How To Set Up WebDAV With MySQL Authentication On Apache2 (Debian Etch) - Page 2

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Tue, 2008-06-17 17:13. ::

4 Configure The Virtual Host For WebDAV

You can find the documentation for mod_auth_mysql in the /usr/share/doc/libapache2-mod-auth-mysql directory. To read it, you have to gunzip the DIRECTIVES.gz and USAGE.gz files:

cd /usr/share/doc/libapache2-mod-auth-mysql
gunzip DIRECTIVES.gz
vi DIRECTIVES

gunzip USAGE.gz
vi USAGE

Having read these two files, we create a MySQL database called webdav in which we will create the table mysql_auth which will contain our users and passwords. In addition to that we create the MySQL user webdav_admin - this user will be used by mod_auth_mysql to connect to MySQL later on:

mysqladmin -u root -p create webdav

mysql -u root -p

GRANT SELECT, INSERT, UPDATE, DELETE ON webdav.* TO 'webdav_admin'@'localhost' IDENTIFIED BY 'webdav_admin_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON webdav.* TO 'webdav_admin'@'localhost.localdomain' IDENTIFIED BY 'webdav_admin_password';
FLUSH PRIVILEGES;

(Replace webdav_admin_password with a password of your choice.)

USE webdav;

create table mysql_auth (
username char(25) not null,
passwd char(32),
groups char(25),
primary key (username)
);

(Of course, you can as well use existing tables holding your user credentials, and you can as well have additional fields in the table, such as a field that defines if a user is active or not, for example.)

Now we insert the user test into our mysql_auth table with the password test (MD5 encrypted); this user belongs to the group testgroup:

INSERT INTO `mysql_auth` (`username`, `passwd`, `groups`) VALUES('test', MD5('test'), 'testgroup');

We will later on use the URL http://192.168.0.100/webdav to connect to WebDAV. When you do this on a Windows XP client and type in the user name test, Windows translates this to 192.168.0.100\test. Therefore we create a second user account now:

INSERT INTO `mysql_auth` (`username`, `passwd`, `groups`) VALUES('192.168.0.100\\test', MD5('test'), 'testgroup');

(We must use a second backslash here in the user name to escape the first one!)

You don't have to do this if you specify the port in the WebDAV URL, e.g. http://192.168.0.100:80/webdav - in this case Windows will simply look for the user test, not 192.168.0.100\test.

Then we leave the MySQL shell:

quit;

Now we modify our vhost in /etc/apache2/sites-available/default and add the following lines to it:

vi /etc/apache2/sites-available/default

[...]
Alias /webdav /var/www/web1/web
<Location /webdav>
DAV On
AuthBasicAuthoritative Off
AuthUserFile /dev/null
AuthMySQL On
AuthName "webdav"
AuthType Basic
Auth_MySQL_Host localhost
Auth_MySQL_User webdav_admin
Auth_MySQL_Password webdav_admin_password
AuthMySQL_DB webdav
AuthMySQL_Password_Table mysql_auth
Auth_MySQL_Username_Field username
Auth_MySQL_Password_Field passwd
Auth_MySQL_Empty_Passwords Off
Auth_MySQL_Encryption_Types PHP_MD5
Auth_MySQL_Authoritative On
require valid-user
</Location>
[...]

The Alias directive makes (together with <Location>) that when you call /webdav, WebDAV is invoked, but you can still access the whole document root of the vhost. All other URLs of that vhost are still "normal" HTTP.

The AuthBasicAuthoritative Off and AuthUserFile /dev/null are there to prevent that you get errors like these ones in your Apache error log (/var/log/apache2/error.log):

[Wed Jun 11 17:02:45 2008] [error] Internal error: pcfg_openfile() called with NULL filename
[Wed Jun 11 17:02:45 2008] [error] [client 127.0.0.1] (9)Bad file descriptor: Could not open password file: (null)

If you have additional fields in your MySQL table that define if a user is allowed to log in or not (e.g. a field called active), you can add the Auth_MySQL_Password_Clause directive, e.g.:

[...]
Auth_MySQL_Password_Clause " AND active=1"
[...]

(It is important that the string within the quotation marks begins with a space!)

The require valid-user directive makes that each user listed in the mysql_auth table can log in as long as he/she provides the correct password. If you only want certain users to be allowed to log in, you'd use something like

[...]
require user jane joe
[...]

instead. And if you only want members of certain groups to be allowed to log in, you'd use something like this:

[...]
require group testgroup
[...]

The final vhost should look like this:

NameVirtualHost *
<VirtualHost *>
        ServerAdmin webmaster@localhost

        DocumentRoot /var/www/web1/web/
        <Directory /var/www/web1/web/>
                Options Indexes MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

Alias /webdav /var/www/web1/web
<Location /webdav>
DAV On
AuthBasicAuthoritative Off
AuthUserFile /dev/null
AuthMySQL On
AuthName "webdav"
AuthType Basic
Auth_MySQL_Host localhost
Auth_MySQL_User webdav_admin
Auth_MySQL_Password webdav_admin_password
AuthMySQL_DB webdav
AuthMySQL_Password_Table mysql_auth
Auth_MySQL_Username_Field username
Auth_MySQL_Password_Field passwd
Auth_MySQL_Empty_Passwords Off
Auth_MySQL_Encryption_Types PHP_MD5
Auth_MySQL_Authoritative On
require valid-user
</Location>
</VirtualHost>

Reload Apache afterwards:

/etc/init.d/apache2 reload

 

5 Testing WebDAV

We will now install cadaver, a command-line WebDAV client:

apt-get install cadaver

To test if WebDAV works, type:

cadaver http://localhost/webdav/

You should be prompted for a user name. Type in test and then the password for the user test. If all goes well, you should be granted access which means WebDAV is working ok. Type quit to leave the WebDAV shell:

server1:~# cadaver http://localhost/webdav/
Authentication required for webdav on server `localhost':
Username: test
Password:
dav:/webdav/> quit
Connection to `localhost' closed.
server1:~#

Now test again with the username 192.168.0.100\test (this is the format that Windows XP needs):

cadaver http://localhost/webdav/

server1:~# cadaver http://localhost/webdav/
Authentication required for webdav on server `localhost':
Username: 192.168.0.100\test
Password:
dav:/webdav/> quit
Connection to `localhost' closed.
server1:~#

 

6 Configure A Windows XP Client To Connect To The WebDAV Share

This is described on http://www.howtoforge.com/setting-up-webdav-with-apache2-on-debian-etch-p2.

If Windows keeps asking and asking about the username and password, you should specify the port in the WebDAV URL, e.g. http://192.168.0.100:80/webdav (see chapter four).

 

7 Configure A Linux Client (GNOME) To Connect To The WebDAV Share

This is described on http://www.howtoforge.com/setting-up-webdav-with-apache2-on-debian-etch-p3.

 

8 Troubleshooting

It's a good idea to watch the Apache error log (/var/log/apache2/error.log) while you're trying to connect to WebDAV, e.g. with this command:

tail -f /var/log/apache2/error.log

If you get an error like this:

[Wed Jun 11 15:39:04 2008] [error] [client 192.168.0.46] (13)Permission denied: Could not open property database. [500, #1]

this means that /var/lock/apache2 is not owned by the Apache user (www-data on Debian). You can fix this problem by running:

chown www-data /var/lock/apache2

If Windows keeps asking and asking about the username and password, you should specify the port in the WebDAV URL, e.g. http://192.168.0.100:80/webdav (see chapter four).

 

9 Links


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Art Ketcham (not registered) on Tue, 2009-02-24 20:12.
For some reason, Apache was showing a 404 error instead of the repository, until I made this change in the <Location ...> directive:
Change
DAV On
to
DAV snv
Then, things worked fine.