2 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
3 <?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
6 <name>mod_auth_anon</name>
7 <description>Allows "anonymous" user access to authenticated
9 <status>Extension</status>
10 <sourcefile>mod_auth_anon.c</sourcefile>
11 <identifier>auth_anon_module</identifier>
14 <p>This module does access control in a manner similar to
15 anonymous-ftp sites; <em>i.e.</em> have a 'magic' user id
16 'anonymous' and the email address as a password. These email
17 addresses can be logged.</p>
19 <p>Combined with other (database) access control methods, this
20 allows for effective user tracking and customization according
21 to a user profile while still keeping the site open for
22 'unregistered' users. One advantage of using Auth-based user
23 tracking is that, unlike magic-cookies and funny URL
24 pre/postfixes, it is completely browser independent and it
25 allows users to share URLs.</p>
28 <section><title>Example</title>
30 <p>The example below (when combined with the Auth directives of a
31 htpasswd-file based (or GDM, mSQL <em>etc.</em>) base access
32 control system allows users in as 'guests' with the following
36 <li>It insists that the user enters a userId.
37 (<code>Anonymous_NoUserId</code>)</li>
39 <li>It insists that the user enters a password.
40 (<code>Anonymous_MustGiveEmail</code>)</li>
42 <li>The password entered must be a valid email address, ie.
43 contain at least one '@' and a '.'.
44 (<code>Anonymous_VerifyEmail</code>)</li>
46 <li>The userID must be one of <code>anonymous guest www test
47 welcome</code> and comparison is <strong>not</strong> case
50 <li>And the Email addresses entered in the passwd field are
51 logged to the error log file
52 (<code>Anonymous_LogEmail</code>)</li>
55 <p>Excerpt of httpd.conf:</p>
58 Anonymous_NoUserId off<br />
59 Anonymous_MustGiveEmail on<br />
60 Anonymous_VerifyEmail on<br />
61 Anonymous_LogEmail on<br />
62 Anonymous anonymous guest www test welcome<br />
64 AuthName "Use 'anonymous' & Email address for
69 AuthUserFile/AuthDBUserFile/AuthDBMUserFile<br />
70 # directive must be specified, or use<br />
71 # Anonymous_Authoritative for public access.<br />
72 # In the .htaccess for the public directory, add:<br />
74 Order Deny,Allow<br />
77 Require valid-user<br />
83 <name>Anonymous</name>
84 <description>Specifies userIDs that areallowed access without
85 password verification</description>
86 <syntax>Anonymous <em>user</em> [<em>user</em>] ...</syntax>
87 <contextlist><context>directory</context><context>.htaccess</context>
89 <override>AuthConfig</override>
92 <p>A list of one or more 'magic' userIDs which are allowed
93 access without password verification. The userIDs are space
94 separated. It is possible to use the ' and " quotes to allow a
95 space in a userID as well as the \ escape character.</p>
97 <p>Please note that the comparison is
98 <strong>case-IN-sensitive</strong>.<br />
99 I strongly suggest that the magic username
100 '<code>anonymous</code>' is always one of the allowed
104 <example>Anonymous anonymous "Not Registered" 'I don\'t know'</example>
106 <p>This would allow the user to enter without password
107 verification by using the userId's 'anonymous',
108 'AnonyMous','Not Registered' and 'I Don't Know'.</p>
113 <name>Anonymous_Authoritative</name>
114 <description>Configures if authorization will fall-through
115 to other methods</description>
116 <syntax>Anonymous_Authoritative on|off</syntax>
117 <default>Anonymous_Authoritative off</default>
118 <contextlist><context>directory</context><context>.htaccess</context>
120 <override>AuthConfig</override>
123 <p>When set 'on', there is no fall-through to other authorization
124 methods. So if a userID does not match the values specified in the
125 <directive module="mod_auth_anon">Anonymous</directive> directive,
126 access is denied.</p>
128 <p>Be sure you know what you are doing when you decide to
129 switch it on. And remember that it is the linking order of the
130 modules (in the Configuration / Make file) which details the
131 order in which the Authorization modules are queried.</p>
136 <name>Anonymous_LogEmail</name>
137 <description>Sets whether the password entered will be logged in the
138 error log</description>
139 <syntax>Anonymous_LogEmail on|off</syntax>
140 <default>Anonymous_LogEmail on</default>
141 <contextlist><context>directory</context><context>.htaccess</context>
143 <override>AuthConfig</override>
146 <p>When set <code>on</code>, the default, the 'password' entered
147 (which hopefully contains a sensible email address) is logged in
153 <name>Anonymous_MustGiveEmail</name>
154 <description>Specifies whether blank passwords are allowed</description>
155 <syntax>Anonymous_MustGiveEmail on|off</syntax>
156 <default>Anonymous_MustGiveEmail on</default>
157 <contextlist><context>directory</context><context>.htaccess</context>
159 <override>AuthConfig</override>
162 <p>Specifies whether the user must specify an email address as
163 the password. This prohibits blank passwords.</p>
168 <name>Anonymous_NoUserID</name>
169 <description>Sets whether the userID field may be empty</description>
170 <syntax>Anonymous_NoUserID on|off</syntax>
171 <default>Anonymous_NoUserID off</default>
172 <contextlist><context>directory</context><context>.htaccess</context>
174 <override>AuthConfig</override>
177 <p>When set <code>on</code>, users can leave the userID (and
178 perhaps the password field) empty. This can be very convenient for
179 MS-Explorer users who can just hit return or click directly on the
180 OK button; which seems a natural reaction.</p>
185 <name>Anonymous_VerifyEmail</name>
186 <description>Sets whether to check the password field for a correctly
187 formatted email address</description>
188 <syntax>Anonymous_VerifyEmail on|off</syntax>
189 <default>Anonymous_VerifyEmail off</default>
190 <contextlist><context>directory</context><context>.htaccess</context>
192 <override>AuthConfig</override>
195 <p>When set <code>on</code> the 'password' entered is checked for
196 at least one '@' and a '.' to encourage users to enter valid email
197 addresses (see the above <directive
198 module="mod_auth_anon">Auth_LogEmail</directive>).</p>