2 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
3 <?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
4 <!-- $LastChangedRevision$ -->
7 Licensed to the Apache Software Foundation (ASF) under one or more
8 contributor license agreements. See the NOTICE file distributed with
9 this work for additional information regarding copyright ownership.
10 The ASF licenses this file to You under the Apache License, Version 2.0
11 (the "License"); you may not use this file except in compliance with
12 the License. You may obtain a copy of the License at
14 http://www.apache.org/licenses/LICENSE-2.0
16 Unless required by applicable law or agreed to in writing, software
17 distributed under the License is distributed on an "AS IS" BASIS,
18 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19 See the License for the specific language governing permissions and
20 limitations under the License.
23 <modulesynopsis metafile="mod_authn_core.xml.meta">
25 <name>mod_authn_core</name>
26 <description>Core Authentication</description>
28 <sourcefile>mod_authn_core.c</sourcefile>
29 <identifier>authn_core_module</identifier>
30 <compatibility>Available in Apache 2.3 and later</compatibility>
33 <p>This module provides core authentication capabilities to
34 allow or deny access to portions of the web site.
35 <module>mod_authn_core</module> provides directives that are
36 common to all authentication providers.</p>
39 <section id="authnalias"><title>Creating Authentication Provider Aliases</title>
41 <p>Extended authentication providers can be created
42 within the configuration file and assigned an alias name. The alias
43 providers can then be referenced through the directives
44 <directive module="mod_auth_basic">AuthBasicProvider</directive> or
45 <directive module="mod_auth_digest">AuthDigestProvider</directive> in
46 the same way as a base authentication provider. Besides the ability
47 to create and alias an extended provider, it also allows the same
48 extended authentication provider to be reference by multiple
51 <section id="example"><title>Examples</title>
53 <p>This example checks for passwords in two different text
56 <example><title>Checking multiple text password files</title>
57 <highlight language="config">
59 <AuthnProviderAlias file file1>
60 AuthUserFile /www/conf/passwords1
61 </AuthnProviderAlias>
64 <AuthnProviderAlias file file2>
65 AuthUserFile /www/conf/passwords2
66 </AuthnProviderAlias>
68 <Directory /var/web/pages/secure>
69 AuthBasicProvider file1 file2
72 AuthName "Protected Area"
78 <p>The example below creates two different ldap authentication
79 provider aliases based on the ldap provider. This allows
80 a single authenticated location to be serviced by multiple ldap
83 <example><title>Checking multiple LDAP servers</title>
84 <highlight language="config">
85 <AuthnProviderAlias ldap ldap-alias1>
86 AuthLDAPBindDN cn=youruser,o=ctx
87 AuthLDAPBindPassword yourpassword
88 AuthLDAPURL ldap://ldap.host/o=ctx
89 </AuthnProviderAlias>
90 <AuthnProviderAlias ldap ldap-other-alias>
91 AuthLDAPBindDN cn=yourotheruser,o=dev
92 AuthLDAPBindPassword yourotherpassword
93 AuthLDAPURL ldap://other.ldap.host/o=dev?cn
94 </AuthnProviderAlias>
96 Alias /secure /webpages/secure
97 <Directory /webpages/secure>
101 AuthBasicProvider ldap-other-alias ldap-alias1
104 AuthName "LDAP Protected Place"
115 <name>AuthName</name>
116 <description>Authorization realm for use in HTTP
117 authentication</description>
118 <syntax>AuthName <var>auth-domain</var></syntax>
119 <contextlist><context>directory</context><context>.htaccess</context>
121 <override>AuthConfig</override>
124 <p>This directive sets the name of the authorization realm for a
125 directory. This realm is given to the client so that the user
126 knows which username and password to send.
127 <directive>AuthName</directive> takes a single argument; if the
128 realm name contains spaces, it must be enclosed in quotation
129 marks. It must be accompanied by <directive
130 module="mod_authn_core">AuthType</directive> and <directive
131 module="mod_authz_core">Require</directive> directives, and directives such
132 as <directive module="mod_authn_file">AuthUserFile</directive> and
133 <directive module="mod_authz_groupfile">AuthGroupFile</directive> to
138 <highlight language="config">
139 AuthName "Top Secret"
142 <p>The string provided for the <code>AuthName</code> is what will
143 appear in the password dialog provided by most browsers.</p>
146 href="../howto/auth.html">Authentication, Authorization, and
147 Access Control</a></seealso>
148 <seealso><module>mod_authz_core</module></seealso>
152 <name>AuthType</name>
153 <description>Type of user authentication</description>
154 <syntax>AuthType None|Basic|Digest|Form</syntax>
155 <contextlist><context>directory</context><context>.htaccess</context>
157 <override>AuthConfig</override>
160 <p>This directive selects the type of user authentication for a
161 directory. The authentication types available are <code>None</code>,
162 <code>Basic</code> (implemented by
163 <module>mod_auth_basic</module>), <code>Digest</code>
164 (implemented by <module>mod_auth_digest</module>), and
165 <code>Form</code> (implemented by <module>mod_auth_form</module>).</p>
167 <p>To implement authentication, you must also use the <directive
168 module="mod_authn_core">AuthName</directive> and <directive
169 module="mod_authz_core">Require</directive> directives. In addition, the
170 server must have an authentication-provider module such as
171 <module>mod_authn_file</module> and an authorization module such
172 as <module>mod_authz_user</module>.</p>
174 <p>The authentication type <code>None</code> disables authentication.
175 When authentication is enabled, it is normally inherited by each
176 subsequent <a href="../sections.html#mergin">configuration section</a>,
177 unless a different authentication type is specified. If no
178 authentication is desired for a subsection of an authenticated
179 section, the authentication type <code>None</code> may be used;
180 in the following example, clients may access the
181 <code>/www/docs/public</code> directory without authenticating:</p>
183 <highlight language="config">
184 <Directory /www/docs>
187 AuthBasicProvider file
188 AuthUserFile /usr/local/apache/passwd/passwords
192 <Directory /www/docs/public>
198 <note>When disabling authentication, note that clients which have
199 already authenticated against another portion of the server's document
200 tree will typically continue to send authentication HTTP headers
201 or cookies with each request, regardless of whether the server
202 actually requires authentication for every resource.</note>
205 <seealso><a href="../howto/auth.html">Authentication, Authorization,
206 and Access Control</a></seealso>
209 <directivesynopsis type="section">
210 <name>AuthnProviderAlias</name>
211 <description>Enclose a group of directives that represent an
212 extension of a base authentication provider and referenced by
213 the specified alias</description>
214 <syntax><AuthnProviderAlias <var>baseProvider Alias</var>>
215 ... </AuthnProviderAlias></syntax>
216 <contextlist><context>server config</context>
220 <p><code><AuthnProviderAlias></code> and
221 <code></AuthnProviderAlias></code> are used to enclose a group of
222 authentication directives that can be referenced by the alias name
223 using one of the directives <directive module="mod_auth_basic">
224 AuthBasicProvider</directive> or <directive module="mod_auth_digest">
225 AuthDigestProvider</directive>.</p>