I’d like to secure my phpmyadmin area by using Apache2 mod_dbd Basic Auth, and I’d like to use the ‘mysql’ database and ‘user’ table for authentication. (Which, in my opinion, makes complete sense.)
The problem I’m having is with the password encryption for this table, which uses MySQL’s PASSWORD() function to store the users password.
I’ve done a bit of tinkering and can’t figure out if it would be possible at all to use mysql’s ‘user’ table because of this, as Apache will only use the encryption types mentioned in this page.
So as a last resort, I’d like to know if anyone has been able to successfully get this working?
Unfortunately, this isn’t possible —
mod_authn_dbddoesn’t actually verify the password itself, but instead acts as a source for a password hash which Apache later checks using a separate authorization module likemod_auth_basicormod_auth_digest. As such, you’d have to find an authorization module which directly supported the MySQLPASSWORD()hash format, which I don’t believe exists.You could, of course, add an extra column to the MySQL
usertable for an Apache-compatible password hash. That’d hardly be any better than just keeping a separate authentication database, though — for instance, you’d have to manually update it whenever you did a new GRANT — so it’s probably not worth doing.