You can download the mod_auth_mysql module from sourceforge.
Protecting a directory with a username/password is simple, and involves two steps:
prompt> mysqladmin create http_authNOTE: You don't have to have this table in a seperate database, you can skip creating a new database and use an existing database if it fits your needs.
prompt> mysql http_auth mysql> create table mysql_auth ( -> username char(25), -> passwd char(25), -> groups char(25), -> primary key (username) -> );NOTE 1: You don't have to use a new table for this purpose; You can use existing fields in existing tables for this purpose.
NOTE 2: All of the above names (the table name and field names) are the defaults the module looks for. They CAN be overriden using directives.
NOTE 3: The username/passwd information and username/group information can be stored in seperate tables (using different table names for the password table and group table). This is useful if you want some users to have multiple (or no) groups. In order to do that, you should have one row in the username/passwd table, and multiple rows in the username/group table, one for each group the user is in.
Auth_MySQL_Info <host> <user> <password>This information can only be specified in the server's httpd.conf, since it's used server-wide.
Auth_MySQL_General_DB <database_name>The database can be set on a per-directory basis using a different directive in .htaccess, as mentioned later in this file.
AuthName My Company's Financial Information <-- the realm name, use some informative name AuthType Basic <-- keep it that way require valid-user <-- allow any valid user to access
AuthName My Company's Financial Information <-- the realm name, use some informative name AuthType Basic <-- keep it that way require user johndoe devnull <-- let only johndoe and devnull access
AuthName My Company's Financial Information <-- the realm name, use some informative name AuthType Basic <-- keep it that way require group executives <-- allow only members of this group to accessNote that with Apache 1.3 and later, you would have to encapsulate the AuthName with double quotes if it contains spaces, e.g.
AuthName "My Company's Financial Information"
Example: Auth_MySQL_DB http_auth
Auth_MySQL_Encryption_Types Plaintext Crypt_DESwill instruct the module to check each password both as-is, and through DES crypt.