<li><a href="mod_proxy.html#allowconnect">AllowCONNECT</a></li>
<li><a href="core.html#allowoverride">AllowOverride</a></li>
<li><a href="mod_authn_anon.html#anonymous">Anonymous</a></li>
-<li><a href="mod_authn_anon.html#anonymous_authoritative">Anonymous_Authoritative</a></li>
<li><a href="mod_authn_anon.html#anonymous_logemail">Anonymous_LogEmail</a></li>
<li><a href="mod_authn_anon.html#anonymous_mustgiveemail">Anonymous_MustGiveEmail</a></li>
<li><a href="mod_authn_anon.html#anonymous_nouserid">Anonymous_NoUserID</a></li>
<li><a href="mod_authz_dbm.html#authdbmgroupfile">AuthDBMGroupFile</a></li>
<li><a href="mod_authn_dbm.html#authdbmtype">AuthDBMType</a></li>
<li><a href="mod_authn_dbm.html#authdbmuserfile">AuthDBMUserFile</a></li>
+<li><a href="mod_authn_default.html#authdefaultauthoritative">AuthDefaultAuthoritative</a></li>
<li><a href="mod_auth_digest.html#authdigestalgorithm">AuthDigestAlgorithm</a></li>
<li><a href="mod_auth_digest.html#authdigestdomain">AuthDigestDomain</a></li>
-<li><a href="mod_auth_digest.html#authdigestfile">AuthDigestFile</a></li>
-<li><a href="mod_auth_digest.html#authdigestgroupfile">AuthDigestGroupFile</a></li>
<li><a href="mod_auth_digest.html#authdigestnccheck">AuthDigestNcCheck</a></li>
<li><a href="mod_auth_digest.html#authdigestnonceformat">AuthDigestNonceFormat</a></li>
<li><a href="mod_auth_digest.html#authdigestnoncelifetime">AuthDigestNonceLifetime</a></li>
+<li><a href="mod_auth_digest.html#authdigestprovider">AuthDigestProvider</a></li>
<li><a href="mod_auth_digest.html#authdigestqop">AuthDigestQop</a></li>
+<li><a href="mod_auth_digest.html#authdigestshmemsize">AuthDigestShmemSize</a></li>
<li><a href="mod_authz_groupfile.html#authgroupfile">AuthGroupFile</a></li>
<li><a href="mod_auth_ldap.html#authldapauthoritative">AuthLDAPAuthoritative</a></li>
<li><a href="mod_auth_ldap.html#authldapbinddn">AuthLDAPBindDN</a></li>
<li><a href="mod_authn_file.html#authuserfile">AuthUserFile</a></li>
<li><a href="mod_authz_dbm.html#authzdbmauthoritative">AuthzDBMAuthoritative</a></li>
<li><a href="mod_authz_dbm.html#authzdbmtype">AuthzDBMType</a></li>
+<li><a href="mod_authz_default.html#authzdefaultauthoritative">AuthzDefaultAuthoritative</a></li>
<li><a href="mod_authz_groupfile.html#authzgroupfileauthoritative">AuthzGroupFileAuthoritative</a></li>
+<li><a href="mod_authz_user.html#authzuserauthoritative">AuthzUserAuthoritative</a></li>
<li><a href="mod_setenvif.html#browsermatch" id="B" name="B">BrowserMatch</a></li>
<li><a href="mod_setenvif.html#browsermatchnocase">BrowserMatchNoCase</a></li>
<li><a href="mod_cache.html#cachedefaultexpire" id="C" name="C">CacheDefaultExpire</a></li>
<dt><a href="mod_authn_anon.html">mod_authn_anon</a></dt><dd>Allows "anonymous" user access to authenticated
areas</dd>
<dt><a href="mod_authn_dbm.html">mod_authn_dbm</a></dt><dd>User authentication using DBM files</dd>
+<dt><a href="mod_authn_default.html">mod_authn_default</a></dt><dd>Authentication fallback module</dd>
<dt><a href="mod_authn_file.html">mod_authn_file</a></dt><dd>User authentication using text files</dd>
<dt><a href="mod_authz_dbm.html">mod_authz_dbm</a></dt><dd>Group authorization using DBM files</dd>
+<dt><a href="mod_authz_default.html">mod_authz_default</a></dt><dd>Authorization fallback module</dd>
<dt><a href="mod_authz_groupfile.html">mod_authz_groupfile</a></dt><dd>Group authorization using plaintext files</dd>
<dt><a href="mod_authz_host.html">mod_authz_host</a></dt><dd>Group authorizations based on host (name or IP
address)</dd>
+<dt><a href="mod_authz_user.html">mod_authz_user</a></dt><dd>User Authorization</dd>
<dt><a href="mod_autoindex.html">mod_autoindex</a></dt><dd>Generates directory indexes,
automatically, similar to the Unix <code>ls</code> command or the
Win32 <code>dir</code> shell command</dd>
</a></th><td>auth_basic_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File:
</a></th><td>mod_auth_basic.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
</a></th><td>Available in Apache 2.1 and later</td></tr></table><h3>Summary</h3>
-
<p>This module allows the use of HTTP Basic Authentication to
restrict access by looking up users in the given providers.
HTTP Digest Authentication is provided by
<code class="module"><a href="../mod/mod_auth_digest.html">mod_auth_digest</a></code>.</p>
-
</div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authbasicauthoritative">AuthBasicAuthoritative</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authbasicprovider">AuthBasicProvider</a></li>
</ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthBasicAuthoritative" id="AuthBasicAuthoritative">AuthBasicAuthoritative</a> <a name="authbasicauthoritative" id="authbasicauthoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
- </a></th><td>Sets whether authorization and authentication are
-
passed to lower level modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
- </a></th><td><code>AuthBasicAuthoritative
on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
- </a></th><td><code>AuthBasicAuthoritative
on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>Sets whether authorization and authentication are passed to
+lower level modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code>AuthBasicAuthoritative
On|Off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
+ </a></th><td><code>AuthBasicAuthoritative
On</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Base</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_auth_basic</td></tr></table>
<p>Setting the <code class="directive">AuthBasicAuthoritative</code> directive
- explicitly to <strong>'off'</strong> allows for both
+ explicitly to <code>Off</code> allows for both
authentication and authorization to be passed on to lower level
- modules (as defined in the <code>Configuration</code> and
- <code>modules.c</code> files) if there is <strong>no
- userID</strong> or <strong>rule</strong> matching the supplied
- userID. If there is a userID and/or rule specified; the usual
+ modules (as defined in the <code>modules.c</code> files) if there is
+ <strong>no userID</strong> or <strong>rule</strong> matching the
+ supplied userID. If there is a userID and/or rule specified, the usual
password and access checks will be applied and a failure will give
an Authorization Required reply.</p>
will verify the credentials; and no access is passed on;
regardless of the AuthAuthoritative setting.</p>
- <p>By default; control is not passed on; and an unknown userID or
+ <p>By default control is not passed on and an unknown userID or
rule will result in an Authorization Required reply. Not setting
- it thus keeps the system secure; and forces an NCSA compliant
+ it thus keeps the system secure and forces an NCSA compliant
behaviour.</p>
-
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthBasicProvider" id="AuthBasicProvider">AuthBasicProvider</a> <a name="authbasicprovider" id="authbasicprovider">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Sets the authentication provider(s) for this location</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
- </a></th><td><code>AuthBasicProvider <em>provider-name</em></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
- </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
- </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td><code>AuthBasicProvider On|Off|<var>provider-name</var>
+[<var>provider-name</var>] ...</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
+ </a></th><td><code>AuthBasicProvider On</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>directory</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Base</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_auth_basic</td></tr></table>
<p>The <code class="directive">AuthBasicProvider</code> directive sets
- which provider is used to authenticate the users for this location.</p>
+ which provider is used to authenticate the users for this location.
+ Setting the value to <code>On</code> will choose the default provider
+ (<code>file</code>). Since the <code>file</code> provider is implemented
+ by the <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code> module, you have to make sure,
+ that the module is present in the server.</p>
+
+ <div class="example"><h3>Example</h3><p><code>
+ <Location /secure><br />
+ <span class="indent">
+ AuthBasicProvider dbm<br />
+ AuthDBMType SDBM<br />
+ AuthDBMUserFile /www/etc/dbmpasswd<br />
+ Require valid-user<br />
+ </span>
+ </Location>
+ </code></p></div>
- <p>See <code class="module"><a href="../mod/mod_authn_dbm.html">mod_authn_dbm</a></code>
, <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code>
+ <p>See <code class="module"><a href="../mod/mod_authn_dbm.html">mod_authn_dbm</a></code>
and <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code>
for providers.</p>
+ <p>The value <code>Off</code> clears the provider list and sets it back
+ to the default.</p>
</div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
\ No newline at end of file
</a></th><td>Experimental</td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:
</a></th><td>auth_digest_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File:
</a></th><td>mod_auth_digest.c</td></tr></table><h3>Summary</h3>
- <p>This module implements HTTP Digest Authentication. However, it
+ <p>This module implements HTTP Digest Authentication. However, it
has not been extensively tested and is therefore marked
experimental.</p>
</div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authdigestalgorithm">AuthDigestAlgorithm</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authdigestdomain">AuthDigestDomain</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#authdigestfile">AuthDigestFile</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#authdigestgroupfile">AuthDigestGroupFile</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authdigestnccheck">AuthDigestNcCheck</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authdigestnonceformat">AuthDigestNonceFormat</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authdigestnoncelifetime">AuthDigestNonceLifetime</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#authdigestprovider">AuthDigestProvider</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authdigestqop">AuthDigestQop</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#authdigestshmemsize">AuthDigestShmemSize</a></li>
</ul><h3>Topics</h3><ul id="topics"><li><img alt="" src="../images/down.gif" /> <a href="#using">Using Digest Authentication</a></li></ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="using" id="using">Using Digest Authentication</a></h2>
<p>Using MD5 Digest authentication is very simple. Simply set
- up authentication normally, using "AuthType Digest" and
- "AuthDigestFile" instead of the normal "AuthType Basic" and
- "AuthUserFile"; also, replace any "AuthGroupFile" with
- "AuthDigestGroupFile". Then add a "AuthDigestDomain" directive
- containing at least the root URI(s) for this protection space.
- Example:</p>
+ up authentication normally, using <code>AuthType Digest</code> and
+ <code class="directive"><a href="#authdigestprovider">AuthDigestProvider</a></code>
+ instead of the normal <code>AuthType Basic</code> and
+ <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code>.
+ Then add a <code class="directive"><a href="#authdigestdomain">AuthDigestDomain</a></code> directive containing at least the root
+ URI(s) for this protection space.</p>
- <div class="example"><p><code>
+ <p>Appropriate user (text) files can be created using the
+ <a href="../programs/htdigest.html">htdigest</a> tool.</p>
+
+ <div class="example"><h3>Example:</h3><p><code>
<Location /private/><br />
<span class="indent">
AuthType Digest<br />
AuthName "private area"<br />
AuthDigestDomain /private/ http://mirror.my.dom/private2/<br />
- AuthDigestFile /web/auth/.digest_pw<br />
+ <br />
+ AuthDigestProvider file<br />
+ AuthUserFile /web/auth/.digest_pw<br />
Require valid-user<br />
</span>
</Location>
<div class="note"><h3>Note</h3>
<p>Digest authentication provides a more secure password system
than Basic authentication, but only works with supporting
- browsers. As of July 2002, the major browsers that support digest
+ browsers. As of November 2002, the major browsers that support digest
authentication are <a href="http://www.opera.com/">Opera</a>, <a href="http://www.microsoft.com/windows/ie/">MS Internet
- Explorer</a> (fails when used with a query string), <a href="http://www.w3.org/Amaya/">Amaya</a> and <a href="http://www.mozilla.org">Mozilla</a>. Since digest
+ Explorer</a> (fails when used with a query string), <a href="http://www.w3.org/Amaya/">Amaya</a>, <a href="http://www.mozilla.org">Mozilla</a> and <a href="http://channels.netscape.com/ns/browsers/download.jsp">Netscape</a> since version 7. Since digest
authentication is not as widely implemented as basic
- authentication, you should use it only in controlled settings.</p>
+ authentication, you should use it only in controlled environments.</p>
</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestAlgorithm" id="AuthDigestAlgorithm">AuthDigestAlgorithm</a> <a name="authdigestalgorithm" id="authdigestalgorithm">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Selects the algorithm used to calculate the challenge and
which case clients (which understand this) will then share
username/password info across multiple servers without
prompting the user each time. </p>
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestFile" id="AuthDigestFile">AuthDigestFile</a> <a name="authdigestfile" id="authdigestfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
- </a></th><td>Location of the text file containing the list
-of users and encoded passwords for digest authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
- </a></th><td><code>AuthDigestFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
- </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
- </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
- </a></th><td>Experimental</td></tr><tr><th><a href="directive-dict.html#Module">Module:
- </a></th><td>mod_auth_digest</td></tr></table>
- <p>The <code class="directive">AuthDigestFile</code> directive sets the
- name of a textual file containing the list of users and encoded
- passwords for digest authentication. <var>File-path</var> is the
- absolute path to the user file.</p>
-
- <p>The digest file uses a special format. Files in this format
- can be created using the <a href="../programs/htdigest.html">htdigest</a> utility found in
- the support/ subdirectory of the Apache distribution.</p>
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestGroupFile" id="AuthDigestGroupFile">AuthDigestGroupFile</a> <a name="authdigestgroupfile" id="authdigestgroupfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
- </a></th><td>Name of the text file containing the list of groups
-for digest authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
- </a></th><td><code>AuthDigestGroupFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
- </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
- </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
- </a></th><td>Experimental</td></tr><tr><th><a href="directive-dict.html#Module">Module:
- </a></th><td>mod_auth_digest</td></tr></table>
- <p>The <code class="directive">AuthDigestGroupFile</code> directive sets
- the name of a textual file containing the list of groups and their
- members (user names). <var>File-path</var> is the absolute path to
- the group file.</p>
-
- <p>Each line of the group file contains a groupname followed by
- a colon, followed by the member usernames separated by spaces.
- Example:</p>
-
- <div class="example"><p><code>mygroup: bob joe anne</code></p></div>
-
- <p>Note that searching large text files is <em>very</em>
- inefficient.</p>
-
- <p>Security: make sure that the AuthGroupFile is stored outside
- the document tree of the web-server; do <em>not</em> put it in
- the directory that it protects. Otherwise, clients will be able
- to download the AuthGroupFile.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestNcCheck" id="AuthDigestNcCheck">AuthDigestNcCheck</a> <a name="authdigestnccheck" id="authdigestnccheck">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Enables or disables checking of the nonce-count sent by the
server</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Experimental</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_auth_digest</td></tr></table>
- <p><strong>Not implemented yet.</strong>
- </p>
+ <div class="note">Not implemented yet.</div>
+
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestNonceLifetime" id="AuthDigestNonceLifetime">AuthDigestNonceLifetime</a> <a name="authdigestnoncelifetime" id="authdigestnoncelifetime">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>How long the server nonce is valid</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code>AuthDigestNonceLifetime <var>seconds</var></code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
seconds. If <var>seconds</var> is less than 0 then the nonce never
expires.
</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestProvider" id="AuthDigestProvider">AuthDigestProvider</a> <a name="authdigestprovider" id="authdigestprovider">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+ </a></th><td>Sets the authentication provider(s) for this location</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code>AuthDigestProvider On|Off|<var>provider-name</var>
+[<var>provider-name</var>] ...</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
+ </a></th><td><code>AuthBasicProvider On</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>directory</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td>Experimental</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>mod_auth_digest</td></tr></table>
+ <p>The <code class="directive">AuthDigestProvider</code> directive sets
+ which provider is used to authenticate the users for this location.
+ Setting the value to <code>On</code> will choose the default provider
+ (<code>file</code>). Since the <code>file</code> provider is implemented
+ by the <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code> module, you have to make sure,
+ that the module is present in the server.</p>
+
+ <p>See <code class="module"><a href="../mod/mod_authn_dbm.html">mod_authn_dbm</a></code> and <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code>
+ for providers.</p>
+
+ <p>The value <code>Off</code> clears the provider list and sets it back
+ to the default.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestQop" id="AuthDigestQop">AuthDigestQop</a> <a name="authdigestqop" id="authdigestqop">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Determines the quality-of-protection to use in digest
authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td>Experimental</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_auth_digest</td></tr></table>
<p>The <code class="directive">AuthDigestQop</code> directive determines
- the quality-of-protection to use. <code>auth</code> will only do
- authentication (username/password); <code>auth-int</code> is
+ the <dfn>quality-of-protection</dfn> to use. <code>auth</code> will
+ only do authentication (username/password); <code>auth-int</code> is
authentication plus integrity checking (an MD5 hash of the entity
is also computed and checked); <code>none</code> will cause the module
to use the old RFC-2069 digest algorithm (which does not include
<div class="note">
<code>auth-int</code> is not implemented yet.
</div>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestShmemSize" id="AuthDigestShmemSize">AuthDigestShmemSize</a> <a name="authdigestshmemsize" id="authdigestshmemsize">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+ </a></th><td>The amount of shared memory to allocate for keeping track
+of clients</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code>AuthDigestShmemSize <var>size</var></code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
+ </a></th><td><code>AuthDigestShmemSize 1000</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>server config</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td>Experimental</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>mod_auth_digest</td></tr></table>
+ <p>The <code class="directive">AuthDigestShmemSize</code> directive defines
+ the amount of shared memory, that will be allocated at the server
+ startup for keeping track of clients. Note that the shared memory
+ segment cannot be set less than the space that is neccessary for
+ tracking at least <em>one</em> client. This value is dependant on your
+ system. If you want to find out the exact value, you may simply
+ set <code class="directive">AuthDigestShmemSize</code> to the value of
+ <code>0</code> and read the error message after trying to start the
+ server.</p>
+
+ <p>The <var>size</var> is normally expressed in Bytes, but you
+ may let the number follow a <code>K</code> or an <code>M</code> to
+ express your value as KBytes or MBytes. For example, the following
+ directives are all equivalent:</p>
+
+ <div class="example"><p><code>
+ AuthDigestShmemSize 1048576<br />
+ AuthDigestShmemSize 1024K<br />
+ AuthDigestShmemSize 1M<br />
+ </code></p></div>
</div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
\ No newline at end of file
</a></th><td>authn_anon_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File:
</a></th><td>mod_authn_anon.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
</a></th><td>Available in Apache 2.1 and later</td></tr></table><h3>Summary</h3>
- <p>This module does access control in a manner similar to
- anonymous-ftp sites; <em>i.e.</em> have a 'magic' user id
+ <p>This module provides authentication front-ends such as
+ <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code> to authenticate users similar
+ to anonymous-ftp sites, <em>i.e.</em> have a 'magic' user id
'anonymous' and the email address as a password. These email
addresses can be logged.</p>
tracking is that, unlike magic-cookies and funny URL
pre/postfixes, it is completely browser independent and it
allows users to share URLs.</p>
+
+ <p>When using <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code>, this module is invoked
+ via the <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code>
+ directive with the <code>anon</code> value.</p>
</div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#anonymous">Anonymous</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#anonymous_authoritative">Anonymous_Authoritative</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#anonymous_logemail">Anonymous_LogEmail</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#anonymous_mustgiveemail">Anonymous_MustGiveEmail</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#anonymous_nouserid">Anonymous_NoUserID</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#anonymous_verifyemail">Anonymous_VerifyEmail</a></li>
-</ul><h3>Topics</h3><ul id="topics"><li><img alt="" src="../images/down.gif" /> Example</li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2>Example</h2>
-
- <p>The example below (when combined with the Auth directives of a
- htpasswd-file based (or GDM, mSQL <em>etc.</em>) base access
- control system allows users in as 'guests' with the following
- properties:</p>
+</ul><h3>Topics</h3><ul id="topics"><li><img alt="" src="../images/down.gif" /> <a href="#example">Example</a></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="example" id="example">Example</a></h2>
+ <p>The example below is combined with "normal" htpasswd-file based
+ authentication and allows users in additionally as 'guests' with the
+ following properties:</p>
<ul>
<li>It insists that the user enters a userId.
- (<code>Anonymous_NoUserId</code>)</li>
+ (<code class="directive"><a href="#anonymous_nouserid">Anonymous_NoUserId</a></code>)</li>
<li>It insists that the user enters a password.
- (<code>Anonymous_MustGiveEmail</code>)</li>
+ (<code class="directive"><a href="#anonymous_mustgiveemail">Anonymous_MustGiveEmail</a></code>)</li>
- <li>The password entered must be a valid email address, ie.
+ <li>The password entered must be a valid email address, <em>i.e.</em>
contain at least one '@' and a '.'.
- (<code>Anonymous_VerifyEmail</code>)</li>
+ (<code class="directive"><a href="#anonymous_verifyemail">Anonymous_VerifyEmail</a></code>)</li>
<li>The userID must be one of <code>anonymous guest www test
welcome</code> and comparison is <strong>not</strong> case
<li>And the Email addresses entered in the passwd field are
logged to the error log file
- (<code>Anonymous_LogEmail</code>)</li>
+ (<code class="directive"><a href="#anonymous_logemail">Anonymous_LogEmail</a></code>)</li>
</ul>
- <p>Excerpt of httpd.conf:</p>
-
-<div class="example"><p><code>
- Anonymous_NoUserId off<br />
- Anonymous_MustGiveEmail on<br />
- Anonymous_VerifyEmail on<br />
- Anonymous_LogEmail on<br />
- Anonymous anonymous guest www test welcome<br />
-<br />
- AuthName "Use 'anonymous' & Email address for
- guest entry"<br />
- AuthType basic<br />
-<br />
- # An
- AuthUserFile/AuthDBMUserFile<br />
- # directive must be specified, or use<br />
- # Anonymous_Authoritative for public access.<br />
- # In the .htaccess for the public directory, add:<br />
- <Files *><br />
- Order Deny,Allow<br />
- Allow from all<br />
-<br />
- Require valid-user<br />
- </Files><br />
-</code></p></div>
+ <div class="example"><h3>Example</h3><p><code>
+ <Directory /foo>
+ <span class="indent">
+ AuthName "Use 'anonymous' & Email address for guest entry"<br />
+ AuthType Basic<br />
+ AuthBasicProvider file anon<br />
+ AuthUserFile /path/to/your/.htpasswd<br />
+ <br />
+ Anonymous_NoUserId off<br />
+ Anonymous_MustGiveEmail on<br />
+ Anonymous_VerifyEmail on<br />
+ Anonymous_LogEmail on<br />
+ Anonymous anonymous guest www test welcome<br />
+ <br />
+ Order Deny,Allow<br />
+ Allow from all<br />
+ <br />
+ Require valid-user<br />
+ </span>
+ </Directory>
+ </code></p></div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous" id="Anonymous">Anonymous</a> <a name="anonymous" id="anonymous">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Specifies userIDs that areallowed access without
password verification</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
- </a></th><td><code>Anonymous <
em>user</em> [<em>user</em>] ...</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td><code>Anonymous <
var>user</var> [<var>user</var>] ...</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:
<p>Please note that the comparison is
<strong>case-IN-sensitive</strong>.<br />
- I strongly suggest that the magic username
+ It's strongly recommended that the magic username
'<code>anonymous</code>' is always one of the allowed
userIDs.</p>
- <p>Example:</p>
-<div class="example"><p><code>Anonymous anonymous "Not Registered" 'I don\'t know'</code></p></div>
+ <div class="example"><h3>Example:</h3><p><code>
+ Anonymous anonymous "Not Registered" "I don't know"
+ </code></p></div>
<p>This would allow the user to enter without password
- verification by using the userId's 'anonymous',
- 'AnonyMous','Not Registered' and 'I Don't Know'.</p>
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous_Authoritative" id="Anonymous_Authoritative">Anonymous_Authoritative</a> <a name="anonymous_authoritative" id="anonymous_authoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
- </a></th><td>Configures if authorization will fall-through
-to other methods</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
- </a></th><td><code>Anonymous_Authoritative on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
- </a></th><td><code>Anonymous_Authoritative off</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
- </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
- </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
- </a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:
- </a></th><td>mod_authn_anon</td></tr></table>
- <p>When set 'on', there is no fall-through to other authorization
- methods. So if a userID does not match the values specified in the
- <code class="directive"><a href="#anonymous">Anonymous</a></code> directive,
- access is denied.</p>
-
- <p>Be sure you know what you are doing when you decide to
- switch it on. And remember that it is the linking order of the
- modules (in the Configuration / Make file) which details the
- order in which the Authorization modules are queried.</p>
+ verification by using the userIDs "anonymous",
+ "AnonyMous", "Not Registered" and "I Don't Know".</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous_LogEmail" id="Anonymous_LogEmail">Anonymous_LogEmail</a> <a name="anonymous_logemail" id="anonymous_logemail">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Sets whether the password entered will be logged in the
error log</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
- </a></th><td><code>Anonymous_LogEmail
on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
- </a></th><td><code>Anonymous_LogEmail
on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td><code>Anonymous_LogEmail
On|Off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
+ </a></th><td><code>Anonymous_LogEmail
On</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_authn_anon</td></tr></table>
- <p>When set <code>on</code>, the default, the 'password' entered
+ <p>When set <code>On</code>, the default, the 'password' entered
(which hopefully contains a sensible email address) is logged in
the error log.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous_MustGiveEmail" id="Anonymous_MustGiveEmail">Anonymous_MustGiveEmail</a> <a name="anonymous_mustgiveemail" id="anonymous_mustgiveemail">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Specifies whether blank passwords are allowed</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
- </a></th><td><code>Anonymous_MustGiveEmail
on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
- </a></th><td><code>Anonymous_MustGiveEmail
on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td><code>Anonymous_MustGiveEmail
On|Off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
+ </a></th><td><code>Anonymous_MustGiveEmail
On</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:
the password. This prohibits blank passwords.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous_NoUserID" id="Anonymous_NoUserID">Anonymous_NoUserID</a> <a name="anonymous_nouserid" id="anonymous_nouserid">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Sets whether the userID field may be empty</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
- </a></th><td><code>Anonymous_NoUserID
on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
- </a></th><td><code>Anonymous_NoUserID
off</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td><code>Anonymous_NoUserID
On|Off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
+ </a></th><td><code>Anonymous_NoUserID
Off</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_authn_anon</td></tr></table>
- <p>When set <code>on</code>, users can leave the userID (and
+ <p>When set <code>On</code>, users can leave the userID (and
perhaps the password field) empty. This can be very convenient for
MS-Explorer users who can just hit return or click directly on the
OK button; which seems a natural reaction.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous_VerifyEmail" id="Anonymous_VerifyEmail">Anonymous_VerifyEmail</a> <a name="anonymous_verifyemail" id="anonymous_verifyemail">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Sets whether to check the password field for a correctly
formatted email address</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
- </a></th><td><code>Anonymous_VerifyEmail
on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
- </a></th><td><code>Anonymous_VerifyEmail
off</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td><code>Anonymous_VerifyEmail
On|Off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
+ </a></th><td><code>Anonymous_VerifyEmail
Off</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_authn_anon</td></tr></table>
- <p>When set <code>on</code> the 'password' entered is checked for
+ <p>When set <code>On</code> the 'password' entered is checked for
at least one '@' and a '.' to encourage users to enter valid email
- addresses (see the above <code class="directive"><a href="#auth_logemail">Auth_LogEmail</a></code>).</p>
+ addresses (see the above <code class="directive"><a href="#anonymous_logemail">Anonymous_LogEmail</a></code>).</p>
</div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
\ No newline at end of file
</a></th><td>Available in Apache 2.1 and later</td></tr></table><h3>Summary</h3>
<p>This module provides authentication front-ends such as
<code class="module"><a href="../mod/mod_auth_digest.html">mod_auth_digest</a></code> and <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code>
- to authenticate users by looking up users in plain text password files.
- Similar functionality is provided by <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code>.</p>
+ to authenticate users by looking up users in <dfn>dbm</dfn> password
+ files. Similar functionality is provided by
+ <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code>.</p>
<p>When using <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code> or
<code class="module"><a href="../mod/mod_auth_digest.html">mod_auth_digest</a></code>, this module is invoked via the
<code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code> or
<code class="directive"><a href="../mod/mod_auth_digest.html#authdigestprovider">AuthDigestProvider</a></code>
- with the 'dbm' value.</p>
+ with the <code>dbm</code> value.</p>
</div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authdbmtype">AuthDBMType</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authdbmuserfile">AuthDBMUserFile</a></li>
</ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li><li>
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:
- </a></th><td>mod_authn_dbm</td></tr><tr><th><a href="directive-dict.html#Compatibility">Compatibility:
- </a></th><td>Available in version 2.0.30 and later.</td></tr></table>
-
-<p>Sets the type of database file that is used to store the passwords.
-The default database type is determined at compile time. The
-availability of other types of database files also depends on
-<a href="../install.html#dbm">compile-time settings</a>.</p>
+ </a></th><td>mod_authn_dbm</td></tr></table>
+ <p>Sets the type of database file that is used to store the passwords.
+ The default database type is determined at compile time. The
+ availability of other types of database files also depends on
+ <a href="../install.html#dbm">compile-time settings</a>.</p>
-<p>It is crucial that whatever program you use to create your password
-files is configured to use the same type of database.</p>
+
<p>It is crucial that whatever program you use to create your password
+ files is configured to use the same type of database.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDBMUserFile" id="AuthDBMUserFile">AuthDBMUserFile</a> <a name="authdbmuserfile" id="authdbmuserfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Sets the name of a database file containing the list of users and
passwords for authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
- </a></th><td><code>AuthDBMUserFile <
em>file-path</em></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td><code>AuthDBMUserFile <
var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_authn_dbm</td></tr></table>
<p>The <code class="directive">AuthDBMUserFile</code> directive sets the
name of a DBM file containing the list of users and passwords for
- user authentication. <em>File-path</em> is the absolute path to
+ user authentication. <var>File-path</var> is the absolute path to
the user file.</p>
<p>The user file is keyed on the username. The value for a user is
download the <code class="directive">AuthDBMUserFile</code>.</p>
<p>Important compatibility note: The implementation of
- "dbmopen" in the apache modules reads the string length of the
- hashed values from the DBM data structures, rather than relying
+ <code>dbmopen</code> in the apache modules reads the string length of
+ the hashed values from the DBM data structures, rather than relying
upon the string being NULL-appended. Some applications, such as
the Netscape web server, rely upon the string being
NULL-appended, so if you are having trouble using DBM files
--- /dev/null
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ --><title>mod_authn_default - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.1</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs-project/">Documentation</a> > <a href="../">Version 2.1</a> > <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Apache Module mod_authn_default</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description:
+ </a></th><td>Authentication fallback module</td></tr><tr><th><a href="module-dict.html#Status">Status:
+ </a></th><td>Base</td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:
+ </a></th><td>authn_default_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File:
+ </a></th><td>mod_authn_default.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
+ </a></th><td>Available in Apache 2.1 and later</td></tr></table><h3>Summary</h3>
+ <p>This module is designed to be the fallback module, if you don't
+ have configured an authentication module like
+ <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code>. It simply rejects any
+ credentials supplied by the user.</p>
+</div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authdefaultauthoritative">AuthDefaultAuthoritative</a></li>
+</ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDefaultAuthoritative" id="AuthDefaultAuthoritative">AuthDefaultAuthoritative</a> <a name="authdefaultauthoritative" id="authdefaultauthoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+ </a></th><td>Sets whether authentication is passed to lower level
+modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code>AuthDefaultAuthoritative On|Off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
+ </a></th><td><code>AuthDefaultAuthoritative On</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
+ </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td>Base</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>mod_authn_default</td></tr></table>
+ <p>Setting the <code class="directive">AuthDefaultAuthoritative</code> directive
+ explicitly to <code>Off</code> allows for authentication to be passed on
+ to lower level modules (as defined in the <code>modules.c</code>
+ files).</p>
+
+ <div class="note"><h3>Note</h3>
+ <p>Normally there are no lower level modules, since
+ <code class="module"><a href="../mod/mod_authn_default.html">mod_authn_default</a></code> is defined to be already on
+ a <em>very low</em> level. Therefore you should leave the value of
+ <code class="directive">AuthDefaultAuthoritative</code> as default
+ (<code>On</code>).</p>
+ </div>
+</div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
\ No newline at end of file
</a></th><td>authn_file_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File:
</a></th><td>mod_authn_file.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
</a></th><td>Available in Apache 2.1 and later</td></tr></table><h3>Summary</h3>
-
<p>This module provides authentication front-ends such as
<code class="module"><a href="../mod/mod_auth_digest.html">mod_auth_digest</a></code> and <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code>
to authenticate users by looking up users in plain text password files.
<code class="module"><a href="../mod/mod_auth_digest.html">mod_auth_digest</a></code>, this module is invoked via the
<code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code> or
<code class="directive"><a href="../mod/mod_auth_digest.html#authdigestprovider">AuthDigestProvider</a></code>
- with the 'file' value.</p>
-
+ with the <code>file</code> value.</p>
</div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authuserfile">AuthUserFile</a></li>
-</ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li><li>
+</ul><h3>See also</h3><ul class="seealso"><li>
<code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code>
</li><li>
<code class="directive"><a href="../mod/mod_auth_digest.html#authdigestprovider">AuthDigestProvider</a></code>
-</li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthUserFile" id="AuthUserFile">AuthUserFile</a> <a name="authuserfile" id="authuserfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+</li><
li><a href="../programs/htpasswd.html">htpasswd</a></li><li><a href="../programs/htdigest.html">htdigest</a></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthUserFile" id="AuthUserFile">AuthUserFile</a> <a name="authuserfile" id="authuserfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Sets the name of a text file containing the list of users and
passwords for authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
- </a></th><td><code>AuthUserFile <
em>file-path</em></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td><code>AuthUserFile <
var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Base</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_authn_file</td></tr></table>
<p>The <code class="directive">AuthUserFile</code> directive sets the name
of a textual file containing the list of users and passwords for
- user authentication. <em>File-path</em> is the path to the user
- file. If it is not absolute (<em>i.e.</em>, if it doesn't begin
-
with a slash), it is treated as relative to the <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.</p>
+ user authentication. <var>File-path</var> is the path to the user
+ file. If it is not absolute, it is treated as relative to the
+ <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.</p>
<p>Each line of the user file contains a username followed by
- a colon, followed by the <code>crypt()</code> encrypted
- password. The behavior of multiple occurrences of the same user is
- undefined.</p>
+ a colon, followed by the encrypted password. If the same user
+ ID is defined multiple times, <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code> will
+ use the first occurrence to verify the password.</p>
<p>The utility <a href="../programs/htpasswd.html">htpasswd</a>
which is installed as part of the binary distribution, or which
can be found in <code>src/support</code>, is used to maintain
- this password file. See the <code>man</code> page for more
- details. In short:</p>
+ the password file for <em>HTTP Basic Authentication</em>. See the
+ <a href="../programs/htpasswd.html">man page</a> for more details.
+ In short:</p>
+
+ <p>Create a password file <code>Filename</code> with
+ <code>username</code> as the initial ID. It will prompt for
+ the password:</p>
- <p>Create a password file 'Filename' with 'username' as the
- initial ID. It will prompt for the password:</p>
- <div class="example"><p><code>htpasswd -c Filename username</code></p></div>
+ <div class="example"><p><code>
+ htpasswd -c Filename username
+ </code></p></div>
- <p>Add or modify 'username2' in the password file 'Filename':</p>
- <div class="example"><p><code>htpasswd Filename username2</code></p></div>
+ <p>Add or modify <code>username2</code> in the password file
+ <code>Filename</code>:</p>
+
+ <div class="example"><p><code>
+ htpasswd Filename username2
+ </code></p></div>
<p>Note that searching large text files is <em>very</em>
inefficient; <code class="directive"><a href="../mod/mod_authn_dbm.html#authdbmuserfile">AuthDBMUserFile</a></code> should be used
instead.</p>
- <div class="note"><h3>Security</h3>
- <p>Make sure that the <code class="directive">AuthUserFile</code> is
- stored outside the document tree of the web-server; do <em>not</em>
- put it in the directory that it protects. Otherwise, clients will
- be able to download the <code class="directive">AuthUserFile</code>.</p>
+ <p>If you are using <em>HTTP Digest Authentication</em>, the <a href="../programs/htpasswd.html">htpasswd</a> tool is not sufficient.
+ You have to use <a href="../programs/htdigest.html">htdigest</a>
+ instead. Note that you cannot mix user data for Digest Authentication
+ and Basic Authentication within the same file.</p>
+
+ <div class="warning"><h3>Security</h3>
+ <p>Make sure that the <code class="directive">AuthUserFile</code> is
+ stored outside the document tree of the web-server. Do
+ <strong>not</strong> put it in the directory that it protects.
+ Otherwise, clients may be able to download the
+ <code class="directive">AuthUserFile</code>.</p>
</div>
</div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
\ No newline at end of file
</ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDBMGroupFile" id="AuthDBMGroupFile">AuthDBMGroupFile</a> <a name="authdbmgroupfile" id="authdbmgroupfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Sets the name of the database file containing the list
of user groups for authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
- </a></th><td><code>AuthDBMGroupFile <
em>file-path</em></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td><code>AuthDBMGroupFile <
var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_authz_dbm</td></tr></table>
<p>The <code class="directive">AuthDBMGroupFile</code> directive sets the
name of a DBM file containing the list of user groups for user
- authentication. <em>File-path</em> is the absolute path to the
+ authentication. <var>File-path</var> is the absolute path to the
group file.</p>
<p>The group file is keyed on the username. The value for a
belongs. There must be no whitespace within the value, and it
must never contain any colons.</p>
- <p>Security: make sure that the
- <code class="directive">AuthDBMGroupFile</code> is stored outside the
- document tree of the web-server; do <em>not</em> put it in the
- directory that it protects. Otherwise, clients will be able to
- download the <code class="directive">AuthDBMGroupFile</code> unless
- otherwise protected.</p>
+ <div class="warning"><h3>Security</h3>
+ <p>Make sure that the <code class="directive">AuthDBMGroupFile</code> is
+ stored outside the document tree of the web-server. Do
+ <strong>not</strong> put it in the directory that it protects.
+ Otherwise, clients will be able to download the
+ <code class="directive">AuthDBMGroupFile</code> unless otherwise
+ protected.</p>
+ </div>
<p>Combining Group and Password DBM files: In some cases it is
easier to manage a single database which contains both the
accomplished by first setting the group and password files to
point to the same DBM:</p>
-<div class="example"><p><code>
-AuthDBMGroupFile /www/userbase<br />
-AuthDBMUserFile /www/userbase
-</code></p></div>
+
<div class="example"><p><code>
+ AuthDBMGroupFile /www/userbase<br />
+ AuthDBMUserFile /www/userbase
+ </code></p></div>
<p>The key for the single DBM is the username. The value consists
of</p>
-<div class="example"><p><code>Unix Crypt-ed Password : List of Groups [ : (ignored)
- ]</code></p></div>
+ <div class="example"><p><code>
+ Encrypted Password : List of Groups [ : (ignored) ]
+ </code></p></div>
- <p>The password section contains the Unix <code>crypt()</code>
+ <p>The password section contains the encrypted
password as before. This is followed by a colon and the comma
separated list of groups. Other data may optionally be left in the
DBM file after another colon; it is ignored by the authentication
module. This is what www.telescope.org uses for its combined
password and group database.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthzDBMAuthoritative" id="AuthzDBMAuthoritative">AuthzDBMAuthoritative</a> <a name="authzdbmauthoritative" id="authzdbmauthoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
- </a></th><td>Sets whether authorization will be passed on to lower level modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
- </a></th><td><code>AuthzDBMAuthoritative on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
- </a></th><td><code>AuthzDBMAuthoritative on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>Sets whether authorization will be passed on to lower level
+modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code>AuthzDBMAuthoritative On|Off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
+ </a></th><td><code>AuthzDBMAuthoritative On</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_authz_dbm</td></tr></table>
-
<p>Setting the <code class="directive">AuthzDBMAuthoritative</code>
- directive explicitly to <strong>'off'</strong> allows for both
- authentication and authorization to be passed on to lower level
- modules (as defined in the <code>Configuration</code> and
- <code>modules.c</code> file if there is <strong>no userID</strong>
- or <strong>rule</strong> matching the supplied userID. If there is
- a userID and/or rule specified; the usual password and access
- checks will be applied and a failure will give an Authorization
- Required reply.</p>
+ directive explicitly to <code>Off</code> allows group authorization
+ to be passed on to lower level modules (as defined in the
+ <code>modules.c</code> file) if there is no group found
+ for the the supplied userID. If there are any groups
+ specified, the usual checks will be applied and a failure will
+ give an Authentication Required reply.</p>
<p>So if a userID appears in the database of more than one module;
or if a valid <code class="directive"><a href="../mod/core.html#require">Require</a></code>
regardless of the <code class="directive">AuthAuthoritative</code> setting.</p>
<p>A common use for this is in conjunction with one of the
- auth providers; such as <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code>. Whereas this
- DBM module supplies the bulk of the user credential checking; a
- few (administrator) related accesses fall through to a lower
- level with a well protected .htpasswd file.</p>
+ auth providers; such as <code class="module"><a href="../mod/mod_authn_dbm.html">mod_authn_dbm</a></code> or
+ <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code>. Whereas this DBM module supplies
+ the bulk of the user credential checking; a few (administrator) related
+ accesses fall through to a lower level with a well protected
+ <code>.htpasswd</code> file.</p>
- <p>By default, control is not passed on and an unknown userID
- or rule will result in an Authorization Required reply. Not
+ <p>By default, control is not passed on and an unknown group
+ will result in an Authentication Required reply. Not
setting it thus keeps the system secure and forces an NCSA
compliant behaviour.</p>
- <p>Security: Do consider the implications of allowing a user to
- allow fall-through in his .htaccess file; and verify that this
- is really what you want; Generally it is easier to just secure
- a single .htpasswd file, than it is to secure a database which
- might have more access interfaces.</p>
+ <div class="warning"><h3>Security</h3>
+ <p>Do consider the implications of allowing a user to
+ allow fall-through in his .htaccess file; and verify that this
+ is really what you want; Generally it is easier to just secure
+ a single <code>.htpasswd</code> file, than it is to secure a
+ database which might have more access interfaces.</p>
+ </div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthzDBMType" id="AuthzDBMType">AuthzDBMType</a> <a name="authzdbmtype" id="authzdbmtype">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Sets the type of database file that is used to
store passwords</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:
- </a></th><td>mod_authz_dbm</td></tr><tr><th><a href="directive-dict.html#Compatibility">Compatibility:
- </a></th><td>Available in version 2.0.30 and later.</td></tr></table>
-
-<p>Sets the type of database file that is used to store the passwords.
-The default database type is determined at compile time. The
-availability of other types of database files also depends on
-<a href="../install.html#dbm">compile-time settings</a>.</p>
+ </a></th><td>mod_authz_dbm</td></tr></table>
+ <p>Sets the type of database file that is used to store the passwords.
+ The default database type is determined at compile time. The
+ availability of other types of database files also depends on
+ <a href="../install.html#dbm">compile-time settings</a>.</p>
-<p>It is crucial that whatever program you use to create your password
-files is configured to use the same type of database.</p>
+
<p>It is crucial that whatever program you use to create your password
+ files is configured to use the same type of database.</p>
</div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ --><title>mod_authz_default - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.1</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs-project/">Documentation</a> > <a href="../">Version 2.1</a> > <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Apache Module mod_authz_default</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description:
+ </a></th><td>Authorization fallback module</td></tr><tr><th><a href="module-dict.html#Status">Status:
+ </a></th><td>Base</td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:
+ </a></th><td>authz_default_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File:
+ </a></th><td>mod_authz_default.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
+ </a></th><td>Available in Apache 2.1 and later</td></tr></table><h3>Summary</h3>
+ <p>This module is designed to be the fallback module, if you don't
+ have configured an authorization module like
+ <code class="module"><a href="../mod/mod_authz_user.html">mod_authz_user</a></code> or <code class="module"><a href="../mod/mod_authz_groupfile.html">mod_authz_groupfile</a></code>.
+ It simply rejects any authorization request.</p>
+</div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authzdefaultauthoritative">AuthzDefaultAuthoritative</a></li>
+</ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthzDefaultAuthoritative" id="AuthzDefaultAuthoritative">AuthzDefaultAuthoritative</a> <a name="authzdefaultauthoritative" id="authzdefaultauthoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+ </a></th><td>Sets whether authorization is passed to lower level
+modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code>AuthzDefaultAuthoritative On|Off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
+ </a></th><td><code>AuthzDefaultAuthoritative On</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
+ </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td>Base</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>mod_authz_default</td></tr></table>
+ <p>Setting the <code class="directive">AuthzDefaultAuthoritative</code> directive
+ explicitly to <code>Off</code> allows for authorization to be passed on
+ to lower level modules (as defined in the <code>modules.c</code>
+ files).</p>
+
+ <div class="note"><h3>Note</h3>
+ <p>Normally there are no lower level modules, since
+ <code class="module"><a href="../mod/mod_authz_default.html">mod_authz_default</a></code> is defined to be already on
+ a <em>very low</em> level. Therefore you should leave the value of
+ <code class="directive">AuthzDefaultAuthoritative</code> as default
+ (<code>On</code>).</p>
+ </div>
+</div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
\ No newline at end of file
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
--><title>mod_authz_groupfile - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.1</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs-project/">Documentation</a> > <a href="../">Version 2.1</a> > <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Apache Module mod_authz_groupfile</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description:
</a></th><td>Group authorization using plaintext files</td></tr><tr><th><a href="module-dict.html#Status">Status:
- </a></th><td>
Extension</td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:
+ </a></th><td>
Base</td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:
</a></th><td>authz_groupfile_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File:
</a></th><td>mod_authz_groupfile.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
</a></th><td>Available in Apache 2.1 and later</td></tr></table><h3>Summary</h3>
<p>This module provides authorization capabilities so that
- authenticated users can be allowed or denied access to portions
- of the web site by group membership. Similar functionality is
-
provided by <code class="module"><a href="../mod/mod_authz_dbm.html">mod_authz_dbm</a></code>.</p>
+ authenticated users can be allowed or denied access to portions
+ of the web site by group membership. Similar functionality is
+ provided by <code class="module"><a href="../mod/mod_authz_dbm.html">mod_authz_dbm</a></code>.</p>
</div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authgroupfile">AuthGroupFile</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authzgroupfileauthoritative">AuthzGroupFileAuthoritative</a></li>
</ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthGroupFile" id="AuthGroupFile">AuthGroupFile</a> <a name="authgroupfile" id="authgroupfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Sets the name of a text file containing the list
of user groups for authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
- </a></th><td><code>AuthGroupFile <
em>file-path</em></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td><code>AuthGroupFile <
var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
- </a></th><td>
Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>
Base</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_authz_groupfile</td></tr></table>
<p>The <code class="directive">AuthGroupFile</code> directive sets the
name of a textual file containing the list of user groups for user
- authentication. <em>File-path</em> is the path to the group
- file. If it is not absolute (<em>i.e.</em>, if it doesn't begin
- with a slash), it is treated as relative to the <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.</p>
+ authentication. <var>File-path</var> is the path to the group
+ file. If it is not absolute, it is treated as relative to the <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.</p>
<p>Each line of the group file contains a groupname followed by a
- colon, followed by the member usernames separated by spaces.
- Example:</p>
+ colon, followed by the member usernames separated by spaces.</p>
- <div class="example"><p><code>mygroup: bob joe anne</code></p></div>
+ <div class="example"><h3>Example:</h3><p><code>
+ mygroup: bob joe anne
+ </code></p></div>
<p>Note that searching large text files is <em>very</em>
- inefficient; <code class="directive"><a href="../mod/mod_authz_dbm.html#authdbmgroupfile">AuthDBMGroupFile</a></code> should be used
- instead.</p>
+ inefficient; <code class="directive"><a href="../mod/mod_authz_dbm.html#authdbmgroupfile">AuthDBMGroupFile</a></code> provides a much better performance.</p>
- <div class="note"><h3>Security</h3>
- <p>Make sure that the <code class="directive">AuthGroupFile</code> is
- stored outside the document tree of the web-server; do <em>not</em>
- put it in the directory that it protects. Otherwise, clients will
- be able to download the <code class="directive">AuthGroupFile</code>.</p>
+ <div class="warning"><h3>Security</h3>
+
<p>Make sure that the <code class="directive">AuthGroupFile</code> is
+ stored outside the document tree of the web-server; do <em>not</em>
+ put it in the directory that it protects. Otherwise, clients may
+ be able to download the <code class="directive">AuthGroupFile</code>.</p>
</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthzGroupFileAuthoritative" id="AuthzGroupFileAuthoritative">AuthzGroupFileAuthoritative</a> <a name="authzgroupfileauthoritative" id="authzgroupfileauthoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
- </a></th><td>Sets whether authorization will be passed on to lower level modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
- </a></th><td><code>AuthzGroupFileAuthoritative on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
- </a></th><td><code>AuthzGroupFileAuthoritative on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>Sets whether authorization will be passed on to lower level
+modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code>AuthzGroupFileAuthoritative On|Off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
+ </a></th><td><code>AuthzGroupFileAuthoritative On</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
- </a></th><td>
Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>
Base</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_authz_groupfile</td></tr></table>
-
<p>Setting the <code class="directive">AuthzGroupFileAuthoritative</code>
- directive explicitly to <strong>'off'</strong> allows for
- authorization to be passed on to lower level modules (as defined in
- the <code>Configuration</code> and <code>modules.c</code> file if
- there is <strong>no userID</strong> or <strong>rule</strong> matching
- the supplied userID. If there is a userID and/or rule specified; the
- usual password and access checks will be applied and a failure will
- give an Authorization Required reply.</p>
-
- <p>So if a valid <code class="directive"><a href="../mod/core.html#require">Require</a></code>
- directive applies to more than one module; then the first module
- will verify the credentials; and no access is passed on;
- regardless of the <code class="directive">AuthzGroupFileAuthoritative</code>
- setting.</p>
+ directive explicitly to <code>Off</code> allows for
+ group authorization to be passed on to lower level modules (as defined
+ in the <code>modules.c</code> files) if there is <strong>no
+ group</strong> matching the supplied userID.</p>
- <p>By default, control is not passed on and an unknown userID
- or rule will result in an Authorization Required reply. Not
+ <p>By default, control is not passed on and an unknown group
+ will result in an Authentication Required reply. Not
setting it thus keeps the system secure and forces an NCSA
compliant behaviour.</p>
- <p>Security: Do consider the implications of allowing a user to
- allow fall-through in his .htaccess file; and verify that this
- is really what you want; Generally it is easier to just secure
- a single .htpasswd file, than it is to secure a database which
- might have more access interfaces.</p>
+ <div class="warning"><h3>Security</h3>
+ <p>Do consider the implications of allowing a user to
+ allow fall-through in his <code>.htaccess</code> file; and verify
+ that this is really what you want; Generally it is easier to just
+ secure a single <code>.htpasswd</code> file, than it is to secure
+ a database which might have more access interfaces.</p>
+ </div>
</div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
\ No newline at end of file
</ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Allow" id="Allow">Allow</a> <a name="allow" id="allow">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Controls which hosts can access an area of the
server</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
- </a></th><td><code> Allow from
- all|<em>host</em>|env=<em>env-variable</em>
- [<em>host</em>|env=<em>env-variable</em>] ...</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td><code> Allow from all|<var>host</var>|env=<var>env-variable</var>
+[<var>host</var>|env=<var>env-variable</var>] ...</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>Limit</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Base</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_authz_host</td></tr></table>
-
<p>The <code class="directive">Allow</code> directive affects which hosts can
access an area of the server. Access can be controlled by
hostname, IP Address, IP Address range, or by other
<dl>
<dt>A (partial) domain-name</dt>
- <dd>Example: <code>Allow from apache.org</code><br />
- Hosts whose names match, or end in, this string are allowed
+ <dd>
+ <div class="example"><h3>Example:</h3><p><code>
+ Allow from apache.org
+ </code></p></div>
+ <p>Hosts whose names match, or end in, this string are allowed
access. Only complete components are matched, so the above
example will match <code>foo.apache.org</code> but it will
not match <code>fooapache.org</code>. This configuration will
cause the server to perform a reverse DNS lookup on the
client IP address, regardless of the setting of the <code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code>
- directive.</dd>
+ directive.</p></dd>
<dt>A full IP address</dt>
- <dd>Example: <code>Allow from 10.1.2.3</code><br />
- An IP address of a host allowed access</dd>
+ <dd>
+ <div class="example"><h3>Example:</h3><p><code>
+ Allow from 10.1.2.3
+ </code></p></div>
+ <p>An IP address of a host allowed access</p></dd>
<dt>A partial IP address</dt>
- <dd>Example: <code>Allow from 10.1</code><br />
- The first 1 to 3 bytes of an IP address, for subnet
- restriction.</dd>
+ <dd>
+ <div class="example"><h3>Example:</h3><p><code>
+ Allow from 10.1
+ </code></p></div>
+ <p>The first 1 to 3 bytes of an IP address, for subnet
+ restriction.</p></dd>
<dt>A network/netmask pair</dt>
- <dd>Example: <code>Allow from
- 10.1.0.0/255.255.0.0</code><br />
- A network a.b.c.d, and a netmask w.x.y.z. For more
- fine-grained subnet restriction.</dd>
+ <dd>
+ <div class="example"><h3>Example:</h3><p><code>
+ Allow from 10.1.0.0/255.255.0.0
+ </code></p></div>
+ <p>A network a.b.c.d, and a netmask w.x.y.z. For more
+ fine-grained subnet restriction.</p></dd>
<dt>A network/nnn CIDR specification</dt>
- <dd>Example: <code>Allow from 10.1.0.0/16</code><br />
- Similar to the previous case, except the netmask consists of
- nnn high-order 1 bits.</dd>
+ <dd>
+ <div class="example"><h3>Example:</h3><p><code>
+ Allow from 10.1.0.0/16
+ </code></p></div>
+ <p>Similar to the previous case, except the netmask consists of
+ nnn high-order 1 bits.</p></dd>
</dl>
<p>Note that the last three examples above match exactly the
<p>The third format of the arguments to the
<code class="directive">Allow</code> directive allows access to the server
to be controlled based on the existence of an <a href="../env.html">environment variable</a>. When <code>Allow from
- env=</code><em>env-variable</em> is specified, then the request is
- allowed access if the environment variable <em>env-variable</em>
+ env=<var>env-variable</var></code> is specified, then the request is
+ allowed access if the environment variable <var>env-variable</var>
exists. The server provides the ability to set environment
variables in a flexible way based on characteristics of the client
request using the directives provided by
- <code class="module"><a href="../mod/mod_setenvif.html">mod_setenvif</a></code>. Therefore, this directive can be
+ <code class="module"><a href="../mod/mod_setenvif.html">mod_setenvif</a></code>. Therefore, this directive can be
used to allow access based on such factors as the clients
<code>User-Agent</code> (browser type), <code>Referer</code>, or
other HTTP request header fields.</p>
-<div class="example"><h3>Example:</h3><p><code>
-
-SetEnvIf User-Agent ^KnockKnock/2.0 let_me_in<br />
-<Directory /docroot><br />
- Order Deny,Allow<br />
- Deny from all<br />
- Allow from env=let_me_in<br />
-</Directory>
-</code></p></div>
+ <div class="example"><h3>Example:</h3><p><code>
+ SetEnvIf User-Agent ^KnockKnock/2.0 let_me_in<br />
+ <Directory /docroot><br />
+ <span class="indent">
+ Order Deny,Allow<br />
+ Deny from all<br />
+ Allow from env=let_me_in<br />
+ </span>
+ </Directory>
+ </code></p></div>
<p>In this case, browsers with a user-agent string beginning
with <code>KnockKnock/2.0</code> will be allowed access, and all
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Deny" id="Deny">Deny</a> <a name="deny" id="deny">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Controls which hosts are denied access to the
server</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
- </a></th><td><code> Deny from
- all|<em>host</em>|env=<em>env-variable</em>
- [<em>host</em>|env=<em>env-variable</em>] ...</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td><code> Deny from all|<var>host</var>|env=<var>env-variable</var>
+[<var>host</var>|env=<var>env-variable</var>] ...</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>Limit</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Base</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>Controls the default access state and the order in which
Allow and Deny are
evaluated.</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
- </a></th><td><code> Order <
em>ordering</em></code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
+ </a></th><td><code> Order <
var>ordering</var></code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
</a></th><td><code>Order Deny,Allow</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>Limit</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Base</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_authz_host</td></tr></table>
-
<p>The <code class="directive">Order</code> directive controls the default
access state and the order in which <code class="directive"><a href="#allow">Allow</a></code> and <code class="directive"><a href="#deny">Deny</a></code> directives are evaluated.
- <em>Ordering</em> is one of</p>
+ <var>Ordering</var> is one of</p>
<dl>
- <dt>Deny,Allow</dt>
+ <dt><code>Deny,Allow</code></dt>
<dd>The <code class="directive"><a href="#deny">Deny</a></code> directives
are evaluated before the <code class="directive"><a href="#allow">Allow</a></code> directives. Access is
- allowed by default. Any client which does not match a
+ allowed by default. Any client which does not match a
<code class="directive"><a href="#deny">Deny</a></code> directive or does
match an <code class="directive"><a href="#allow">Allow</a></code>
directive will be allowed access to the server.</dd>
- <dt>Allow,Deny</dt>
+ <dt><code>Allow,Deny</code></dt>
<dd>The <code class="directive"><a href="#allow">Allow</a></code>
directives are evaluated before the <code class="directive"><a href="#deny">Deny</a></code> directives. Access is denied
<code class="directive"><a href="#deny">Deny</a></code> directive will be
denied access to the server.</dd>
- <dt>Mutual-failure</dt>
+ <dt><code>Mutual-failure</code></dt>
<dd>Only those hosts which appear on the <code class="directive"><a href="#allow">Allow</a></code> list and do not appear on
the <code class="directive"><a href="#deny">Deny</a></code> list are
configuration.</dd>
</dl>
- <p>Keywords may only be separated by a comma; no whitespace is
+ <p>Keywords may only be separated by a comma; <em>no whitespace</em> is
allowed between them. Note that in all cases every <code class="directive"><a href="#allow">Allow</a></code> and <code class="directive"><a href="#deny">Deny</a></code> statement is evaluated.</p>
<p>In the following example, all hosts in the apache.org domain
are allowed access; all other hosts are denied access.</p>
-<div class="example"><p><code>
+
<div class="example"><p><code>
Order Deny,Allow<br />
Deny from all<br />
- Allow from apache.org<br />
-</code></p></div>
+ Allow from apache.org
+ </code></p></div>
<p>In the next example, all hosts in the apache.org domain are
allowed access, except for the hosts which are in the
in the apache.org domain are denied access because the default
state is to deny access to the server.</p>
-<div class="example"><p><code>
- Order Allow,Deny<br />
- Allow from apache.org<br />
- Deny from foo.apache.org<br />
-</code></p></div>
+
<div class="example"><p><code>
+ Order Allow,Deny<br />
+ Allow from apache.org<br />
+ Deny from foo.apache.org
+ </code></p></div>
<p>On the other hand, if the <code class="directive">Order</code> in the last
example is changed to <code>Deny,Allow</code>, all hosts will
<p>The presence of an <code class="directive">Order</code> directive can affect
access to a part of the server even in the absence of accompanying
<code class="directive"><a href="#allow">Allow</a></code> and <code class="directive"><a href="#deny">Deny</a></code> directives because of its effect
- on the default access state. For example,</p>
+ on the default access state. For example,</p>
-<div class="example"><p><code>
+
<div class="example"><p><code>
<Directory /www><br />
- Order Allow,Deny<br />
+ <span class="indent">
+ Order Allow,Deny<br />
+ </span>
</Directory>
-</code></p></div>
+ </code></p></div>
<p>will deny all access to the <code>/www</code> directory
because the default access state will be set to
--- /dev/null
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ --><title>mod_authz_user - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.1</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs-project/">Documentation</a> > <a href="../">Version 2.1</a> > <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Apache Module mod_authz_user</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description:
+ </a></th><td>User Authorization</td></tr><tr><th><a href="module-dict.html#Status">Status:
+ </a></th><td>Base</td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:
+ </a></th><td>authz_user_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File:
+ </a></th><td>mod_authz_user.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
+ </a></th><td>Available in Apache 2.1 and later</td></tr></table><h3>Summary</h3>
+ <p>This module provides authorization capabilities so that
+ authenticated users can be allowed or denied access to portions
+ of the web site. <code class="module"><a href="../mod/mod_authz_user.html">mod_authz_user</a></code> grants
+ access if the authenticated user is listed in a <code>Require user</code>
+ directive. Alternatively <code>require valid-user</code> can be used to
+ grant access to all successfully authenticated users.</p>
+</div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authzuserauthoritative">AuthzUserAuthoritative</a></li>
+</ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthzUserAuthoritative" id="AuthzUserAuthoritative">AuthzUserAuthoritative</a> <a name="authzuserauthoritative" id="authzuserauthoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+ </a></th><td>Sets whether authorization will be passed on to lower level
+modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code>AuthzUserAuthoritative On|Off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
+ </a></th><td><code>AuthzUserAuthoritative On</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
+ </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td>Base</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>mod_authz_user</td></tr></table>
+ <p>Setting the <code class="directive">AuthzUserAuthoritative</code>
+ directive explicitly to <code>Off</code> allows for
+ user authorization to be passed on to lower level modules (as defined
+ in the <code>modules.c</code> files) if there is <strong>no
+ user</strong> matching the supplied userID.</p>
+
+ <p>By default, control is not passed on and an unknown user
+ will result in an Authentication Required reply. Not
+ setting it to <code>Off</code> thus keeps the system secure and forces
+ an NCSA compliant behaviour.</p>
+</div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
\ No newline at end of file
<tr><td><a href="mod_alias.html#aliasmatch">AliasMatch <var>regex</var>
<var>file-path</var>|<var>directory-path</var></a></td><td /><td>sv</td><td>B</td></tr><tr><td class="descr" colspan="4">Maps URLs to filesystem locations using regular
expressions</td></tr>
-<tr class="odd"><td><a href="mod_authz_host.html#allow"> Allow from
- all|<em>host</em>|env=<em>env-variable</em>
- [<em>host</em>|env=<em>env-variable</em>] ...</a></td><td /><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Controls which hosts can access an area of the
+<tr class="odd"><td><a href="mod_authz_host.html#allow"> Allow from all|<var>host</var>|env=<var>env-variable</var>
+[<var>host</var>|env=<var>env-variable</var>] ...</a></td><td /><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Controls which hosts can access an area of the
server</td></tr>
<tr><td><a href="mod_proxy.html#allowconnect">AllowCONNECT <em>port</em> [<em>port</em>] ...</a></td><td> 443 563 </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Ports that are allowed to <code>CONNECT</code> through
the proxy</td></tr>
<tr class="odd"><td><a href="core.html#allowoverride">AllowOverride All|None|<var>directive-type</var>
[<var>directive-type</var>] ...</a></td><td> All </td><td>d</td><td>C</td></tr><tr class="odd"><td class="descr" colspan="4">Types of directives that are allowed in
.htaccess files</td></tr>
-<tr><td><a href="mod_authn_anon.html#anonymous">Anonymous <em>user</em> [<em>user</em>] ...</a></td><td /><td>dh</td><td>E</td></tr><tr><td class="descr" colspan="4">Specifies userIDs that areallowed access without
+<tr><td><a href="mod_authn_anon.html#anonymous">Anonymous <var>user</var> [<var>user</var>] ...</a></td><td /><td>dh</td><td>E</td></tr><tr><td class="descr" colspan="4">Specifies userIDs that areallowed access without
password verification</td></tr>
-<tr class="odd"><td><a href="mod_authn_anon.html#anonymous_authoritative">Anonymous_Authoritative on|off</a></td><td> off </td><td>dh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Configures if authorization will fall-through
-to other methods</td></tr>
-<tr><td><a href="mod_authn_anon.html#anonymous_logemail">Anonymous_LogEmail on|off</a></td><td> on </td><td>dh</td><td>E</td></tr><tr><td class="descr" colspan="4">Sets whether the password entered will be logged in the
+<tr class="odd"><td><a href="mod_authn_anon.html#anonymous_logemail">Anonymous_LogEmail On|Off</a></td><td> On </td><td>dh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Sets whether the password entered will be logged in the
error log</td></tr>
-<tr class="odd"><td><a href="mod_authn_anon.html#anonymous_mustgiveemail">Anonymous_MustGiveEmail on|off</a></td><td> on </td><td>dh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Specifies whether blank passwords are allowed</td></tr>
-<tr><td><a href="mod_authn_anon.html#anonymous_nouserid">Anonymous_NoUserID on|off</a></td><td> off </td><td>dh</td><td>E</td></tr><tr><td class="descr" colspan="4">Sets whether the userID field may be empty</td></tr>
-<tr class="odd"><td><a href="mod_authn_anon.html#anonymous_verifyemail">Anonymous_VerifyEmail on|off</a></td><td> off </td><td>dh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Sets whether to check the password field for a correctly
+<tr><td><a href="mod_authn_anon.html#anonymous_mustgiveemail">Anonymous_MustGiveEmail On|Off</a></td><td> On </td><td>dh</td><td>E</td></tr><tr><td class="descr" colspan="4">Specifies whether blank passwords are allowed</td></tr>
+<tr class="odd"><td><a href="mod_authn_anon.html#anonymous_nouserid">Anonymous_NoUserID On|Off</a></td><td> Off </td><td>dh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Sets whether the userID field may be empty</td></tr>
+<tr><td><a href="mod_authn_anon.html#anonymous_verifyemail">Anonymous_VerifyEmail On|Off</a></td><td> Off </td><td>dh</td><td>E</td></tr><tr><td class="descr" colspan="4">Sets whether to check the password field for a correctly
formatted email address</td></tr>
-<tr><td><a href="perchild.html#assignuserid">AssignUserID <var>user_id</var> <var>group_id</var></a></td><td /><td>v</td><td>M</td></tr><tr><td class="descr" colspan="4">-</td></tr>
-<tr class="odd"><td><a href="mod_auth_basic.html#authbasicauthoritative">AuthBasicAuthoritative on|off</a></td><td> on </td><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Sets whether authorization and authentication are
-passed to lower level modules</td></tr>
-<tr><td><a href="mod_auth_basic.html#authbasicprovider">AuthBasicProvider <em>provider-name</em></a></td><td /><td>dh</td><td>B</td></tr><tr><td class="descr" colspan="4">Sets the authentication provider(s) for this location</td></tr>
-<tr class="odd"><td><a href="mod_authz_dbm.html#authdbmgroupfile">AuthDBMGroupFile <em>file-path</em></a></td><td /><td>dh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Sets the name of the database file containing the list
+<tr class="odd"><td><a href="perchild.html#assignuserid">AssignUserID <var>user_id</var> <var>group_id</var></a></td><td /><td>v</td><td>M</td></tr><tr class="odd"><td class="descr" colspan="4">-</td></tr>
+<tr><td><a href="mod_auth_basic.html#authbasicauthoritative">AuthBasicAuthoritative On|Off</a></td><td> On </td><td>dh</td><td>B</td></tr><tr><td class="descr" colspan="4">Sets whether authorization and authentication are passed to
+lower level modules</td></tr>
+<tr class="odd"><td><a href="mod_auth_basic.html#authbasicprovider">AuthBasicProvider On|Off|<var>provider-name</var>
+[<var>provider-name</var>] ...</a></td><td> On </td><td>d</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Sets the authentication provider(s) for this location</td></tr>
+<tr><td><a href="mod_authz_dbm.html#authdbmgroupfile">AuthDBMGroupFile <var>file-path</var></a></td><td /><td>dh</td><td>E</td></tr><tr><td class="descr" colspan="4">Sets the name of the database file containing the list
of user groups for authentication</td></tr>
-<tr><td><a href="mod_authn_dbm.html#authdbmtype">AuthDBMType default|SDBM|GDBM|NDBM|DB</a></td><td> default </td><td>dh</td><td>E</td></tr><tr><td class="descr" colspan="4">Sets the type of database file that is used to
+<tr class="odd"><td><a href="mod_authn_dbm.html#authdbmtype">AuthDBMType default|SDBM|GDBM|NDBM|DB</a></td><td> default </td><td>dh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Sets the type of database file that is used to
store passwords</td></tr>
-<tr class="odd"><td><a href="mod_authn_dbm.html#authdbmuserfile">AuthDBMUserFile <em>file-path</em></a></td><td /><td>dh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Sets the name of a database file containing the list of users and
+<tr><td><a href="mod_authn_dbm.html#authdbmuserfile">AuthDBMUserFile <var>file-path</var></a></td><td /><td>dh</td><td>E</td></tr><tr><td class="descr" colspan="4">Sets the name of a database file containing the list of users and
passwords for authentication</td></tr>
+<tr class="odd"><td><a href="mod_authn_default.html#authdefaultauthoritative">AuthDefaultAuthoritative On|Off</a></td><td> On </td><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Sets whether authentication is passed to lower level
+modules</td></tr>
<tr><td><a href="mod_auth_digest.html#authdigestalgorithm">AuthDigestAlgorithm MD5|MD5-sess</a></td><td> MD5 </td><td>dh</td><td>X</td></tr><tr><td class="descr" colspan="4">Selects the algorithm used to calculate the challenge and
response hases in digest authentication</td></tr>
<tr class="odd"><td><a href="mod_auth_digest.html#authdigestdomain">AuthDigestDomain <var>URI</var> [<var>URI</var>] ...</a></td><td /><td>dh</td><td>X</td></tr><tr class="odd"><td class="descr" colspan="4">URIs that are in the same protection space for digest
authentication</td></tr>
-<tr><td><a href="mod_auth_digest.html#authdigestfile">AuthDigestFile <var>file-path</var></a></td><td /><td>dh</td><td>X</td></tr><tr><td class="descr" colspan="4">Location of the text file containing the list
-of users and encoded passwords for digest authentication</td></tr>
-<tr class="odd"><td><a href="mod_auth_digest.html#authdigestgroupfile">AuthDigestGroupFile <var>file-path</var></a></td><td /><td>dh</td><td>X</td></tr><tr class="odd"><td class="descr" colspan="4">Name of the text file containing the list of groups
-for digest authentication</td></tr>
<tr><td><a href="mod_auth_digest.html#authdigestnccheck">AuthDigestNcCheck On|Off</a></td><td> Off </td><td>s</td><td>X</td></tr><tr><td class="descr" colspan="4">Enables or disables checking of the nonce-count sent by the
server</td></tr>
<tr class="odd"><td><a href="mod_auth_digest.html#authdigestnonceformat">AuthDigestNonceFormat <var>format</var></a></td><td /><td>dh</td><td>X</td></tr><tr class="odd"><td class="descr" colspan="4">Determines how the nonce is generated</td></tr>
<tr><td><a href="mod_auth_digest.html#authdigestnoncelifetime">AuthDigestNonceLifetime <var>seconds</var></a></td><td> 300 </td><td>dh</td><td>X</td></tr><tr><td class="descr" colspan="4">How long the server nonce is valid</td></tr>
-<tr class="odd"><td><a href="mod_auth_digest.html#authdigestqop">AuthDigestQop none|auth|auth-int [auth|auth-int]</a></td><td> auth </td><td>dh</td><td>X</td></tr><tr class="odd"><td class="descr" colspan="4">Determines the quality-of-protection to use in digest
+<tr class="odd"><td><a href="mod_auth_digest.html#authdigestprovider">AuthDigestProvider On|Off|<var>provider-name</var>
+[<var>provider-name</var>] ...</a></td><td /><td>d</td><td>X</td></tr><tr class="odd"><td class="descr" colspan="4">Sets the authentication provider(s) for this location</td></tr>
+<tr><td><a href="mod_auth_digest.html#authdigestqop">AuthDigestQop none|auth|auth-int [auth|auth-int]</a></td><td> auth </td><td>dh</td><td>X</td></tr><tr><td class="descr" colspan="4">Determines the quality-of-protection to use in digest
authentication</td></tr>
-<tr><td><a href="mod_authz_groupfile.html#authgroupfile">AuthGroupFile <em>file-path</em></a></td><td /><td>dh</td><td>E</td></tr><tr><td class="descr" colspan="4">Sets the name of a text file containing the list
+<tr class="odd"><td><a href="mod_auth_digest.html#authdigestshmemsize">AuthDigestShmemSize <var>size</var></a></td><td> 1000 </td><td>s</td><td>X</td></tr><tr class="odd"><td class="descr" colspan="4">The amount of shared memory to allocate for keeping track
+of clients</td></tr>
+<tr><td><a href="mod_authz_groupfile.html#authgroupfile">AuthGroupFile <var>file-path</var></a></td><td /><td>dh</td><td>B</td></tr><tr><td class="descr" colspan="4">Sets the name of a text file containing the list
of user groups for authentication</td></tr>
<tr class="odd"><td><a href="mod_auth_ldap.html#authldapauthoritative">AuthLDAPAuthoritative on|off</a></td><td> on </td><td>dh</td><td>X</td></tr><tr class="odd"><td class="descr" colspan="4">Prevent other authentication modules from
authenticating the user if this one fails</td></tr>
<tr class="odd"><td><a href="core.html#authname">AuthName <var>auth-domain</var></a></td><td /><td>dh</td><td>C</td></tr><tr class="odd"><td class="descr" colspan="4">Authorization realm for use in HTTP
authentication</td></tr>
<tr><td><a href="core.html#authtype">AuthType Basic|Digest</a></td><td /><td>dh</td><td>C</td></tr><tr><td class="descr" colspan="4">Type of user authentication</td></tr>
-<tr class="odd"><td><a href="mod_authn_file.html#authuserfile">AuthUserFile <em>file-path</em></a></td><td /><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Sets the name of a text file containing the list of users and
+<tr class="odd"><td><a href="mod_authn_file.html#authuserfile">AuthUserFile <var>file-path</var></a></td><td /><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Sets the name of a text file containing the list of users and
passwords for authentication</td></tr>
-<tr><td><a href="mod_authz_dbm.html#authzdbmauthoritative">AuthzDBMAuthoritative on|off</a></td><td> on </td><td>dh</td><td>E</td></tr><tr><td class="descr" colspan="4">Sets whether authorization will be passed on to lower level modules</td></tr>
+<tr><td><a href="mod_authz_dbm.html#authzdbmauthoritative">AuthzDBMAuthoritative On|Off</a></td><td> On </td><td>dh</td><td>E</td></tr><tr><td class="descr" colspan="4">Sets whether authorization will be passed on to lower level
+modules</td></tr>
<tr class="odd"><td><a href="mod_authz_dbm.html#authzdbmtype">AuthzDBMType default|SDBM|GDBM|NDBM|DB</a></td><td> default </td><td>dh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Sets the type of database file that is used to
store passwords</td></tr>
-<tr><td><a href="mod_authz_groupfile.html#authzgroupfileauthoritative">AuthzGroupFileAuthoritative on|off</a></td><td> on </td><td>dh</td><td>E</td></tr><tr><td class="descr" colspan="4">Sets whether authorization will be passed on to lower level modules</td></tr>
+<tr><td><a href="mod_authz_default.html#authzdefaultauthoritative">AuthzDefaultAuthoritative On|Off</a></td><td> On </td><td>dh</td><td>B</td></tr><tr><td class="descr" colspan="4">Sets whether authorization is passed to lower level
+modules</td></tr>
+<tr class="odd"><td><a href="mod_authz_groupfile.html#authzgroupfileauthoritative">AuthzGroupFileAuthoritative On|Off</a></td><td> On </td><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Sets whether authorization will be passed on to lower level
+modules</td></tr>
+<tr><td><a href="mod_authz_user.html#authzuserauthoritative">AuthzUserAuthoritative On|Off</a></td><td> On </td><td>dh</td><td>B</td></tr><tr><td class="descr" colspan="4">Sets whether authorization will be passed on to lower level
+modules</td></tr>
<tr class="odd"><td><a href="mod_setenvif.html#browsermatch" id="B" name="B">BrowserMatch <em>regex [!]env-variable</em>[=<em>value</em>]
[[!]<em>env-variable</em>[=<em>value</em>]] ...</a></td><td /><td>svdh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Sets environment variables conditional on HTTP User-Agent
</td></tr>
<tr><td><a href="mod_deflate.html#deflatefilternote">DeflateFilterNote <var>notename</var></a></td><td /><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Places the compression ratio in a note for logging</td></tr>
<tr class="odd"><td><a href="mod_deflate.html#deflatememlevel">DeflateMemLevel <var>value</var></a></td><td> 9 </td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">How much memory should be used by zlib for compression</td></tr>
<tr><td><a href="mod_deflate.html#deflatewindowsize">DeflateWindowSize <var>value</var></a></td><td> 15 </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Zlib compression window size</td></tr>
-<tr class="odd"><td><a href="mod_authz_host.html#deny"> Deny from
- all|<em>host</em>|env=<em>env-variable</em>
- [<em>host</em>|env=<em>env-variable</em>] ...</a></td><td /><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Controls which hosts are denied access to the
+<tr class="odd"><td><a href="mod_authz_host.html#deny"> Deny from all|<var>host</var>|env=<var>env-variable</var>
+[<var>host</var>|env=<var>env-variable</var>] ...</a></td><td /><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Controls which hosts are denied access to the
server</td></tr>
<tr><td><a href="core.html#directory"><Directory <var>directory-path</var>>
... </Directory></a></td><td /><td>sv</td><td>C</td></tr><tr><td class="descr" colspan="4">Enclose a group of directives that apply only to the
<tr><td><a href="core.html#options" id="O" name="O">Options
[+|-]<var>option</var> [[+|-]<var>option</var>] ...</a></td><td> All </td><td>svdh</td><td>C</td></tr><tr><td class="descr" colspan="4">Configures what features are available in a particular
directory</td></tr>
-<tr class="odd"><td><a href="mod_authz_host.html#order"> Order <em>ordering</em></a></td><td> Deny,Allow </td><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Controls the default access state and the order in which
+<tr class="odd"><td><a href="mod_authz_host.html#order"> Order <var>ordering</var></a></td><td> Deny,Allow </td><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Controls the default access state and the order in which
<code class="directive">Allow</code> and <code class="directive">Deny</code> are
evaluated.</td></tr>
<tr><td><a href="mod_env.html#passenv" id="P" name="P">PassEnv <var>env-variable</var> [<var>env-variable</var>]
<li><a href="mod/mod_auth_ldap.html">Apache Module mod_auth_ldap</a></li>
<li><a href="mod/mod_authn_anon.html">Apache Module mod_authn_anon</a></li>
<li><a href="mod/mod_authn_dbm.html">Apache Module mod_authn_dbm</a></li>
+<li><a href="mod/mod_authn_default.html">Apache Module mod_authn_default</a></li>
<li><a href="mod/mod_authn_file.html">Apache Module mod_authn_file</a></li>
<li><a href="mod/mod_authz_dbm.html">Apache Module mod_authz_dbm</a></li>
+<li><a href="mod/mod_authz_default.html">Apache Module mod_authz_default</a></li>
<li><a href="mod/mod_authz_groupfile.html">Apache Module mod_authz_groupfile</a></li>
<li><a href="mod/mod_authz_host.html">Apache Module mod_authz_host</a></li>
+<li><a href="mod/mod_authz_user.html">Apache Module mod_authz_user</a></li>
<li><a href="mod/mod_autoindex.html">Apache Module mod_autoindex</a></li>
<li><a href="mod/mod_cache.html">Apache Module mod_cache</a></li>
<li><a href="mod/mod_cern_meta.html">Apache Module mod_cern_meta</a></li>
projects / apache / commitdiff