<strong>no userID</strong> or <strong>rule</strong> matching the
supplied userID. If there is a userID and/or rule specified, the usual
password and access checks will be applied and a failure will give
- an Authorization Required reply.</p>
+ an "Authentication Required" reply.</p>
<p>So if a userID appears in the database of more than one module;
or if a valid <code class="directive"><a href="../mod/core.html#require">Require</a></code>
directive applies to more than one module; then the first module
will verify the credentials; and no access is passed on;
- regardless of the AuthAuthoritative setting.</p>
+ regardless of the <code class="directive">AuthBasicAuthoritative</code>
+ setting.</p>
<p>By default control is not passed on and an unknown userID or
- rule will result in an Authorization Required reply. Not setting
+ rule will result in an "Authentication Required" reply. Not setting
it thus keeps the system secure and forces an NCSA compliant
behaviour.</p>
<strong>no userID</strong> or <strong>rule</strong> matching the
supplied userID. If there is a userID and/or rule specified, the usual
password and access checks will be applied and a failure will give
- an Authorization Required reply.</p>
+ an "Authentication Required" reply.</p>
<p>So if a userID appears in the database of more than one module;
or if a valid <directive module="core">Require</directive>
directive applies to more than one module; then the first module
will verify the credentials; and no access is passed on;
- regardless of the AuthAuthoritative setting.</p>
+ regardless of the <directive>AuthBasicAuthoritative</directive>
+ setting.</p>
<p>By default control is not passed on and an unknown userID or
- rule will result in an Authorization Required reply. Not setting
+ rule will result in an "Authentication Required" reply. Not setting
it thus keeps the system secure and forces an NCSA compliant
behaviour.</p>
</usage>
the user file.</p>
<p>The user file is keyed on the username. The value for a user is
- the <code>crypt()</code> encrypted password, optionally followed
- by a colon and arbitrary data. The colon and the data following it
- will be ignored by the server.</p>
+ the encrypted password, optionally followed by a colon and arbitrary
+ data. The colon and the data following it will be ignored by the
+ server.</p>
- <p>Security: make sure that the
- <code class="directive">AuthDBMUserFile</code> is stored outside the
- document tree of the web-server; do <em>not</em> put it in the
- directory that it protects. Otherwise, clients will be able to
- download the <code class="directive">AuthDBMUserFile</code>.</p>
+ <div class="warning"><h3>Security:</h3>
+ <p>Make sure that the <code class="directive">AuthDBMUserFile</code> is stored
+ outside the document tree of the web-server; do <em>not</em> put it in
+ the directory that it protects. Otherwise, clients will be able to
+ download the <code class="directive">AuthDBMUserFile</code>.</p>
+ </div>
<p>Important compatibility note: The implementation of
<code>dbmopen</code> in the apache modules reads the string length of
the user file.</p>
<p>The user file is keyed on the username. The value for a user is
- the <code>crypt()</code> encrypted password, optionally followed
- by a colon and arbitrary data. The colon and the data following it
- will be ignored by the server.</p>
+ the encrypted password, optionally followed by a colon and arbitrary
+ data. The colon and the data following it will be ignored by the
+ server.</p>
- <p>Security: make sure that the
- <directive>AuthDBMUserFile</directive> is stored outside the
- document tree of the web-server; do <em>not</em> put it in the
- directory that it protects. Otherwise, clients will be able to
- download the <directive>AuthDBMUserFile</directive>.</p>
+ <note type="warning"><title>Security:</title>
+ <p>Make sure that the <directive>AuthDBMUserFile</directive> is stored
+ outside the document tree of the web-server; do <em>not</em> put it in
+ the directory that it protects. Otherwise, clients will be able to
+ download the <directive>AuthDBMUserFile</directive>.</p>
+ </note>
<p>Important compatibility note: The implementation of
<code>dbmopen</code> in the apache modules reads the string length of
projects / apache / commitdiff