"No DBD Authn configured!" with Apache, Digest Auth and DBD

Submitted by Hannes Schmidt on Sat, 02/02/2008 - 14:10.

I use mod_authn_dbd to check HTTP authentication credentials against a MySQL database. After switching from Basic to Digest authentication I got 500 errors and No DBD Authn configured! in the server's error log. It took me a while to realize that it wasn't enough to change

AuthType Basic
AuthBasicProvider dbd

to 

AuthType Digest
AuthDigestProvider dbd

but that I also need to change

AuthDBDUserPWQuery "SELECT … "

to

AuthDBDUserRealmQuery "SELECT … "

Apparently, digest auth requires a lookup by user and realm, whereas basic auth gets by on just looking up user. Both, digest and basic auth specify the realm and user name in clear text in the Authorization header, so I don't know why mod_authn_dbd behaves differently in each mode. Also I'd love to get a less cryptic error message. What's wrong with "AuthDBDUserRealmQuery undefined"?

Note that there is no need to add a realm condition to the WHERE clause of the actual SQL statement. This is because realm is the second parameter and will simply be ignored if there is no second placeholder (%s or ?) in the query.

Hannes Schmidt's blog | add new comment
( categories: Unix | Web Servers | Administrator )
Re: compile-time options?
Submitted by Hannes Schmidt on Fri, 11/07/2008 - 11:46.

#! /bin/sh
#
# Created by configure

CFLAGS="-O2 -pipe -march=k8 -fomit-frame-pointer -msse2 -m3dnow"; export CFLAGS
LDFLAGS=" -Wl,--no-as-needed"; export LDFLAGS
"./configure" \
"--prefix=/usr" \
"--host=x86_64-pc-linux-gnu" \
"--mandir=/usr/share/man" \
"--infodir=/usr/share/info" \
"--datadir=/usr/share" \
"--sysconfdir=/etc" \
"--localstatedir=/var/lib" \
"--includedir=/usr/include/apache2" \
"--libexecdir=/usr/lib64/apache2/modules" \
"--datadir=/var/www/localhost" \
"--sysconfdir=/etc/apache2" \
"--localstatedir=/var" \
"--with-mpm=worker" \
"--with-perl=/usr/bin/perl" \
"--with-apr=/usr" \
"--with-apr-util=/usr" \
"--with-pcre=/usr" \
"--with-z=/usr" \
"--with-port=80" \
"--with-program-name=apache2" \
"--enable-layout=Gentoo" \
"--enable-so=static" \
"--disable-authnz_ldap" \
"--disable-ldap" \
"--with-ssl=/usr" \
"--enable-ssl=shared" \
"--enable-cgid=shared" \
"--with-suexec-safepath=/usr/local/bin:/usr/bin:/bin" \
"--with-suexec-logfile=/var/log/apache2/suexec_log" \
"--with-suexec-bin=/usr/sbin/suexec" \
"--with-suexec-userdir=public_html" \
"--with-suexec-caller=apache" \
"--with-suexec-docroot=/var/www" \
"--with-suexec-uidmin=1234" \
"--with-suexec-gidmin=123" \
"--with-suexec-umask=077" \
"--enable-suexec=shared" \
"--enable-actions=shared" \
"--enable-alias=shared" \
"--enable-asis=shared" \
"--enable-auth_basic=shared" \
"--enable-auth_digest=shared" \
"--enable-authn_alias=shared" \
"--enable-authn_anon=shared" \
"--enable-authn_dbd=shared" \
"--enable-authn_dbm=shared" \
"--enable-authn_default=shared" \
"--enable-authn_file=shared" \
"--enable-authz_dbm=shared" \
"--enable-authz_default=shared" \
"--enable-authz_groupfile=shared" \
"--enable-authz_host=shared" \
"--enable-authz_owner=shared" \
"--enable-authz_user=shared" \
"--enable-autoindex=shared" \
"--enable-cache=shared" \
"--enable-cern_meta=shared" \
"--enable-charset_lite=shared" \
"--enable-dav=shared" \
"--enable-dav_fs=shared" \
"--enable-dav_lock=shared" \
"--enable-dbd=shared" \
"--enable-deflate=shared" \
"--enable-dir=shared" \
"--enable-disk_cache=shared" \
"--enable-dumpio=shared" \
"--enable-env=shared" \
"--enable-expires=shared" \
"--enable-ext_filter=shared" \
"--enable-file_cache=shared" \
"--enable-filter=shared" \
"--enable-headers=shared" \
"--enable-ident=shared" \
"--enable-imagemap=shared" \
"--enable-include=shared" \
"--enable-info=shared" \
"--enable-log_config=shared" \
"--enable-log_forensic=shared" \
"--enable-logio=shared" \
"--enable-mem_cache=shared" \
"--enable-mime=shared" \
"--enable-mime_magic=shared" \
"--enable-negotiation=shared" \
"--enable-proxy=shared" \
"--enable-proxy_ajp=shared" \
"--enable-proxy_balancer=shared" \
"--enable-proxy_connect=shared" \
"--enable-proxy_ftp=shared" \
"--enable-proxy_http=shared" \
"--enable-rewrite=shared" \
"--enable-setenvif=shared" \
"--enable-speling=shared" \
"--enable-status=shared" \
"--enable-unique_id=shared" \
"--enable-userdir=shared" \
"--enable-usertrack=shared" \
"--enable-version=shared" \
"--enable-vhost_alias=shared" \
"--libdir=/usr/lib64" \
"--build=x86_64-pc-linux-gnu" \
"build_alias=x86_64-pc-linux-gnu" \
"host_alias=x86_64-pc-linux-gnu" \
"CFLAGS=-O2 -pipe -march=k8 -fomit-frame-pointer -msse2 -m3dnow" \
"LDFLAGS= -Wl,--no-as-needed" \
"$@"

-- Hannes

reply
compile-time options?
Submitted by Anonymous on Fri, 11/07/2008 - 09:52.
Can you post your ./configure options here? When I try to switch to Digest, Apache tells me that AuthDigestProvider does not exist: Invalid command 'AuthDigestProvider', perhaps misspelled or defined by a module not included in the server configuration Thanks, Greg
reply