Apache mod-auth-mysql with phpass encrypted password (Wordpress)

You can use a patched version of mod-auth-mysql to accept Phpass encrypted passwords. I'll include instructions on how to do this in ubuntu and debian.

The raw patch file is available here

Patching Mod-auth-mysql in Ubuntu/Debian to support Phpass

These instructions have been tested in Ubuntu 10.4, 12.04 and 14.04.5, but should work on many other Debian based platforms with minimal changes.

Create a working directory for building the patched .deb package

mkdir mod-auth-mysql-phpasscd mod-auth-mysql-phpass

Get dependencies needed for building the package and the package source.

sudo apt-get build-dep mod-auth-mysql fakerootapt-get source mod-auth-mysql

Go to the newly created source folder.

cd mod-auth-mysql-4.3.9

Use Debian tool to create a properly debian formatted patch (.dpatch). First check the current list of patches.

cat debian/patches/00list

The last official patch will be at the end of the list. Use the name of the last patchas the last argument of dpatch-edit-patch command below. Also pick a number one greater for the name of the new phpass patch.In my case the last patch in the list was 017-doc_persistent_conn.dpatch and the name of phpass patch is then 018-phpass.

dpatch-edit-patch patch 018-phpass 017-doc_persistent_conn.dpatch

dpatch-edit-patch will start a new shell inside a special folder thatit will use to build the custom debian formatted patch.

download the raw patch

wget https://pelam.fi/published_sources/mod-auth-mysql-phpass/patch.diff

Apply the raw patch and delete it.

patch < patch.diffrm patch.diff

Tell dpatch-edit-patch that our custom patch can be generated.

exit

Wonder at your new properly Debian formatted patch. You should alsoreview the changes made by this unofficial patch if you care about security :)

cat debian/patches/018-phpass.dpatch 

Add the new patch to the list of patches to be applied when .deb package is built.

echo 018-phpass.dpatch >> debian/patches/00list 

Build the patched package

dpkg-buildpackage -b -uc

Now you can install your custom built .deb package (the built package name may vary depending on your system).

sudo dpkg --install ../libapache2-mod-auth-mysql_4.3.9-13.1ubuntu3_amd64.deb

Configuring Mod-auth-mysql to Authenticate Against Wordpress Using Phpass

Enable mod-auth-mysql:

sudo a2enmod auth_mysql

Restart apache for the new module to take effect:

sudo service apache2 restart

The documentation (Now including Phpass) can be viewed with eg. less command

zless /usr/share/doc/libapache2-mod-auth-mysql/DIRECTIVES.gz

Here is a sample .htaccess file that allows access only for Wordpress administrators:

AuthType BasicAuthName "Give Wordpress Administrator username and password"Auth_MySQL_User YOUR_MYSQL_USER_HEREAuth_MySQL_Password YOUR_MYSQL_PASSWORD_HEREAuth_MySQL_Host YOUR_MYSQL_SERVER_HEREAuthBasicAuthoritative Off# I don't know a better way to disable the default password file authenticationAuthUserFile /dev/nullAuth_MySQL onAuth_MySQL_DB YOUR_WORDPRESS_MYSQL_SCHEMA_NAME_HEREAuth_MySQL_Password_Table wp_usersAuth_MySQL_Username_Field wp_users.user_loginAuth_MySQL_Password_Field wp_users.user_passAuth_MySQL_Encryption_Types PHPass PHP_MD5Auth_MySQL_Group_Table "wp_users, wp_usermeta"Auth_MySQL_Group_Clause "AND wp_users.ID = wp_usermeta.user_id AND wp_usermeta.meta_key='wp-capabilities' and m.meta_value like '%s:13:\"administrator\"%'"Auth_MySQL_Persistent OnAuth_MySQL_Authoritative OffAuth_MySQL_CharacterSet utf8Require valid-userOrder allow,denyAllow from all