I have problem with authenticating in Apache2 via pgsql. Connection to database is successful and if I put hash into password field, it gets authenticated, but how do I make apache 2.4 compare database password with locally inserted password that is not hashed yet. I guess i must put auth hash method to md5 but documentation for some reason is somewhat incomplete.
<Location "/something">
Header add Pragma "must-revalidate no-cache"
Header add X-RequestTime "%t %D"
ExpiresActive on
ExpiresDefault "now"
AuthName "Something"
AuthType Basic
AuthUserFile "L:\Docs\mgrpass.txt" #does not take usernames and passwords
#from there anymore. Takes them from database instead.
Order allow,deny
Allow from all
SetEnv ERR_MAIL "[email protected]"
SetEnv SCHEMA "manager"
SetEnv AUTHTYPE "manager"
AuthBasicProvider socache dbd
AuthnCacheProvideFor dbd
AuthnCacheContext myServer
# Here should be some hash config to convert local password
# to md5 encrypted one... Help please :(
Require valid-user
AuthDBDUserPWQuery "SELECT parool as password FROM _usr WHERE email = %s"
SetEnv "FORMAT" "json"
php_flag pgsql.log_notice off
php_flag magic_quotes_gpc off
php_flag output_buffering off
php_admin_flag safe_mode_gid on
Header add X-Timing "%D microseconds"
</Location>
Found the answer.
Apache parses the password itself. just add {SHA1} or $apr1$ before password
AuthDBDUserPWQuery "SELECT CONCAT('{SHA}',parool_sha1) as password FROM _usr WHERE email = %s"