I would like to authorize users just by username, ignoring any passwords. User name is a license ID. If you have it, you can access the site otherwise not.
The system works now on Apache 2.2 with mod_auth_mysql by setting AuthMySQLNoPasswd On.
Now I am trying to upgrade to Apache 2.4 and use mod_authz_dbd. I don't want to do any dbd authentication, so I thought about using mod_authn_anon to authenticate any user and then do authorization with dbd. Here is the configuration:
AuthType basic
AuthName "Please use license ID as user name, password is irrelevant"
AuthBasicProvider anon
Anonymous_NoUserID on
# "authorized" is the name of an imaginary group that is returned by AuthzDBDQuery
# when username matches license ID in the database
Require dbd-group authorized
AuthzDBDQuery "select 'authorized' from user_info where user_name = %s"
And here is the relevant part of the log:
mod_authz_core.c(809): AH01626: authorization result of Require dbd-group authorized: denied (no authenticated user yet)
mod_authz_core.c(809): AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)
auth_basic:error] AH01618: user id not found: /protected/
It appears that anon does not actually authenticate users to be made available for dbd authorization.
I know about mod_wsgi but I would like a solution with standard apache2 modules. I don't want to install of Python.
AFAIK this functionality is just not available in the current standard modules.
So if you don't want to install python, you will most likely have to change the code a bit.
If you want to authenticate users only by username, you can do it by editing mod_authn_dbd.c .
This file is avaialable on the Apache Github account and here's the link to it : mod_authn_dbd.c .
There should be the lines 183-187 highlighted :
You will want to comment / delete them all. Allowing you to use ANY password (Including leaving the box blank) for authentification.
So once you saved and applied the these changes to the file. You will need to compile it.
This is done using the :
apxs2command on unix.It will compile it and automatically activate it afterward.
If you are having trouble running this command, you're probably missing httpd-devel(centos) or apache2-dev(ubuntu).
Now in your configuration file, delete :
add :
So the config you posted above should look like this :
You will then be able to authenticate your user only with their license number and do whatever you need to do with authz.
Nevertheless, I really hope there is another, less complicated and more convenient solution.
Keep in mind that by doing this, if you ever need this module to function properly, you will have another, or the same problem to solve, yet again.
Good luck!
I would assume you also need something along those lines: