1 <?xml version="1.0" encoding="ISO-8859-1"?>
2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
4 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
5 This file is generated from xml source: DO NOT EDIT
6 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
7 --><title>mod_auth_dbm - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs-project/">Documentation</a> > <a href="../">Version 2.0</a> > <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Obsolete Apache Module mod_auth_dbm</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description:
8 </a></th><td>Provides for user authentication using DBM
9 files</td></tr><tr><th><a href="module-dict.html#Status">Status:
10 </a></th><td>Obsolete<em> (obsolete since 2.0.44)</em><br /></td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:
11 </a></th><td>auth_dbm_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File:
12 </a></th><td>mod_auth_dbm.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
13 </a></th><td>Available only in versions up to 2.0.43</td></tr></table><h3>Summary</h3>
14 <div class="warning"><h3>This module is obsolete!</h3>
15 <p>Note, that this module has been marked as obsolete. A bunch
16 of modules was introduced in Apache version 2.0.44 that
17 support the new Authentication/Authorization provider mechnism.</p>
19 <p>In order to get the ability of HTTP Basic Authentication, you have
20 to use the <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code> module that implements
21 the HTTP part. <code class="module"><a href="../mod/mod_authn_dbm.html">mod_authn_dbm</a></code> provides for user
22 authentication based on DBM-files. DBM-File based group
23 authorization is now done by the <code class="module"><a href="../mod/mod_authz_dbm.html">mod_authz_dbm</a></code>
26 <p>This document is kept only for historical reasons and no
27 longer maintained.</p>
30 <p>This module provides for HTTP Basic Authentication, where
31 the usernames and passwords are stored in DBM type database
32 files. It is an alternative to the plain text password files
33 provided by <code class="module"><a href="../mod/obs_mod_auth.html">mod_auth</a></code>.</p>
34 </div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authdbmauthoritative">AuthDBMAuthoritative</a></li>
35 <li><img alt="" src="../images/down.gif" /> <a href="#authdbmgroupfile">AuthDBMGroupFile</a></li>
36 <li><img alt="" src="../images/down.gif" /> <a href="#authdbmtype">AuthDBMType</a></li>
37 <li><img alt="" src="../images/down.gif" /> <a href="#authdbmuserfile">AuthDBMUserFile</a></li>
38 </ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDBMAuthoritative" id="AuthDBMAuthoritative">AuthDBMAuthoritative</a> <a name="authdbmauthoritative" id="authdbmauthoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
39 </a></th><td>Sets whether authentication and authorization will be
40 passwed on to lower level modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
41 </a></th><td><code>AuthDBMAuthoritative on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
42 </a></th><td><code>AuthDBMAuthoritative on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
43 </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
44 </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
45 </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
46 </a></th><td>mod_auth_dbm</td></tr></table>
48 <div class="note">This information has not been updated to take into account the
49 new module ordering techniques in Apache 2.0</div>
51 <p>Setting the <code class="directive">AuthDBMAuthoritative</code>
52 directive explicitly to <strong>'off'</strong> allows for both
53 authentication and authorization to be passed on to lower level
54 modules (as defined in the <code>Configuration</code> and
55 <code>modules.c</code> file if there is <strong>no userID</strong>
56 or <strong>rule</strong> matching the supplied userID. If there is
57 a userID and/or rule specified; the usual password and access
58 checks will be applied and a failure will give an Authorization
61 <p>So if a userID appears in the database of more than one module;
62 or if a valid <code class="directive"><a href="../mod/core.html#require">Require</a></code>
63 directive applies to more than one module; then the first module
64 will verify the credentials; and no access is passed on;
65 regardless of the <code class="directive">AuthAuthoritative</code> setting.</p>
67 <p>A common use for this is in conjunction with one of the
68 basic auth modules; such as <code class="module"><a href="../mod/obs_mod_auth.html">mod_auth</a></code>. Whereas this
69 DBM module supplies the bulk of the user credential checking; a
70 few (administrator) related accesses fall through to a lower
71 level with a well protected .htpasswd file.</p>
73 <p>By default, control is not passed on and an unknown userID
74 or rule will result in an Authorization Required reply. Not
75 setting it thus keeps the system secure and forces an NCSA
76 compliant behaviour.</p>
78 <p>Security: Do consider the implications of allowing a user to
79 allow fall-through in his .htaccess file; and verify that this
80 is really what you want; Generally it is easier to just secure
81 a single .htpasswd file, than it is to secure a database which
82 might have more access interfaces.</p>
83 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDBMGroupFile" id="AuthDBMGroupFile">AuthDBMGroupFile</a> <a name="authdbmgroupfile" id="authdbmgroupfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
84 </a></th><td>Sets the name of the database file containing the list
85 of user groups for authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
86 </a></th><td><code>AuthDBMGroupFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
87 </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
88 </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
89 </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
90 </a></th><td>mod_auth_dbm</td></tr></table>
91 <p>The <code class="directive">AuthDBMGroupFile</code> directive sets the
92 name of a DBM file containing the list of user groups for user
93 authentication. <var>File-path</var> is the absolute path to the
96 <p>The group file is keyed on the username. The value for a
97 user is a comma-separated list of the groups to which the users
98 belongs. There must be no whitespace within the value, and it
99 must never contain any colons.</p>
101 <p>Security: make sure that the
102 <code class="directive">AuthDBMGroupFile</code> is stored outside the
103 document tree of the web-server; do <em>not</em> put it in the
104 directory that it protects. Otherwise, clients will be able to
105 download the <code class="directive">AuthDBMGroupFile</code> unless
106 otherwise protected.</p>
108 <p>Combining Group and Password DBM files: In some cases it is
109 easier to manage a single database which contains both the
110 password and group details for each user. This simplifies any
111 support programs that need to be written: they now only have to
112 deal with writing to and locking a single DBM file. This can be
113 accomplished by first setting the group and password files to
114 point to the same DBM:</p>
116 <div class="example"><p><code>
117 AuthDBMGroupFile /www/userbase<br />
118 AuthDBMUserFile /www/userbase
121 <p>The key for the single DBM is the username. The value consists
124 <div class="example"><p><code>
125 <var>Unix Crypt-ed Password</var>:<var>List of Groups</var>[:(ignored)]
128 <p>The password section contains the Unix <code>crypt()</code>
129 password as before. This is followed by a colon and the comma
130 separated list of groups. Other data may optionally be left in the
131 DBM file after another colon; it is ignored by the authentication
132 module. This is what www.telescope.org uses for its combined
133 password and group database.</p>
134 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDBMType" id="AuthDBMType">AuthDBMType</a> <a name="authdbmtype" id="authdbmtype">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
135 </a></th><td>Sets the type of database file that is used to
136 store passwords</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
137 </a></th><td><code>AuthDBMType default|SDBM|GDBM|NDBM|DB</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
138 </a></th><td><code>AuthDBMType default</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
139 </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
140 </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
141 </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
142 </a></th><td>mod_auth_dbm</td></tr><tr><th><a href="directive-dict.html#Compatibility">Compatibility:
143 </a></th><td>Available in version 2.0.30 and later.</td></tr></table>
145 <p>Sets the type of database file that is used to store the passwords.
146 The default database type is determined at compile time. The
147 availability of other types of database files also depends on
148 <a href="../install.html#dbm">compile-time settings</a>.</p>
150 <p>It is crucial that whatever program you use to create your password
151 files is configured to use the same type of database.</p>
152 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDBMUserFile" id="AuthDBMUserFile">AuthDBMUserFile</a> <a name="authdbmuserfile" id="authdbmuserfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
153 </a></th><td>Sets thename of a database file containing the list of users and
154 passwords for authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
155 </a></th><td><code>AuthDBMUserFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
156 </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
157 </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
158 </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
159 </a></th><td>mod_auth_dbm</td></tr></table>
160 <p>The <code class="directive">AuthDBMUserFile</code> directive sets the
161 name of a DBM file containing the list of users and passwords for
162 user authentication. <var>File-path</var> is the absolute path to
165 <p>The user file is keyed on the username. The value for a user is
166 the <code>crypt()</code> encrypted password, optionally followed
167 by a colon and arbitrary data. The colon and the data following it
168 will be ignored by the server.</p>
170 <p>Security: make sure that the
171 <code class="directive">AuthDBMUserFile</code> is stored outside the
172 document tree of the web-server; do <em>not</em> put it in the
173 directory that it protects. Otherwise, clients will be able to
174 download the <code class="directive">AuthDBMUserFile</code>.</p>
176 <p>Important compatibility note: The implementation of
177 "dbmopen" in the apache modules reads the string length of the
178 hashed values from the DBM data structures, rather than relying
179 upon the string being NULL-appended. Some applications, such as
180 the Netscape web server, rely upon the string being
181 NULL-appended, so if you are having trouble using DBM files
182 interchangeably between applications this may be a part of the
185 <p>A perl script called
186 <a href="../programs/dbmmanage.html">dbmmanage</a> is included with
187 Apache. This program can be used to create and update DBM
188 format password files for use with this module.</p>
189 </div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>