From 3382c10737bc0acad51a0aaa69bb2c1d6335dd8a Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Wed, 25 Aug 2004 01:15:29 +0000 Subject: - Update man pages for mysql and pgsql --- doc/httpauthd.8 | 10 ++--- doc/httpauthd.conf.5 | 117 +++++++++++++++++++++++++++++++++++++++++++-------- 2 files changed, 102 insertions(+), 25 deletions(-) (limited to 'doc') diff --git a/doc/httpauthd.8 b/doc/httpauthd.8 index 684d607..6802a3f 100644 --- a/doc/httpauthd.8 +++ b/doc/httpauthd.8 @@ -51,13 +51,9 @@ authentication and an extra layer security if necessary. .Pp .Nm httpauthd can perform a variety of different types of authentication, and is built -in an extensible manner so more can be added in the future. -.Pp -.Bl -bullet -compact -.It -Basic and Digest authentication against a file. -.It -Basic and Digest authentication against an LDAP server. +in an extensible manner so more can be added in the future. Currently it +can perform Basic and Digest authentation against files, LDAP, MYSQL and +PostgreSQL. .El .Sh OPTIONS The options are as follows: diff --git a/doc/httpauthd.conf.5 b/doc/httpauthd.conf.5 index e4f82a9..e1a78db 100644 --- a/doc/httpauthd.conf.5 +++ b/doc/httpauthd.conf.5 @@ -66,7 +66,17 @@ Methods are the various ways can authenticate a user. A method will use either LDAP, a file or some other means to determine if a user is valid. The methods currently implemented are: -.Ar LDAP MYSQL PGSQL Simple +.Bl -hang +.It LDAP +Authenticate against an LDAP server. +.It MYSQL +Authenticate against a MYSQL database +.It PGSQL +Authenticate against a PostgreSQL database. +.It Simple +Authenticate against a password file. For info on creating this file see +.Xr mkha1 8 +.El .Pp A method block in the configuration file needs to contain one of the above method names as the header for it's section (ie: [LDAP]). It @@ -78,6 +88,12 @@ This allows for the creation of various configurations with purpose specific names. These names are used by callers of .Xr httpauthd 8 to identify how to authenticate a given HTTP connection. +.Pp +Aliases are created by putting a colon and a name after the section type, +like this: +.Bd -literal -offset indent +[Simple:MyName] +.Ed .Sh GLOBAL OPTIONS These options affect httpauthd as a whole. They should be placed before the beginning of the first authentication method section. In addition certain @@ -137,20 +153,6 @@ How this exactly works depends on the method it applies to. [ Default: .Em 900 ] -.It Cd DigestDomains -The -.Em domains -setting used with -.Em Digest -authentication. This allows you to specify one or more URIs which are in the -same authentication space. The specified URIs are prefixes, i.e. the -client will assume that all URIs "below" these are also protected by the -same username/password. The URIs may be either absolute URIs (i.e. inluding -a scheme, host, port, etc) or relative URIs. Separated by spaces. -.Pp -[ Default: -.Em (none) -] .It Cd DigestIgnoreNC When set to .Em True @@ -194,7 +196,9 @@ the format created by .Xr htpasswd 1 or .Xr htdigest 1 -(tools that come with apache). +(tools that come with apache). You can also use the +.Xr mkha1 8 +tool that comes with httpauth. .Pp [ Required ] .El @@ -224,7 +228,7 @@ When performing Basic authentication, .Xr httpauthd can try to bind to the LDAP server as the user in question. This allows authentication even when no access to cleartext passwords -is available. Note that this does not apply to Digest authentication. +is available. Note that this does not apply to Digest authentication. .Pp [ Default: .Em True @@ -247,7 +251,9 @@ is missing ] A HA1 is a special kind of digest containing the user name, realm and password. This can be used in place of cleartext passwords when doing Digest authentication. This setting specifies the attribute on the -LDAP server that the hash can be found in. +LDAP server that the hash can be found in. Use the +.Xr mkha1 8 +tool for creating HA1 hashes. .Pp .Xr httpauthd 8 can perform both Basic and Digest authentication against this attribute. @@ -308,6 +314,81 @@ in the case where anonymous users can't perform LDAP searches, for example. .Pp [ Optional ] .El +.Sh MYSQL AND PGSQL METHOD OPTIONS +Here are the options for the MYSQL and PGSQL handlers. +.Bl -hang +.It Cd DBDatabase +The database on the DB server to connect to. +.Pp +[ Required ] +.It Cd DBHA1Column +The name of the column in +.Ar DBQuery +that contains the HA1 for the user. A HA1 +is a special kind of digest containing the user name, realm and password. +This can be used in place of cleartext passwords when doing Digest +authentication. Use the +.Xr mkha1 8 +tool for creating HA1 hashes. +.Pp +[ Optional ] +.It Cd DBMax +The maximum number of connections to make to the database server. +.Pp +[ Default: +.Em 10 +] +.It Cd DBPassword +The password for the +.Ar DBUser +option. +.Pp +[ Optional ] +.It Cd DBPort +When connecting to the server via TCP this option specifies the port +to connect on. +.Pp +[ Default: DB server's default port ] +.It Cd DBPWColumn +The name of the column in +.Ar DBQuery +that contains the password. +.Pp +[ Default: First Column ] +.It Cd DBPWType +The type of password stored in the database. The options are: +.Ar clear crypt md5 sha1 +.Pp +[ Default: +.Em clear +] +.It Cd DBQuery +The query to execute when authenticating a user. The +.Em %u +and +.Em %r +flags can be used in the query, which will substitute the user and realm +respectively. This should be a 'SELECT' type query or a query that returns +data. +.Pp +[ Required ] +.It Cd DBServer +The address to connect to the database at. It can either be a IP address, +host name, or unix type socket. If this option is not specified then the +default connection (see MYSQL or PGSQL docs) will be used. +.Pp +[ Optional ] +.It Cd DBTimeout +Time in seconds to wait for a connection to the DB server. +.Pp +[ Default: +.Em 30 +] +.It Cd DBUser +The user to connect to the database as. +.Pp +[ Default: DB's default user ] +.El .Sh SEE ALSO .Xr httpauthd 8 .Sh AUTHOR -- cgit v1.2.3