Module mod_auth_pg

This module provides for user authentication using PostgreSQL database.

  • AuthPGHost
  • AuthPGPort
  • AuthPGUser
  • AuthPGPassword
  • AuthPGOptions
  • AuthPGDatabase
  • AuthPGUserTable
  • AuthPGGroupQuery
  • AuthPGGroupTable
  • AuthPGPasswordField
  • AuthPGUserNameField
  • AuthPGGroupNameField
  • AuthPGVirtual
  • AuthPGDomainField
  • AuthPGQuery
  • AuthPGHashType
  • AuthPGAnonymous
  • AuthPGAnonymousUserName
  • AuthPGCookie
  • AuthPGCookieName
  • AuthPGCookieSeparator
  • AuthPGAuthoritative

  • AuthPGHost

    Syntax: AuthPGHost host_name
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension

    The AuthPGHost directive sets the name of the server on which the postmaster is running. If not specified, a unix domain socket will be used to connect to the database instead of a TCP/IP connection. This alleviates the need to use -i when starting the Postgres postmaster.

    AuthPGPort

    Syntax: AuthPGPort port_number
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension

    The AuthPGPort directive sets the TCP/IP port number at which the postmaster can be found.

    AuthPGUser

    Syntax: AuthPGUser user
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension

    The AuthPGUser directive sets the database username (not the system username) to connect to the database as. If not specified, the user that the web server is running as will be used.

    AuthPGPassword

    Syntax: AuthPGPassword password
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension

    The AuthPGPassword directive sets the password to connect to the database with.

    AuthPGOptions

    Syntax: AuthPGOptions options
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension

    The AuthPGOptions directive sets additional runtime options for the Postgres backend.

    AuthPGDatabase

    Syntax: AuthPGDatabase database_name
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension

    The AuthPGDatabase directive sets the name of the database which keeps the authentication information.

    AuthPGUserTable

    Syntax: AuthPGUserTable table_name
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension

    The AuthPGUserTable directive sets the name of the table which contains the username field and password field.

    AuthPGGroupTable

    Syntax: AuthPGGroupTable table_name
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension

    The AuthPGGroupTable directive sets the name of the table which contains the username field and groupname field. This name can be the same as the value of AuthPGUserTable directive.

    AuthPGPasswordField

    Syntax: AuthPGPasswordField field_name
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension

    The AuthPGPasswordField directive sets the name of the field containing the password in AuthPGUserTable.

    AuthPGUserNameField

    Syntax: AuthPGUserNameField field_name
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension

    The AuthPGUserNameField directive sets the name of the field containing the username in AuthPGUserTable. This name should be the same as the field name containg the username in AuthPGGroupTable.

    AuthPGGroupNameField

    Syntax: AuthPGGroupNameField field_name
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension

    The AuthPGGroupNameField directive sets the name of the field containing the groupname in AuthPGGroupTable.

    AuthPGVirtual

    Syntax: AuthPGVirtual <on | off(default)>
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension

    The AuthPGVirtual directive controls the behavior of the authentication module when a user logs in with a userid of the form user@domain. If AuthPGVirtual is off, this type of userid is treated normally -- the entire string is considered to be the userid, and must exist in the field specified by the AuthPGUserNameField directive. If AuthPGVirtual is on, the userid is split into its user and domain components. The user compontent is matched against the field specified by the AuthPGUserNameField directive, and the domain component is matched against the field specified by the AuthPGDomainField directive. If AuthPGVirtual is on, and a userid does not contain '@', the domain field in the database must be blank or null.

    AuthPGDomainField

    Syntax: AuthPGDomainField field_name
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension

    The AuthPGDomainField directive sets the name of the field containing the domain name. It is only utilized if AuthPGVirtual is on.

    AuthPGQuery

    Syntax: AuthPGQuery query
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension

    The AuthPGQuery directive sets the query to use instead of the default one. The query string may contain any of the following modifiers:

    %i - host ip address replacement
    %h - host name replacement
    %l - user id replacement
    %d - userid domain (if available) see AuthPGVirtual but it doesn't need to be on to use value
    %x - unparsed URI
    %e - URI path
    %a - URI query args
    %f - AuthPGDomainField directive value
    %p - AuthPGPasswordField directive value
    %u - AuthPGUserNameField directive value
    %g - AuthPGGroupNameField directive value
    %U - AuthPGUserTable directive value
    %G - AuthPGGroupTable directive value
    

    Example: select password from members where name='%l'

    The previous behaviour is also supported:

    Unless you enable AuthPGVirtual, this string must contain one '%s', which is replaced with a user name. If you set AuthPGVirtual to 'on', then the string must contain two. The first '%s' is for the user component and the second for the domain component of "user@domain". The result of the query should be the user's password.
    Example: select password from members where name='%s'

    AuthPGGroupQuery

    Syntax: AuthPGGroupQuery query
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension

    The AuthPGGroupQuery directive sets the query to get the list of the groups that a user belong to. The query string may contain any of the following modifiers:

    %i - host ip address replacement
    %h - host name replacement
    %l - user id replacement
    %d - userid domain (if available) see AuthPGVirtual but it doesn't need to be on to use value
    %x - unparsed URI
    %e - URI path
    %a - URI query args
    %f - AuthPGDomainField directive value
    %p - AuthPGPasswordField directive value
    %u - AuthPGUserNameField directive value
    %g - AuthPGGroupNameField directive value
    %U - AuthPGUserTable directive value
    %G - AuthPGGroupTable directive value
    

    Example: select groupname from groups where user='%l'

    The previous behaviour is also supported:

    Unless you enable AuthPGVirtual, this string must contain one '%s', which is replaced with a user name. If you set AuthPGVirtual to 'on', then the string must contain two. The first '%s' is for the user component and the second for the domain component of "user@domain". The result of the query should be the user's password.
    Example: select groupname from groups where user='%s'

    AuthPGHashType

    Syntax: AuthPGHashType <none | crypt(default) | md5>
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension

    Setting the AuthPGHashType directive to `none' allows for the passwords stored in Postgres not to be encrypted. Otherwise, they shoud be crypted by the crypt function, or md5 respectively.

    AuthPGAnonymous

    Syntax: AuthPGAnonymous <on | off(default)>
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension

    Turning on AuthPGAnonymous directive enables a user to be validated by the anonymous user name set by the AuthPGAnonymousUserName directive without the password.

    AuthPGAnonymousUserName

    Syntax: AuthPGAnonymousUserName username
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension

    The AuthPGAnonymousUserName directive sets the anonymous user name used when the AuthPGAnonymous directive is turned on.

    AuthPGCookie

    Syntax: AuthPGCookie <on | off(default)>
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension

    The AuthPGCookie directive controls whether this module will fake the authentication by the cookie or not.

    AuthPGCookieName

    Syntax: AuthPGCookieName cookie_name
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension
    Default: AUTHPG

    The AuthPGCookieName directive sets the name of the cookie containing the username and password pair. The cookie has the form like `AUTHPG=username:password'. `:' is the separator and can be changed using AuthPGCookieSeparator directive.

    AuthPGCookieSeparator

    Syntax: AuthPGCookieSeparator separator
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension
    Default: :

    The AuthPGCookieSeparator directive sets the character used to separate the userid and password.

    AuthPGAuthoritative

    Syntax: AuthPGAuthoritative <on(default) | off>
    Context: directory, .htaccess
    Override: AuthConfig
    Status: Extension

    The AuthPGAuthoritative directive plays the same role as the Auth*Authoritative directives in other mod_auth_* modules.