procedures are given in the documentation.