One database, and one (or two) tables. One table holds the username and the encryped (or plain) password.- + One database, and one function with parameters (name, name, name, text, inet, text) +for context, group, login name, password, remoute IP address, URI. +Function must return some value (for example oid) as a link to credentials for this connect. +This value inserts into environment variable CREDENTIALS.
The other table holds the username and the names of the group to which the user belongs.
It is possible to have username, groupname and password in the same table.
Every authentication access is logged in the same database of the authentication table, but in different table.+ Every authentication access can be logged by authentificate SQL function.
User name and date of the request are logged.
As option, it can log password, ip address, request line.
Gives the name of the relation which contains the username and password
- information.
- See Auth_PG_encrypted, by default the password
- is encrypted.
+
Gives the name of the function which calculate credentials and returns
+NULL if access forbidden. This function can log accesses if need.
Gives the name of the relation which contains the username and group information. - This can be the same table specified with Auth_PG_pwd_table. - This directive is only necessary if you want to authenticate -by user groups. A user within multiple groups has therefore multiple - entries.
- -Specifies the attribute name of the field containing the user name in the -Auth_PG_pwd_table relation.
- -Specifies the attribute name of the field containing the encrypted (see - Auth_PG_encrypted) password in the Auth_PGpwd_table relation. -
- -Specifies the attribute name of the field containing the group name in - the Auth_PG_grp_table relation. This directive is only necessary - if you want to authenticate by user groups.
+Gives the name of the context. For service of independent +user groups, where login names in different groups can be +equal without real user equality. +
-This option is off by default. Turning it on will cause a user to be validated - when their password field is empty. The password entered will - be ignored. Exercise caution when turning this on.
+If configured, do not drop connection until configured URI. +Usualy URI of footer triggers drop of connect to PostgreSQL. +
This option is off by default. Controls whether this module converts user - UIDs to lowercase before looking them up. When turned on this does not affect - the case of the original user ID should this module decline to authenticate - and a lower level is called.
- -This option is off by default. Controls whether this module converts user - UIDs to uppercase before looking them up. When turned on this does not affect - the case of the original user ID should this module decline to authenticate - and a lower level is called.
-This option is off by default. Controls whether this module ignore the -upper/lowercase of password from user, when looking up clear text password -from db.
- -Defaults to on. Controls weather this module expects passwords in the database -to be encrypted or not. When turned off, you can use unencrypted passwords -in your database. Exercise caution when deciding to turn this off!
- -
-
Set the encryption type for the password stored in the database.
- Defaults to CRYPT.
-
This option allows you to exercise greater control over the SQL code used - to retrieve the user name and password from the database. -You can use this to search for the username using more attributes -in the table than the pwd_field.
- -The basic SQL statement used to retrieve a user's password for checking - looks like this:
- -The pwd_whereclause will be added to the end of this statement and must - fit logically. The where clause must be double quoted, - with initial space .
- -Example:
- -Auth_PG_pwd_whereclause " and access_level > 100 "- -
- -
This option allows you to exercise greater control over the SQL code used - to retrieve the group name and corresponding user from the -database. You can use this to search for the group name using -more attributes in the table than the gid_field.
- -The basic SQL statement used to retrieve a group name and user name for - checking looks like this:
- -- -
PostgreSQL trusted user:
AuthName "My PostgreSQL Authenticator"
AuthType basic
Auth_PG_host localhost
Auth_PG_port 5432
Auth_PG_user postgres
Auth_PG_database www
Auth_PG_pwd_table valid_users
Auth_PG_uid_field user
Auth_PG_pwd_field password
<LIMIT GET POST>
require valid-user
</LIMIT>
PostgreSQL trusted user, select only users with access_level > 100:
AuthName "My PostgreSQL Authenticator"
AuthType basic
Auth_PG_host localhost
Auth_PG_port 5432
Auth_PG_user postgres
Auth_PG_database www
Auth_PG_pwd_table valid_users
Auth_PG_uid_field user
Auth_PG_pwd_field password
Auth_PG_pwd_whereclause " and access_level > 100 "
<LIMIT GET POST>
require valid-user
</LIMIT>
PostgreSQL user with password authentication, with logging:
AuthName "My PostgreSQL Authenticator"
AuthType basic
Auth_PG_host someserver.somenet
Auth_PG_port 5432
Auth_PG_user postgres
Auth_PG_pwd xxxxxxx
Auth_PG_database www
Auth_PG_pwd_table valid_users
Auth_PG_uid_field user
Auth_PG_pwd_field password
Auth_PG_log_table access_log
Auth_PG_log_uname_field login
Auth_PG_log_date_field date
Auth_PG_log_uri_field request
Auth_PG_log_addrs_field ip_address
<LIMIT GET POST>
require valid-user
</LIMIT>
+PostgreSQL trusted user: + + AuthName "My PostgreSQL Authenticator" + AuthType basic + + Auth_PG_host localhost + Auth_PG_port 5432 + Auth_PG_user postgres + Auth_PG_database www + Auth_PG_function valid_users + Auth_PG_context staff + + <LIMIT GET POST> + require valid-user + </LIMIT> + +-