2 <?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
5 <name>mod_auth_anon</name>
6 <description>Allows "anonymous" user access to authenticated
8 <status>Extension</status>
9 <sourcefile>mod_auth_anon.c</sourcefile>
10 <identifier>auth_anon_module</identifier>
13 <p>This module does access control in a manner similar to
14 anonymous-ftp sites; <em>i.e.</em> have a 'magic' user id
15 'anonymous' and the email address as a password. These email
16 addresses can be logged.</p>
18 <p>Combined with other (database) access control methods, this
19 allows for effective user tracking and customization according
20 to a user profile while still keeping the site open for
21 'unregistered' users. One advantage of using Auth-based user
22 tracking is that, unlike magic-cookies and funny URL
23 pre/postfixes, it is completely browser independent and it
24 allows users to share URLs.</p>
27 <section><title>Example</title>
29 <p>The example below (when combined with the Auth directives of a
30 htpasswd-file based (or GDM, mSQL <em>etc.</em>) base access
31 control system allows users in as 'guests' with the following
35 <li>It insists that the user enters a userId.
36 (<code>Anonymous_NoUserId</code>)</li>
38 <li>It insists that the user enters a password.
39 (<code>Anonymous_MustGiveEmail</code>)</li>
41 <li>The password entered must be a valid email address, ie.
42 contain at least one '@' and a '.'.
43 (<code>Anonymous_VerifyEmail</code>)</li>
45 <li>The userID must be one of <code>anonymous guest www test
46 welcome</code> and comparison is <strong>not</strong> case
49 <li>And the Email addresses entered in the passwd field are
50 logged to the error log file
51 (<code>Anonymous_LogEmail</code>)</li>
54 <p>Excerpt of httpd.conf:</p>
57 Anonymous_NoUserId off<br />
58 Anonymous_MustGiveEmail on<br />
59 Anonymous_VerifyEmail on<br />
60 Anonymous_LogEmail on<br />
61 Anonymous anonymous guest www test welcome<br />
63 AuthName "Use 'anonymous' & Email address for
68 AuthUserFile/AuthDBUserFile/AuthDBMUserFile<br />
69 # directive must be specified, or use<br />
70 # Anonymous_Authoritative for public access.<br />
71 # In the .htaccess for the public directory, add:<br />
73 Order Deny,Allow<br />
76 Require valid-user<br />
82 <name>Anonymous</name>
83 <description>Specifies userIDs that areallowed access without
84 password verification</description>
85 <syntax>Anonymous <em>user</em> [<em>user</em>] ...</syntax>
86 <contextlist><context>directory</context><context>.htaccess</context>
88 <override>AuthConfig</override>
91 <p>A list of one or more 'magic' userIDs which are allowed
92 access without password verification. The userIDs are space
93 separated. It is possible to use the ' and " quotes to allow a
94 space in a userID as well as the \ escape character.</p>
96 <p>Please note that the comparison is
97 <strong>case-IN-sensitive</strong>.<br />
98 I strongly suggest that the magic username
99 '<code>anonymous</code>' is always one of the allowed
103 <example>Anonymous anonymous "Not Registered" 'I don\'t know'</example>
105 <p>This would allow the user to enter without password
106 verification by using the userId's 'anonymous',
107 'AnonyMous','Not Registered' and 'I Don't Know'.</p>
112 <name>Anonymous_Authoritative</name>
113 <description>Configures if authorization will fall-through
114 to other methods</description>
115 <syntax>Anonymous_Authoritative on|off</syntax>
116 <default>Anonymous_Authoritative off</default>
117 <contextlist><context>directory</context><context>.htaccess</context>
119 <override>AuthConfig</override>
122 <p>When set 'on', there is no fall-through to other authorization
123 methods. So if a userID does not match the values specified in the
124 <directive module="mod_auth_anon">Anonymous</directive> directive,
125 access is denied.</p>
127 <p>Be sure you know what you are doing when you decide to
128 switch it on. And remember that it is the linking order of the
129 modules (in the Configuration / Make file) which details the
130 order in which the Authorization modules are queried.</p>
135 <name>Anonymous_LogEmail</name>
136 <description>Sets whether the password entered will be logged in the
137 error log</description>
138 <syntax>Anonymous_LogEmail on|off</syntax>
139 <default>Anonymous_LogEmail on</default>
140 <contextlist><context>directory</context><context>.htaccess</context>
142 <override>AuthConfig</override>
145 <p>When set <code>on</code>, the default, the 'password' entered
146 (which hopefully contains a sensible email address) is logged in
152 <name>Anonymous_MustGiveEmail</name>
153 <description>Specifies whether blank passwords are allowed</description>
154 <syntax>Anonymous_MustGiveEmail on|off</syntax>
155 <default>Anonymous_MustGiveEmail on</default>
156 <contextlist><context>directory</context><context>.htaccess</context>
158 <override>AuthConfig</override>
161 <p>Specifies whether the user must specify an email address as
162 the password. This prohibits blank passwords.</p>
167 <name>Anonymous_NoUserID</name>
168 <description>Sets whether the userID field may be empty</description>
169 <syntax>Anonymous_NoUserID on|off</syntax>
170 <default>Anonymous_NoUserID off</default>
171 <contextlist><context>directory</context><context>.htaccess</context>
173 <override>AuthConfig</override>
176 <p>When set <code>on</code>, users can leave the userID (and
177 perhaps the password field) empty. This can be very convenient for
178 MS-Explorer users who can just hit return or click directly on the
179 OK button; which seems a natural reaction.</p>
184 <name>Anonymous_VerifyEmail</name>
185 <description>Sets whether to check the password field for a correctly
186 formatted email address</description>
187 <syntax>Anonymous_VerifyEmail on|off</syntax>
188 <default>Anonymous_VerifyEmail off</default>
189 <contextlist><context>directory</context><context>.htaccess</context>
191 <override>AuthConfig</override>
194 <p>When set <code>on</code> the 'password' entered is checked for
195 at least one '@' and a '.' to encourage users to enter valid email
196 addresses (see the above <directive
197 module="mod_auth_anon">Auth_LogEmail</directive>).</p>