SQLAuthTypes [ [OpenSSL]] [ [Crypt]] [ [Backend]] [ [Plaintext]] [ [Empty]]
Default
none
Context
server config, <Global>, <VirtualHost>
Module
mod_sql
Compatibility
1.2.0 and later
This directive deprecates 'SQLEmptyPasswords', 'SQLScrambledPasswords', 'SQLSSLHashedPasswords', 'SQLPlaintextPasswords', and 'SQLEncryptedPasswords'.
The SQLAuthTypes directive specifies which authentication method are to be allowed, and their order of use. You must specify at least one authentication method.
The current supported authentication methods are:
Backend
Allows database-specific backend passwords. Not all backend databases support this option. For example, MySQL datatabases use this option to authenticate MySQL 'PASSWORD()' encrypted passwords. The Postgres backend, however, does nothing.Caveat : if your MySQL activity log is world-readable, the user password will be visible . You have been warned.
Crypt
Allows passwords in the database to be of Unix crypt(3) form.
Empty
Allows empty passwords in the database, which match against any password the user may give. The database field must be a truly empty string; NULL values are not acceptable as empty passwords. Be very careful if using this authentication method.
OpenSSL
Allows passwords in the database to be of the form '{digest-name}hashed-value', where hashed-value is the base64-encoded digest of the passsword. Only available if you define HAVE_OPENSSL when you compile proftpd and you link with OpenSSL's libcrypto library.
Plaintext
Allows passwords in the database to be in plaintext.
SQLAuthTypes Crypt Empty
configures mod_sql to first attempt to verify the password using the Unix crypt(3) function, then, if that fails, determine if the password in the database is empty (thus matching any given password). If all of the configured authentication methods fail, mod_sql will fail to authenticate the user.