I'm now trying to set up mod_authn_dbb for authentication purpose.
However, I faced to a concern for AuthDBDUserRealmQuery directive.
The example shows the query:
AuthDBDUserRealmQuery \
"SELECT password FROM authn WHERE user = %s AND realm = %s"
But, I would like to set up the query as follows:
AuthDBDUserRealmQuery \
"SELECT md5(uname || ':' || %s || ':' || upass) FROM uaccount WHERE uname
= %s"
^^... to be realm to be user
... ^^
It seems to me we have no way to put the replacement of the given
realm prior to username. Am I missing anything?
If we have no reasonable workaround, I would like to suggest a new
directive: AuthDBDRealmUserQuery which specifies a query for digest
authentication with realm and user parameters in this order?
What's your opinion?
# This is an aside. I would like to include a few additional conditions
# in the query, such as remote address and so on.
# For example, we can consider a web-user who can access via a certain
# network address (like, 192.168.1.0/24), described as:
#
# SELECT md5(password) FROM uaccount \
# WHERE uname = %s AND unetwork >>= %s::inet;
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <[email protected]>
