http://www.howtoforge.com/how-to-set-up-webdav-with-mysql-authentication-on-apache2-debian-squeeze
This guide explains how to set up WebDAV with MySQL authentication (using mod_auth_mysql) on Apache2 on a Debian Squeeze server. WebDAV stands for Web-based Distributed Authoring and Versioning and is a set of extensions to the HTTP protocol that allow users to directly edit files on the Apache server so that they do not need to be downloaded/uploaded via FTP. Of course, WebDAV can also be used to upload and download files.
I do not issue any guarantee that this will work for you!
New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword
Afterwards, enable the WebDAV and mod_auth_mysql modules:
First, we create the directory /var/www/web1/web and make the Apache user (www-data) the owner of that directory:
Then reload Apache:
You don't have to do this if you specify the port in the WebDAV URL, e.g. http://192.168.0.100:80/webdav - in this case Windows will simply look for the user test, not 192.168.0.100\test.
Then we leave the MySQL shell:
The Alias directive makes (together with ) that when you call /webdav,
WebDAV is invoked, but you can still access the whole document root of
the vhost. All other URLs of that vhost are still "normal" HTTP.
The AuthBasicAuthoritative Off and AuthUserFile /dev/null are there to prevent that you get errors like these ones in your Apache error log (/var/log/apache2/error.log):
(It is important that the string within the quotation marks begins with a space!)
The require valid-user directive makes that each user listed in the mysql_auth table can log in as long as he/she provides the correct password. If you only want certain users to be allowed to log in, you'd use something like
instead. And if you only want members of certain groups to be allowed to log in, you'd use something like this:
The final vhost should look like this:
Reload Apache afterwards:
If you don't use :80 in the WebDAV URL (http://192.168.0.100:80/webdav), you must log in with the username 192.168.0.100\test; if you do use :80, then you can simply log in with the username test.
This guide explains how to set up WebDAV with MySQL authentication (using mod_auth_mysql) on Apache2 on a Debian Squeeze server. WebDAV stands for Web-based Distributed Authoring and Versioning and is a set of extensions to the HTTP protocol that allow users to directly edit files on the Apache server so that they do not need to be downloaded/uploaded via FTP. Of course, WebDAV can also be used to upload and download files.
I do not issue any guarantee that this will work for you!
1 Preliminary Note
I'm using a Debian Squeeze server with the hostname server1.example.com and the IP address 192.168.0.100 here.2 Installing Apache2, WebDAV, MySQL, mod_auth_mysql
To install Apache2, WebDAV, MySQL, and mod_auth_mysql, we run:
apt-get install apache2 mysql-server mysql-client libapache2-mod-auth-mysql
You will be asked to provide a password for the MySQL root user - this password is valid for the user root@localhost as well as root@server1.example.com, so we don't have to specify a MySQL root password manually later on: New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword
Afterwards, enable the WebDAV and mod_auth_mysql modules:
a2enmod dav_fs
a2enmod dav
a2enmod auth_mysql
Restart Apache:a2enmod dav
a2enmod auth_mysql
/etc/init.d/apache2 restart
3 Creating A Virtual Host
I will now create a default Apache vhost in the directory /var/www/web1/web. For this purpose, I will modify the default Apache vhost configuration in /etc/apache2/sites-available/default. If you already have a vhost for which you'd like to enable WebDAV, you must adjust this tutorial to your situation.First, we create the directory /var/www/web1/web and make the Apache user (www-data) the owner of that directory:
mkdir -p /var/www/web1/web
chown www-data /var/www/web1/web
Then we back up the default Apache vhost configuration (/etc/apache2/sites-available/default) and create our own one:chown www-data /var/www/web1/web
mv /etc/apache2/sites-available/default /etc/apache2/sites-available/default_orig
vi /etc/apache2/sites-available/default
vi /etc/apache2/sites-available/default
|
/etc/init.d/apache2 reload
4 Configure The Virtual Host For WebDAV
You can find the documentation for mod_auth_mysql in the /usr/share/doc/libapache2-mod-auth-mysql directory. To read it, you have to gunzip the DIRECTIVES.gz and USAGE.gz files:
cd /usr/share/doc/libapache2-mod-auth-mysql
gunzip DIRECTIVES.gz
vi DIRECTIVES
gunzip DIRECTIVES.gz
vi DIRECTIVES
gunzip USAGE.gz
vi USAGE
Having read these two files, we create a MySQL database called webdav in which we will create the table mysql_auth which will contain our users and passwords. In addition to that we create the MySQL user webdav_admin - this user will be used by mod_auth_mysql to connect to MySQL later on:vi USAGE
mysqladmin -u root -p create webdav
mysql -u root -p
GRANT SELECT, INSERT, UPDATE, DELETE ON webdav.* TO 'webdav_admin'@'localhost' IDENTIFIED BY 'webdav_admin_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON webdav.* TO 'webdav_admin'@'localhost.localdomain' IDENTIFIED BY 'webdav_admin_password';
FLUSH PRIVILEGES;
(Replace webdav_admin_password with a password of your choice.) GRANT SELECT, INSERT, UPDATE, DELETE ON webdav.* TO 'webdav_admin'@'localhost.localdomain' IDENTIFIED BY 'webdav_admin_password';
FLUSH PRIVILEGES;
USE webdav;
create table mysql_auth (
username char(25) not null,
passwd char(32),
groups char(25),
primary key (username)
);
(Of course, you can as well use existing tables holding your user
credentials, and you can as well have additional fields in the table,
such as a field that defines if a user is active or not, for example.)username char(25) not null,
passwd char(32),
groups char(25),
primary key (username)
);
CREATE TABLE `scoreboard` (
`id` int(14) NOT NULL auto_increment,
`vhost` varchar(50) NOT NULL default '',
`bytes_sent` int(14) NOT NULL default '0',
`count_hosts` int(12) NOT NULL default '0',
`count_visits` int(12) NOT NULL default '0',
`count_status_200` int(12) NOT NULL default '0',
`count_status_404` int(12) NOT NULL default '0',
`count_impressions` int(18) NOT NULL default '0',
`last_run` int(14) NOT NULL default '0',
`month` int(4) NOT NULL default '0',
`year` int(4) NOT NULL default '0',
`domain` varchar(50) NOT NULL default '',
`bytes_receive` int(14) NOT NULL default '0',
PRIMARY KEY (`id`),
UNIQUE KEY `vhost` (`vhost`,`month`,`year`,`domain`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
Now we insert the user test into our mysql_auth table with the password test (MD5 encrypted); this user belongs to the group testgroup:`id` int(14) NOT NULL auto_increment,
`vhost` varchar(50) NOT NULL default '',
`bytes_sent` int(14) NOT NULL default '0',
`count_hosts` int(12) NOT NULL default '0',
`count_visits` int(12) NOT NULL default '0',
`count_status_200` int(12) NOT NULL default '0',
`count_status_404` int(12) NOT NULL default '0',
`count_impressions` int(18) NOT NULL default '0',
`last_run` int(14) NOT NULL default '0',
`month` int(4) NOT NULL default '0',
`year` int(4) NOT NULL default '0',
`domain` varchar(50) NOT NULL default '',
`bytes_receive` int(14) NOT NULL default '0',
PRIMARY KEY (`id`),
UNIQUE KEY `vhost` (`vhost`,`month`,`year`,`domain`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
INSERT INTO `mysql_auth` (`username`, `passwd`, `groups`) VALUES('test', MD5('test'), 'testgroup');
You can later on use the URL http://192.168.0.100/webdav to connect to WebDAV. If you do this on a Windows XP client and type in the user name test, Windows translates this to 192.168.0.100\test. Therefore we create a second user account now:
INSERT INTO `mysql_auth` (`username`, `passwd`, `groups`) VALUES('192.168.0.100\\test', MD5('test'), 'testgroup');
(We must use a second backslash here in the user name to escape the first one!)
Then we leave the MySQL shell:
quit;
Now we modify our vhost in /etc/apache2/sites-available/default and add the following lines to it:
vi /etc/apache2/sites-available/default
[...] Alias /webdav /var/www/web1/web |
The AuthBasicAuthoritative Off and AuthUserFile /dev/null are there to prevent that you get errors like these ones in your Apache error log (/var/log/apache2/error.log):
[Wed Jun 11 17:02:45 2008] [error] Internal error: pcfg_openfile() called with NULL filename
[Wed Jun 11 17:02:45 2008] [error] [client 127.0.0.1] (9)Bad file descriptor: Could not open password file: (null)
If you have additional fields in your MySQL table that define if a user is allowed to log in or not (e.g. a field called active), you can add the Auth_MySQL_Password_Clause directive, e.g.:[Wed Jun 11 17:02:45 2008] [error] [client 127.0.0.1] (9)Bad file descriptor: Could not open password file: (null)
[...] Auth_MySQL_Password_Clause " AND active=1" [...] |
The require valid-user directive makes that each user listed in the mysql_auth table can log in as long as he/she provides the correct password. If you only want certain users to be allowed to log in, you'd use something like
[...] require user jane joe [...] |
[...] require group testgroup [...] |
|
/etc/init.d/apache2 reload
5 Testing WebDAV
We will now install cadaver, a command-line WebDAV client:
apt-get install cadaver
To test if WebDAV works, type:
cadaver http://localhost/webdav/
You should be prompted for a user name. Type in test and then the password for the user test. If all goes well, you should be granted access which means WebDAV is working ok. Type quit to leave the WebDAV shell:
root@server1:~# cadaver http://localhost/webdav/
Authentication required for webdav on server `localhost':
Username: test
Password:
dav:/webdav/> quit
Connection to `localhost' closed.
root@server1:~#
Now test again with the username 192.168.0.100\test (this is the format that Windows XP needs if you don't use :80 in the WebDAV URL):Authentication required for webdav on server `localhost':
Username: test
Password:
dav:/webdav/> quit
Connection to `localhost' closed.
root@server1:~#
cadaver http://localhost/webdav/
root@server1:~# cadaver http://localhost/webdav/
Authentication required for webdav on server `localhost':
Username: 192.168.0.100\test
Password:
dav:/webdav/> quit
Connection to `localhost' closed.
root@server1:~#
Authentication required for webdav on server `localhost':
Username: 192.168.0.100\test
Password:
dav:/webdav/> quit
Connection to `localhost' closed.
root@server1:~#
6 Configure A Windows XP Client To Connect To The WebDAV Share
This is described on http://www.howtoforge.com/how-to-set-up-webdav-with-apache2-on-debian-lenny-p2.If you don't use :80 in the WebDAV URL (http://192.168.0.100:80/webdav), you must log in with the username 192.168.0.100\test; if you do use :80, then you can simply log in with the username test.
7 Configure A Linux Client (GNOME) To Connect To The WebDAV Share
This is described on http://www.howtoforge.com/how-to-set-up-webdav-with-apache2-on-debian-lenny-p3.8 Troubleshooting
It's a good idea to watch the Apache error log (/var/log/apache2/error.log) while you're trying to connect to WebDAV, e.g. with this command:
tail -f /var/log/apache2/error.log
If you get an error like this:
[Wed Jun 11 15:39:04 2008] [error] [client 192.168.0.46] (13)Permission denied: Could not open property database. [500, #1]
this means that /var/lock/apache2 is not owned by the Apache user (www-data on Debian). You can fix this problem by running:
chown www-data /var/lock/apache2
If Windows keeps asking and asking about the username and password, you should specify the port in the WebDAV URL, e.g. http://192.168.0.100:80/webdav (see chapter four). 9 Links
- WebDAV: http://www.webdav.org/
- Apache: http://httpd.apache.org/
- Debian: http://www.debian.org/
- mod_auth_mysql: http://modauthmysql.sourceforge.net
No comments:
Post a Comment