I recently migrated our Subversion repositories and trac sites from one server to another. This gave me the chance to reorganize our layout and authentication mechanism. I chose to replace our existing .htaccess files with mod_auth_mysql
because it fit two key criteria:
- Its easy to administer – Logging into the server and running htpasswd every time I need to add a user or change a password is a PITA
- Most of the applications we use offer MySQL authentication functions, so I can grant access to several things at once.
The docs on how to set it up were fairly clear, with one exception: I would have liked to have seen an example of how to use multiple tables for group membership. After a little more Googling I ran across such an example, taken from Integration of Jira User Management with Apache.Common database normalization techniques suggest that users and passwords go into one table, groups in another, and a third table should be used to join the two by IDs. This is what I was after, and thats what Jiras integration doc showed me. It was also confirmation that I had chosen an appropriate central authentication mechanism.
Eric was nice enough to whip up a Rails CRUD utility to manage the tables (which will be posted soon) and from there it was a simple matter to instruct Apache to use those tables whenever it needed authentication. By the way, a great way to do that is with a separate file such as “mysql-auth.inc” and just use the Apache Include directive to include that file wherever you need authentication.