</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div><div class="section"><h2><a name="using" id="using">Using Environment Variables</a></h2>
- <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="./mod/mod_access.html">mod_access</a></code></li><li><code class="module"><a href="./mod/mod_cgi.html">mod_cgi</a></code></li><li><code class="module"><a href="./mod/mod_ext_filter.html">mod_ext_filter</a></code></li><li><code class="module"><a href="./mod/mod_headers.html">mod_headers</a></code></li><li><code class="module"><a href="./mod/mod_include.html">mod_include</a></code></li><li><code class="module"><a href="./mod/mod_log_config.html">mod_log_config</a></code></li><li><code class="module"><a href="./mod/mod_rewrite.html">mod_rewrite</a></code></li></ul></td><td><ul><li><code class="directive"><a href="./mod/mod_access.html#allow">Allow</a></code></li><li><code class="directive"><a href="./mod/mod_log_config.html#customlog">CustomLog</a></code></li><li><code class="directive"><a href="./mod/mod_access.html#deny">Deny</a></code></li><li><code class="directive"><a href="./mod/mod_ext_filter.html#extfilterdefine">ExtFilterDefine</a></code></li><li><code class="directive"><a href="./mod/mod_headers.html#header">Header</a></code></li><li><code class="directive"><a href="./mod/mod_log_config.html#logformat">LogFormat</a></code></li><li><code class="directive"><a href="./mod/mod_rewrite.html#rewritecond">RewriteCond</a></code></li><li><code class="directive"><a href="./mod/mod_rewrite.html#rewriterule">RewriteRule</a></code></li></ul></td></tr></table>
+ <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="./mod/mod_authz_host.html">mod_authz_host</a></code></li><li><code class="module"><a href="./mod/mod_cgi.html">mod_cgi</a></code></li><li><code class="module"><a href="./mod/mod_ext_filter.html">mod_ext_filter</a></code></li><li><code class="module"><a href="./mod/mod_headers.html">mod_headers</a></code></li><li><code class="module"><a href="./mod/mod_include.html">mod_include</a></code></li><li><code class="module"><a href="./mod/mod_log_config.html">mod_log_config</a></code></li><li><code class="module"><a href="./mod/mod_rewrite.html">mod_rewrite</a></code></li></ul></td><td><ul><li><code class="directive"><a href="./mod/mod_authz_host.html#allow">Allow</a></code></li><li><code class="directive"><a href="./mod/mod_log_config.html#customlog">CustomLog</a></code></li><li><code class="directive"><a href="./mod/mod_authz_host.html#deny">Deny</a></code></li><li><code class="directive"><a href="./mod/mod_ext_filter.html#extfilterdefine">ExtFilterDefine</a></code></li><li><code class="directive"><a href="./mod/mod_headers.html#header">Header</a></code></li><li><code class="directive"><a href="./mod/mod_log_config.html#logformat">LogFormat</a></code></li><li><code class="directive"><a href="./mod/mod_rewrite.html#rewritecond">RewriteCond</a></code></li><li><code class="directive"><a href="./mod/mod_rewrite.html#rewriterule">RewriteRule</a></code></li></ul></td></tr></table>
<h3><a name="cgi-scripts" id="cgi-scripts">CGI Scripts</a></h3>
<p><code>.htaccess</code> files provide a way to make configuration
changes on a per-directory basis.</p>
</div><div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#related">.htaccess files</a></li><li><img alt="" src="../images/down.gif" /> <a href="#what">What they are/How to use them</a></li><li><img alt="" src="../images/down.gif" /> <a href="#when">When (not) to use .htaccess files</a></li><li><img alt="" src="../images/down.gif" /> <a href="#how">How directives are applied</a></li><li><img alt="" src="../images/down.gif" /> <a href="#auth">Authentication example</a></li><li><img alt="" src="../images/down.gif" /> <a href="#ssi">Server side includes example</a></li><li><img alt="" src="../images/down.gif" /> <a href="#cgi">CGI example</a></li><li><img alt="" src="../images/down.gif" /> <a href="#troubleshoot">Troubleshooting</a></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="related" id="related">.htaccess files</a></h2>
- <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="../mod/core.html">core</a></code></li><li><code class="module"><a href="../mod/mod_auth.html">mod_auth</a></code></li><li><code class="module"><a href="../mod/mod_cgi.html">mod_cgi</a></code></li><li><code class="module"><a href="../mod/mod_include.html">mod_include</a></code></li><li><code class="module"><a href="../mod/mod_mime.html">mod_mime</a></code></li></ul></td><td><ul><li><code class="directive"><a href="../mod/core.html#accessfilename">AccessFileName</a></code></li><li><code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code></li><li><code class="directive"><a href="../mod/core.html#options">Options</a></code></li><li><code class="directive"><a href="../mod/mod_mime.html#addhandler">AddHandler</a></code></li><li><code class="directive"><a href="../mod/core.html#sethandler">SetHandler</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/mod_auth.html#authuserfile">AuthUserFile</a></code></li><li><code class="directive"><a href="../mod/mod_auth.html#authgroupfile">AuthGroupFile</a></code></li><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li></ul></td></tr></table>
+ <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="../mod/core.html">core</a></code></li><li><code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code></li><li><code class="module"><a href="../mod/mod_authz_groupfile.html">mod_authz_groupfile</a></code></li><li><code class="module"><a href="../mod/mod_cgi.html">mod_cgi</a></code></li><li><code class="module"><a href="../mod/mod_include.html">mod_include</a></code></li><li><code class="module"><a href="../mod/mod_mime.html">mod_mime</a></code></li></ul></td><td><ul><li><code class="directive"><a href="../mod/core.html#accessfilename">AccessFileName</a></code></li><li><code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code></li><li><code class="directive"><a href="../mod/core.html#options">Options</a></code></li><li><code class="directive"><a href="../mod/mod_mime.html#addhandler">AddHandler</a></code></li><li><code class="directive"><a href="../mod/core.html#sethandler">SetHandler</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/mod_authn_file.html#authuserfile">AuthUserFile</a></code></li><li><code class="directive"><a href="../mod/mod_authz_groupfile.html#authgroupfile">AuthGroupFile</a></code></li><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li></ul></td></tr></table>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="what" id="what">What they are/How to use them</a></h2>
<h3><a name="dbm" id="dbm">DBM</a></h3>
<p>Several Apache features, including
- <code class="module"><a href="./mod/mod_auth_dbm.html">mod_auth_dbm</a></code> and <code class="module"><a href="./mod/mod_rewrite.html">mod_rewrite</a></code>'s
+ <code class="module"><a href="./mod/mod_authn_dbm.html">mod_authn_dbm</a></code> and <code class="module"><a href="./mod/mod_rewrite.html">mod_rewrite</a></code>'s
DBM <code class="directive"><a href="./mod/mod_rewrite.html#rewritemap">RewriteMap</a></code> use
simple key/value databases for quick lookups of information. Apache
includes SDBM with its source-code, so this database is always
instance a authentication which checks for a set of
explicitly configured users. Only these should receive
access and without explicit prompting (which would occur
- when using the Basic Auth via <code class="module"><a href="../mod/mod_access.html">mod_access</a></code>).</p>
+ when using the Basic Auth via <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code>).</p>
</dd>
<dt>Solution:</dt>
Allow use of the authorization directives (<code class="directive"><a href="../mod/mod_authn_dbm.html#authdbmgroupfile">AuthDBMGroupFile</a></code>,
<code class="directive"><a href="../mod/mod_authn_dbm.html#authdbmuserfile">AuthDBMUserFile</a></code>,
- <code class="directive"><a href="../mod/mod_authn_file.html#authgroupfile">AuthGroupFile</a></code>,
+ <code class="directive"><a href="../mod/mod_authz_groupfile.html#authgroupfile">AuthGroupFile</a></code>,
<code class="directive"><a href="#authname">AuthName</a></code>,
<code class="directive"><a href="#authtype">AuthType</a></code>, <code class="directive"><a href="../mod/mod_authn_file.html#authuserfile">AuthUserFile</a></code>, <code class="directive"><a href="#require">Require</a></code>, <em>etc.</em>).</dd>
<dt>Limit</dt>
<dd>
- Allow use of the directives controlling host access (<code class="directive"><a href="../mod/mod_access.html#allow">Allow</a></code>, <code class="directive"><a href="../mod/mod_access.html#deny">Deny</a></code> and <code class="directive"><a href="../mod/mod_access.html#order">Order</a></code>).</dd>
+ Allow use of the directives controlling host access (<code class="directive"><a href="../mod/mod_authz_host.html#allow">Allow</a></code>, <code class="directive"><a href="../mod/mod_authz_host.html#deny">Deny</a></code> and <code class="directive"><a href="../mod/mod_authz_host.html#order">Order</a></code>).</dd>
<dt>Options</dt>
<code class="directive">AuthName</code> takes a single argument; if the
realm name contains spaces, it must be enclosed in quotation
marks. It must be accompanied by <code class="directive"><a href="#authtype">AuthType</a></code> and <code class="directive"><a href="#require">Require</a></code> directives, and directives such
- as <code class="directive"><a href="../mod/mod_auth.html#authuserfile">AuthUserFile</a></code> and
- <code class="directive"><a href="../mod/mod_auth.html#authgroupfile">AuthGroupFile</a></code> to
+ as <code class="directive"><a href="../mod/mod_authn_file.html#authuserfile">AuthUserFile</a></code> and
+ <code class="directive"><a href="../mod/mod_authz_groupfile.html#authgroupfile">AuthGroupFile</a></code> to
work.</p>
<p>For example:</p>
currently implemented.
It must be accompanied by <code class="directive"><a href="#authname">AuthName</a></code> and <code class="directive"><a href="#require">Require</a></code> directives, and directives such
- as <code class="directive"><a href="../mod/mod_auth.html#authuserfile">AuthUserFile</a></code> and
- <code class="directive"><a href="../mod/mod_auth.html#authgroupfile">AuthGroupFile</a></code> to
+ as <code class="directive"><a href="../mod/mod_authn_file.html#authuserfile">AuthUserFile</a></code> and
+ <code class="directive"><a href="../mod/mod_authz_groupfile.html#authgroupfile">AuthGroupFile</a></code> to
work.</p>
<h3>See also</h3><ul><li><a href="../howto/auth.html">Authentication, Authorization,
and Access Control</a></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="CGIMapExtension" id="CGIMapExtension">CGIMapExtension</a> <a name="cgimapextension" id="cgimapextension">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
address. (In "tcpwrappers" terminology this is called
<code>PARANOID</code>.)</p>
- <p>Regardless of the setting, when <code class="module"><a href="../mod/mod_access.html">mod_access</a></code> is
+ <p>Regardless of the setting, when <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code> is
used for controlling access by hostname, a double reverse lookup
will be performed. This is necessary for security. Note that the
result of this double-reverse isn't generally available unless you
<p><code class="directive">Require</code> must be accompanied by
<code class="directive"><a href="#authname">AuthName</a></code> and <code class="directive"><a href="#authtype">AuthType</a></code> directives, and directives such
- as <code class="directive"><a href="../mod/mod_auth.html#authuserfile">AuthUserFile</a></code>
- and <code class="directive"><a href="../mod/mod_auth.html#authgroupfile">AuthGroupFile</a></code> (to
+ as <code class="directive"><a href="../mod/mod_authn_file.html#authuserfile">AuthUserFile</a></code>
+ and <code class="directive"><a href="../mod/mod_authz_groupfile.html#authgroupfile">AuthGroupFile</a></code> (to
define users and groups) in order to work correctly. Example:</p>
<div class="example"><p><code>
place the <code class="directive">Require</code> statement into a
<code class="directive"><a href="#limit"><Limit></a></code>
section.</p>
-<h3>See also</h3><ul><li><code class="directive"><a href="#satisfy">Satisfy</a></code></li><li><code class="module"><a href="../mod/mod_access.html">mod_access</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="RLimitCPU" id="RLimitCPU">RLimitCPU</a> <a name="rlimitcpu" id="rlimitcpu">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+<h3>See also</h3><ul><li><code class="directive"><a href="#satisfy">Satisfy</a></code></li><li><code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="RLimitCPU" id="RLimitCPU">RLimitCPU</a> <a name="rlimitcpu" id="rlimitcpu">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Limits the CPU consumption of processes launched
by Apache children</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code>RLimitCPU <var>number</var>|max [<var>number</var>|max]</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Core</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>core</td></tr></table>
- <p>Access policy if both <code class="directive"><a href="#allow">Allow</a></code> and <code class="directive"><a href="#require">Require</a></code> used. The parameter can be
+ <p>Access policy if both <code class="directive"><a href="../mod/mod_authz_host.html#allow">Allow</a></code> and <code class="directive"><a href="#require">Require</a></code> used. The parameter can be
either <var>all</var> or <var>any</var>. This directive is only
useful if access to a particular area is being restricted by both
username/password <em>and</em> client host address. In this case
Satisfy any
</code></p></div>
-<h3>See also</h3><ul><li><code class="directive"><a href="../mod/mod_access.html#allow">Allow</a></code></li><li><code class="directive"><a href="#require">Require</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="ScriptInterpreterSource" id="ScriptInterpreterSource">ScriptInterpreterSource</a> <a name="scriptinterpretersource" id="scriptinterpretersource">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+<h3>See also</h3><ul><li><code class="directive"><a href="../mod/mod_authz_host.html#allow">Allow</a></code></li><li><code class="directive"><a href="#require">Require</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="ScriptInterpreterSource" id="ScriptInterpreterSource">ScriptInterpreterSource</a> <a name="scriptinterpretersource" id="scriptinterpretersource">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Technique for locating the interpreter for CGI
scripts</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code>ScriptInterpreterSource registry|script</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
<ul>
<li><a href="#reqvaliduser">require valid-user</a></li>
-
<li><a href="#requser">require user</a></li>
-
<li><a href="#reqgroup">require group</a></li>
-
<li><a href="#reqdn">require dn</a></li>
</ul>
</li>
<li><a href="#examples">Examples</a></li>
-
<li><a href="#usingtls">Using TLS</a></li>
-
<li><a href="#usingssl">Using SSL</a></li>
<li>
<ul>
<li><a href="#howitworks">How It Works</a></li>
-
<li><a href="#fpcaveats">Caveats</a></li>
</ul>
</li>
FrontPage with mod_auth_ldap</a></h2>
<p>Normally, FrontPage uses FrontPage-web-specific user/group
- files (i.e., the <code class="module"><a href="../mod/mod_auth.html">mod_auth</a></code> module) to handle all
+ files (i.e., the <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code> and
+ <code class="module"><a href="../mod/mod_authz_groupfile.html">mod_authz_groupfile</a></code> modules) to handle all
authentication. Unfortunately, it is not possible to just
change to LDAP authentication by adding the proper directives,
because it will break the <em>Permissions</em> forms in
<ul>
<li>When choosing the LDAP URL, the attribute to use for
authentication should be something that will also be valid
- for putting into a <code class="module"><a href="../mod/mod_auth.html">mod_auth</a></code> user file. The user ID is
- ideal for this.</li>
+ for putting into a <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code> user file.
+ The user ID is ideal for this.</li>
<li>When adding users via FrontPage, FrontPage administrators
should choose usernames that already exist in the LDAP
LDAP database, and not against the password in the local user
file. This could cause confusion for web administrators.</li>
- <li>Apache must be compiled with <code class="module"><a href="../mod/mod_auth.html">mod_auth</a></code> in order to
+
+ <li>Apache must be compiled with <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code>,
+ <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code> and
+ <code class="module"><a href="../mod/mod_authz_groupfile.html">mod_authz_groupfile</a></code> in order to
use FrontPage support. This is because Apache will still use
- the <code class="module"><a href="../mod/mod_auth.html">mod_auth</a></code> group file for determine the extent of a
+ the <code class="module"><a href="../mod/mod_authz_groupfile.html">mod_authz_groupfile</a></code> group file for determine the extent of a
user's access to the FrontPage web.</li>
<li>The directives must be put in the <code>.htaccess</code>
files. Attempting to put them inside <code class="directive"><a href="../mod/core.html#location"><Location></a></code> or <code class="directive"><a href="../mod/core.html#directory"><Directory></a></code> directives won't work. This
is because <code class="module"><a href="../mod/mod_auth_ldap.html">mod_auth_ldap</a></code> has to be able to grab
- the <code class="directive"><a href="../mod/mod_auth.html#authuserfile">AuthUserFile</a></code>
+ the <code class="directive"><a href="../mod/mod_authn_file.html#authuserfile">AuthUserFile</a></code>
directive that is found in FrontPage <code>.htaccess</code>
files so that it knows where to look for the valid user list. If
the <code class="module"><a href="../mod/mod_auth_ldap.html">mod_auth_ldap</a></code> directives aren't in the same
AuthType basic<br />
<br />
# An
- AuthUserFile/AuthDBUserFile/AuthDBMUserFile<br />
+ AuthUserFile/AuthDBMUserFile<br />
# directive must be specified, or use<br />
# Anonymous_Authoritative for public access.<br />
# In the .htaccess for the public directory, add:<br />
</a></th><td>authz_host_module</td></tr><tr><th><a href="module-dict.html#SourceFile">SourceĀ File:
</a></th><td>mod_authz_host.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
</a></th><td>Available in Apache 2.0.44 and later</td></tr></table><h3>Summary</h3>
- <p>The directives provided by mod_authz_host are used in <code class="directive"><a href="../mod/core.html#directory"><Directory></a></code>, <code class="directive"><a href="../mod/core.html#files"><Files></a></code>, and <code class="directive"><a href="../mod/core.html#location"><Location></a></code> sections as well as
- <code><a href="core.html#accessfilename">.htaccess</a></code>
- files to control access to particular parts of the server. Access
- can be controlled based on the client hostname, IP address, or
+ <p>The directives provided by <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code> are
+ used in <code class="directive"><a href="../mod/core.html#directory"><Directory></a></code>,
+ <code class="directive"><a href="../mod/core.html#files"><Files></a></code>, and
+ <code class="directive"><a href="../mod/core.html#location"><Location></a></code> sections
+ as well as <code><a href="core.html#accessfilename">.htaccess</a>
+ </code> files to control access to particular parts of the server.
+ Access can be controlled based on the client hostname, IP address, or
other characteristics of the client request, as captured in <a href="../env.html">environment variables</a>. The <code class="directive"><a href="#allow">Allow</a></code> and <code class="directive"><a href="#deny">Deny</a></code> directives are used to
specify which clients are or are not allowed access to the server,
while the <code class="directive"><a href="#order">Order</a></code>
<p>You may wish to add a
<code class="directive"><a href="../mod/core.html#<limit>"><Limit></a></code>
clause inside the
- <code class="directive"><a href="../mod/core.html#<location>"><location></a></code>
+ <code class="directive"><a href="../mod/core.html#<location>"><Location></a></code>
directive to limit access to your server configuration
information.</p>
the module <em>module-name</em>. Example:</p>
<div class="example"><p><code>
-AddModuleInfo mod_authn_file.c 'See <A \<br />
- HREF="http://www.apache.org/docs-2.0/mod/mod_authn_file.html">\<br />
- http://www.apache.org/docs-2.0/mod/mod_authn_file.html</A>'
+ AddModuleInfo mod_authn_file.c 'See <a \<br />
+ <span class="indent">
+ href="http://www.apache.org/docs-2.0/mod/mod_authn_file.html">\<br />
+ http://www.apache.org/docs-2.0/mod/mod_authn_file.html</a>'
+ </span>
</code></p></div>
</div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
\ No newline at end of file
<p>The key is to check for various ingredients of the client certficate.
Usually this means to check the whole or part of the Distinguished
- Name (DN) of the Subject. For this two methods exists: The <code class="module"><a href="../mod/mod_auth.html">mod_auth</a></code> based variant and the <code class="directive"><a href="../mod/mod_ssl.html#sslrequire">SSLRequire</a></code> variant. The first method is good when the
- clients are of totally different type, i.e. when their DNs have no
- common fields (usually the organisation, etc.). In this case you've
- to establish a password database containing <em>all</em> clients. The
- second method is better when your clients are all part of a common
- hierarchy which is encoded into the DN. Then you can match them more
- easily.</p>
+ Name (DN) of the Subject. For this two methods exists: The <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code> based variant and the <code class="directive"><a href="../mod/mod_ssl.html#sslrequire">SSLRequire</a></code> variant. The first method is
+ good when the clients are of totally different type, i.e. when their
+ DNs have no common fields (usually the organisation, etc.). In this
+ case you've to establish a password database containing <em>all</em>
+ clients. The second method is better when your clients are all part of
+ a common hierarchy which is encoded into the DN. Then you can match
+ them more easily.</p>
<p>The first method:</p>
<div class="example"><h3>httpd.conf</h3><pre>
SSLRequireSSL
AuthName "Snake Oil Authentication"
AuthType Basic
+AuthBasicProvider file
AuthUserFile /usr/local/apache2/conf/httpd.passwd
require valid-user
</Directory></pre></div>
# HTTP Basic Authentication
AuthType basic
AuthName "Protected Intranet Area"
+AuthBasicProvider file
AuthUserFile conf/protected.passwd
Require valid-user
</Directory></pre></div>