From 5deafab3ac59c12b96dadf8e02ed39d49ff2b237 Mon Sep 17 00:00:00 2001
From: Sven Velt <sven@velt.biz>
Date: Wed, 16 Oct 2024 10:08:02 +0200
Subject: [PATCH] Kapitel 08: AAA

---
 conf/kapitel/kapitel_08.conf | 114 +++++++++++++++++++++++++++++++++++
 1 file changed, 114 insertions(+)
 create mode 100644 conf/kapitel/kapitel_08.conf

diff --git a/conf/kapitel/kapitel_08.conf b/conf/kapitel/kapitel_08.conf
new file mode 100644
index 0000000..48efcd0
--- /dev/null
+++ b/conf/kapitel/kapitel_08.conf
@@ -0,0 +1,114 @@
+##### Kapitel 8 - AAA
+
+<Location /secure-server-info>
+	SetHandler server-info
+
+	Require  ip  127.0.0.1  ::1
+</Location>
+
+
+<Location /halfsecure-server-status>
+	SetHandler server-status
+
+	AuthType Basic
+	AuthName "Half-Secure Server-Status"
+	AuthUserFile /usr/local/apache2/htpasswd.users
+
+	<RequireAny>
+		Require ip 127.0.0.1 ::1
+		Require valid-user
+	</RequireAny>
+</Location>
+
+### Digest-Authentication
+
+LoadModule auth_digest_module modules/mod_auth_digest.so
+
+<Location /digest>
+	AuthType Digest
+	AuthName "Geheim"
+	AuthUserFile /usr/local/apache2/htdigest.users
+	Require valid-user
+</Location>
+
+### MySQL-Authentication
+
+LoadModule authn_dbd_module modules/mod_authn_dbd.so
+LoadModule authz_dbd_module modules/mod_authz_dbd.so
+LoadModule dbd_module modules/mod_dbd.so
+
+<VirtualHost 172.31.31.104:80>
+	ServerName	mysql.sv
+	ServerAlias	*.mysql.sv
+	DocumentRoot	/usr/local/apache2/htdocs-firma1.sv/
+
+	DBDriver	mysql
+	DBDParams	"dbname=userdb user=apache pass=apache"
+	DBDMin		2
+	DBDKeep		4
+	DBDMax		8
+	DBDExptime	300
+
+	<Location />
+		AuthType		Basic
+		AuthName		"MySQL-Auth"
+		AuthBasicProvider	dbd
+		AuthDBDUserPWQuery	"SELECT password FROM userdb WHERE user=%s"
+		Require			valid-user
+	</Location>
+</VirtualHost>
+
+### SQLite-Authentication, mit Caching
+
+LoadModule authn_socache_module modules/mod_authn_socache.so
+LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
+
+<VirtualHost 172.31.31.104:80>
+	ServerName	sqlite.sv
+	ServerAlias	*.sqlite.sv
+	DocumentRoot	/usr/local/apache2/htdocs-firma2.sv/
+
+	DBDriver	sqlite3
+	DBDParams	"/usr/local/apache2/digest.sqlite3"
+
+	DBDPrepareSQL	"SELECT password FROM digest WHERE user=%s AND realm=%s"  digquery
+
+	<Location />
+		AuthType		Digest
+		AuthName		"SQLite-Auth"
+		AuthDigestProvider	socache dbd
+
+		AuthnCacheProvideFor	dbd
+		AuthnCacheContext	my-sqlite3-location
+
+		# AuthDBDUserRealmQuery	digquery
+		AuthDBDUserRealmQuery	"SELECT password FROM digest WHERE user=%s AND realm=%s"
+		Require			valid-user
+	</Location>
+</VirtualHost>
+
+### LDAP-Authentication
+
+LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
+LoadModule ldap_module modules/mod_ldap.so
+
+<VirtualHost 172.31.31.104:80>
+	ServerName	ldap.sv
+	ServerAlias	*.ldap.sv
+	DocumentRoot	/usr/local/apache2/htdocs-ipbased.sv/
+
+	<Location />
+		AuthType		Basic
+		AuthName		"LDAP-Auth"
+		AuthBasicProvider	ldap
+		# AuthzLDAPAuthoritative	off
+		#AuthLDAPURL		ldaps://localhost:636/ou=People,dc=ipbased,dc=sv?uid?
+		AuthLDAPURL		ldap://localhost/ou=Users,dc=heinlein-akademie,dc=de?uid?
+		Require			valid-user
+	</Location>
+
+	CustomLog		logs/ldap_access.log	combined
+	ErrorLog		logs/ldap_error.log
+	LogLevel		info
+</VirtualHost>
+