-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
- <title>Apache module mod_auth_dbm</title>
- </head>
- <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
- <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
- vlink="#000080" alink="#FF0000">
- <!--#include virtual="header.html" -->
-
- <h1 align="CENTER">Module mod_auth_dbm</h1>
-
- <p>This module provides for user authentication using DBM
- files.</p>
+<html>
+<head>
+<META http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<!--
+XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+-->
+<title>mod_auth_dbm - Apache HTTP Server</title>
+<link href="../style/manual.css" type="text/css" rel="stylesheet">
+</head>
+<body>
+<blockquote>
+<div align="center">
+<img alt="[APACHE DOCUMENTATION]" src="../images/sub.gif"><h3>Apache HTTP Server Version 2.0</h3>
+</div>
+<h1 align="center">Apache Module mod_auth_dbm</h1>
+<table cellspacing="1" cellpadding="0" bgcolor="#cccccc">
+<tr>
+<td>
+<table bgcolor="#ffffff">
+<tr>
+<td><span class="help">Description:</span></td><td>
+<description>Provides for user authentication using DBM
+ files</description>
+</td>
+</tr>
+<tr>
+<td><a href="module-dict.html#Status" class="help">Status:</a></td><td>Extension</td>
+</tr>
+<tr>
+<td><a href="module-dict.html#ModuleIdentifier" class="help">Module Identifier:</a></td><td>auth_dbm_module</td>
+</tr>
+</table>
+</td>
+</tr>
+</table>
+<h2>Summary</h2>
+<summary>
+
+<p>This module provides for HTTP Basic Authentication, where
+ the usernames and passwords are stored in DBM type database
+ files. It is an alternative to the plain text password files
+ provided by <code><a href="mod_auth.html">mod_auth</a></code>.</p>
+
+</summary>
+<p>
+<strong>See also:</strong>
+</p>
+<ul>
+<li>
+<code class="directive"><a href="core.html#authname" class="directive">AuthName</a></code>
+</li>
+<li>
+<code class="directive"><a href="core.html#authtype" class="directive">AuthType</a></code>
+</li>
+<li>
+<code class="directive"><a href="core.html#require" class="directive">Require</a></code>
+</li>
+<li>
+<code class="directive"><a href="core.html#satisfy" class="directive">Satisfy</a></code>
+</li>
+</ul>
+<h2>Directives</h2>
+<ul>
+<li>
+<a href="#authdbmgroupfile">AuthDBMGroupFile</a>
+</li>
+<li>
+<a href="#authdbmuserfile">AuthDBMUserFile</a>
+</li>
+<li>
+<a href="#authdbmtype">AuthDBMType</a>
+</li>
+<li>
+<a href="#authdbmauthoritative">AuthDBMAuthoritative</a>
+</li>
+</ul>
+<hr>
+<h2>
+<a name="AuthDBMAuthoritative">AuthDBMAuthoritative</a> <a name="authdbmauthoritative">Directive</a>
+</h2>
+<table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc">
+<tr>
+<td>
+<table width="100%" bgcolor="#ffffff">
+<tr>
+<td><strong>Description: </strong></td><td>Sets whether authentication and authorization will be
+passwed on to lower level modules</td>
+</tr>
+<tr>
+<td><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>
+<syntax>AuthDBMAuthoritative on|off</syntax>
+</td>
+</tr>
+<tr>
+<td><a href="directive-dict.html#Default" class="help">Default:</a></td><td><code>AuthDBMAuthoritative on</code></td>
+</tr>
+<tr>
+<td><a href="directive-dict.html#Context" class="help">Context:</a></td><td>directory, .htaccess</td>
+</tr>
+<tr>
+<td><a href="directive-dict.html#Override" class="help">Override:</a></td><td>AuthConfig</td>
+</tr>
+<tr>
+<td><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Extension</td>
+</tr>
+<tr>
+<td><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_auth_dbm</td>
+</tr>
+</table>
+</td>
+</tr>
+</table>
+<usage>
+
+
+<blockquote>
+<table>
+<tr>
+<td bgcolor="#e0e5f5">This information has not been updated to take into account the
+new module ordering techniques in Apache 2.0</td>
+</tr>
+</table>
+</blockquote>
+
+
+<p>Setting the <code class="directive">AuthDBMAuthoritative</code>
+ directive explicitly to <strong>'off'</strong> allows for both
+ authentication and authorization to be passed on to lower level
+ modules (as defined in the <code>Configuration</code> and
+ <code>modules.c</code> file if there is <strong>no userID</strong>
+ or <strong>rule</strong> matching the supplied userID. If there is
+ a userID and/or rule specified; the usual password and access
+ checks will be applied and a failure will give an Authorization
+ Required reply.</p>
+
+
+<p>So if a userID appears in the database of more than one module;
+ or if a valid <code class="directive"><a href="core.html#require" class="directive">Require</a></code>
+ directive applies to more than one module; then the first module
+ will verify the credentials; and no access is passed on;
+ regardless of the <code class="directive">AuthAuthoritative</code> setting.</p>
+
+
+<p>A common use for this is in conjunction with one of the
+ basic auth modules; such as <code><a href="mod_auth.html">mod_auth</a></code>. Whereas this
+ DBM module supplies the bulk of the user credential checking; a
+ few (administrator) related accesses fall through to a lower
+ level with a well protected .htpasswd file.</p>
- <p><a href="module-dict.html#Status"
- rel="Help"><strong>Status:</strong></a> Extension<br />
- <a href="module-dict.html#SourceFile"
- rel="Help"><strong>Source File:</strong></a>
- mod_auth_dbm.c<br />
- <a href="module-dict.html#ModuleIdentifier"
- rel="Help"><strong>Module Identifier:</strong></a>
- auth_dbm_module</p>
+
+<p>By default, control is not passed on and an unknown userID
+ or rule will result in an Authorization Required reply. Not
+ setting it thus keeps the system secure and forces an NCSA
+ compliant behaviour.</p>
- <h2>Summary</h2>
+
+<p>Security: Do consider the implications of allowing a user to
+ allow fall-through in his .htaccess file; and verify that this
+ is really what you want; Generally it is easier to just secure
+ a single .htpasswd file, than it is to secure a database which
+ might have more access interfaces.</p>
- <p>This module provides for HTTP Basic Authentication, where
- the usernames and passwords are stored in DBM type database
- files. It is an alternative to the plain text password files
- provided by <a href="mod_auth.html">mod_auth</a>.</p>
-
- <h2>Directives</h2>
-
- <ul>
- <li><a href="#authdbmgroupfile">AuthDBMGroupFile</a></li>
-
- <li><a href="#authdbmuserfile">AuthDBMUserFile</a></li>
- <li><a href="#authdbmtype">AuthDBMType</a></li>
-
- <li><a
- href="#authdbmauthoritative">AuthDBMAuthoritative</a></li>
- </ul>
-
- <p>See also: <a href="core.html#satisfy">Satisfy</a> and <a
- href="core.html#require">Require</a>.</p>
- <hr />
-
- <h2><a id="authdbmgroupfile"
- name="authdbmgroupfile">AuthDBMGroupFile</a></h2>
- <!--%plaintext <?INDEX {\tt AuthDBMGroupFile} directive> -->
- <a href="directive-dict.html#Syntax"
- rel="Help"><strong>Syntax:</strong></a> AuthDBMGroupFile
- <em>file-path</em><br />
- <a href="directive-dict.html#Context"
- rel="Help"><strong>Context:</strong></a> directory,
- .htaccess<br />
- <a href="directive-dict.html#Override"
- rel="Help"><strong>Override:</strong></a> AuthConfig<br />
- <a href="directive-dict.html#Status"
- rel="Help"><strong>Status:</strong></a> Extension<br />
- <a href="directive-dict.html#Module"
- rel="Help"><strong>Module:</strong></a> mod_auth_dbm
-
- <p>The AuthDBMGroupFile directive sets the name of a DBM file
- containing the list of user groups for user authentication.
- <em>File-path</em> is the absolute path to the group file.</p>
-
- <p>The group file is keyed on the username. The value for a
+</usage>
+<hr>
+<h2>
+<a name="AuthDBMGroupFile">AuthDBMGroupFile</a> <a name="authdbmgroupfile">Directive</a>
+</h2>
+<table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc">
+<tr>
+<td>
+<table width="100%" bgcolor="#ffffff">
+<tr>
+<td><strong>Description: </strong></td><td>Sets the name of the database file containing the list
+of user groups for authentication</td>
+</tr>
+<tr>
+<td><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>
+<syntax>AuthDBMGroupFile <em>file-path</em>
+</syntax>
+</td>
+</tr>
+<tr>
+<td><a href="directive-dict.html#Context" class="help">Context:</a></td><td>directory, .htaccess</td>
+</tr>
+<tr>
+<td><a href="directive-dict.html#Override" class="help">Override:</a></td><td>AuthConfig</td>
+</tr>
+<tr>
+<td><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Extension</td>
+</tr>
+<tr>
+<td><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_auth_dbm</td>
+</tr>
+</table>
+</td>
+</tr>
+</table>
+<usage>
+
+<p>The <code class="directive">AuthDBMGroupFile</code> directive sets the
+ name of a DBM file containing the list of user groups for user
+ authentication. <em>File-path</em> is the absolute path to the
+ group file.</p>
+
+
+<p>The group file is keyed on the username. The value for a
user is a comma-separated list of the groups to which the users
belongs. There must be no whitespace within the value, and it
must never contain any colons.</p>
- <p>Security: make sure that the AuthDBMGroupFile is stored
- outside the document tree of the web-server; do <em>not</em>
- put it in the directory that it protects. Otherwise, clients
- will be able to download the AuthDBMGroupFile unless otherwise
- protected.</p>
+
+<p>Security: make sure that the
+ <code class="directive">AuthDBMGroupFile</code> is stored outside the
+ document tree of the web-server; do <em>not</em> put it in the
+ directory that it protects. Otherwise, clients will be able to
+ download the <code class="directive">AuthDBMGroupFile</code> unless
+ otherwise protected.</p>
- <p>Combining Group and Password DBM files: In some cases it is
+
+<p>Combining Group and Password DBM files: In some cases it is
easier to manage a single database which contains both the
password and group details for each user. This simplifies any
support programs that need to be written: they now only have to
accomplished by first setting the group and password files to
point to the same DBM:</p>
- <blockquote>
- <code>AuthDBMGroupFile /www/userbase<br />
- AuthDBMUserFile /www/userbase</code>
- </blockquote>
- The key for the single DBM is the username. The value consists
- of
-
- <blockquote>
- <code>Unix Crypt-ed Password : List of Groups [ : (ignored)
- ]</code>
- </blockquote>
- The password section contains the Unix crypt() password as
- before. This is followed by a colon and the comma separated
- list of groups. Other data may optionally be left in the DBM
- file after another colon; it is ignored by the authentication
+
+<blockquote>
+<table cellpadding="10">
+<tr>
+<td bgcolor="#eeeeee"><code>
+AuthDBMGroupFile /www/userbase<br>
+AuthDBMUserFile /www/userbase
+</code></td>
+</tr>
+</table>
+</blockquote>
+
+
+<p>The key for the single DBM is the username. The value consists
+ of</p>
+
+
+<blockquote>
+<table cellpadding="10">
+<tr>
+<td bgcolor="#eeeeee"><code>Unix Crypt-ed Password : List of Groups [ : (ignored)
+ ]</code></td>
+</tr>
+</table>
+</blockquote>
+
+
+<p>The password section contains the Unix <code>crypt()</code>
+ password as before. This is followed by a colon and the comma
+ separated list of groups. Other data may optionally be left in the
+ DBM file after another colon; it is ignored by the authentication
module. This is what www.telescope.org uses for its combined
- password and group database.
-
- <p>See also <a href="core.html#authname">AuthName</a>, <a
- href="core.html#authtype">AuthType</a> and <a
- href="#authdbmuserfile">AuthDBMUserFile</a>.</p>
- <hr />
-
- <h2><a id="authdbmuserfile"
- name="authdbmuserfile">AuthDBMUserFile</a></h2>
- <!--%plaintext <?INDEX {\tt AuthDBMUserFile} directive> -->
- <a href="directive-dict.html#Syntax"
- rel="Help"><strong>Syntax:</strong></a> AuthDBMUserFile
- <em>file-path</em><br />
- <a href="directive-dict.html#Context"
- rel="Help"><strong>Context:</strong></a> directory,
- .htaccess<br />
- <a href="directive-dict.html#Override"
- rel="Help"><strong>Override:</strong></a> AuthConfig<br />
- <a href="directive-dict.html#Status"
- rel="Help"><strong>Status:</strong></a> Extension<br />
- <a href="directive-dict.html#Module"
- rel="Help"><strong>Module:</strong></a> mod_auth_dbm
-
- <p>The AuthDBMUserFile directive sets the name of a DBM file
- containing the list of users and passwords for user
- authentication. <em>File-path</em> is the absolute path to the
- user file.</p>
-
- <p>The user file is keyed on the username. The value for a user
- is the crypt() encrypted password, optionally followed by a
- colon and arbitrary data. The colon and the data following it
+ password and group database.</p>
+
+</usage>
+<hr>
+<h2>
+<a name="AuthDBMType">AuthDBMType</a> <a name="authdbmtype">Directive</a>
+</h2>
+<table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc">
+<tr>
+<td>
+<table width="100%" bgcolor="#ffffff">
+<tr>
+<td><strong>Description: </strong></td><td>Sets the type of database file that is used to
+store passwords</td>
+</tr>
+<tr>
+<td><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>
+<syntax>AuthDBMType default|SDBM|GDBM|DB</syntax>
+</td>
+</tr>
+<tr>
+<td><a href="directive-dict.html#Default" class="help">Default:</a></td><td><code>AuthDBMType default</code></td>
+</tr>
+<tr>
+<td><a href="directive-dict.html#Context" class="help">Context:</a></td><td>directory, .htaccess</td>
+</tr>
+<tr>
+<td><a href="directive-dict.html#Override" class="help">Override:</a></td><td>AuthConfig</td>
+</tr>
+<tr>
+<td><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Extension</td>
+</tr>
+<tr>
+<td><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_auth_dbm</td>
+</tr>
+<tr>
+<td><a href="directive-dict.html#Compatibility" class="help">Compatibility:</a></td><td>Available in version 2.0.30 and later.</td>
+</tr>
+</table>
+</td>
+</tr>
+</table>
+<usage>
+
+
+<p>Sets the type of database file that is used to store the passwords.
+The default database type is determined at compile time. The
+availability of other types of database files also depends on
+compile-time settings.</p>
+
+
+<p>It is crucial that whatever program you use to create your password
+files is configured to use the same type of database.</p>
+
+</usage>
+<hr>
+<h2>
+<a name="AuthDBMUserFile">AuthDBMUserFile</a> <a name="authdbmuserfile">Directive</a>
+</h2>
+<table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc">
+<tr>
+<td>
+<table width="100%" bgcolor="#ffffff">
+<tr>
+<td><strong>Description: </strong></td><td>Sets thename of a database file containing the list of users and
+passwords for authentication</td>
+</tr>
+<tr>
+<td><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>
+<syntax>AuthDBMUserFile <em>file-path</em>
+</syntax>
+</td>
+</tr>
+<tr>
+<td><a href="directive-dict.html#Context" class="help">Context:</a></td><td>directory, .htaccess</td>
+</tr>
+<tr>
+<td><a href="directive-dict.html#Override" class="help">Override:</a></td><td>AuthConfig</td>
+</tr>
+<tr>
+<td><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Extension</td>
+</tr>
+<tr>
+<td><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_auth_dbm</td>
+</tr>
+</table>
+</td>
+</tr>
+</table>
+<usage>
+
+<p>The <code class="directive">AuthDBMUserFile</code> directive sets the
+ name of a DBM file containing the list of users and passwords for
+ user authentication. <em>File-path</em> is the absolute path to
+ the user file.</p>
+
+
+<p>The user file is keyed on the username. The value for a user is
+ the <code>crypt()</code> encrypted password, optionally followed
+ by a colon and arbitrary data. The colon and the data following it
will be ignored by the server.</p>
- <p>Security: make sure that the AuthDBMUserFile is stored
- outside the document tree of the web-server; do <em>not</em>
- put it in the directory that it protects. Otherwise, clients
- will be able to download the AuthDBMUserFile.</p>
+
+<p>Security: make sure that the
+ <code class="directive">AuthDBMUserFile</code> is stored outside the
+ document tree of the web-server; do <em>not</em> put it in the
+ directory that it protects. Otherwise, clients will be able to
+ download the <code class="directive">AuthDBMUserFile</code>.</p>
- <p>Important compatibility note: The implementation of
+
+<p>Important compatibility note: The implementation of
"dbmopen" in the apache modules reads the string length of the
hashed values from the DBM data structures, rather than relying
upon the string being NULL-appended. Some applications, such as
interchangeably between applications this may be a part of the
problem.</p>
- <p>A perl script called
+
+<p>A perl script called
<a href="../programs/dbmmanage.html">dbmmanage</a> is included with
Apache. This program can be used to create and update DBM
format password files for use with this module.</p>
- See also <a href="core.html#authname">AuthName</a>, <a
- href="core.html#authtype">AuthType</a> and <a
- href="#authdbmgroupfile">AuthDBMGroupFile</a>.
- <hr />
-
- <h2><a id="authdbmtype"
- name="authdbmtype">AuthDBMType</a></h2>
- <p><a href="directive-dict.html#Syntax"
- rel="Help"><strong>Syntax:</strong></a> AuthDBMType
- default|SDBM|GDBM|DB<br />
- <a href="directive-dict.html#Default"
- rel="Help"><strong>Default:</strong></a>
- <code>AuthDBMType default</code><br />
- <a href="directive-dict.html#Context"
- rel="Help"><strong>Context:</strong></a> directory,
- .htaccess<br />
- <a href="directive-dict.html#Override"
- rel="Help"><strong>Override:</strong></a> AuthConfig<br />
- <a href="directive-dict.html#Status"
- rel="Help"><strong>Status:</strong></a> Extension<br />
- <a href="directive-dict.html#Module"
- rel="Help"><strong>Module:</strong></a> mod_auth_dbm<br />
- <a href="directive-dict.html#Compatibility"
- rel="Help"><strong>Compatibility:</strong></a>
- Available in version 2.0.30 and later.</p>
-
-<p>Sets the type of database file that is used to store the passwords.
-The default database type is determined at compile time. The
-availability of other types of database files also depends on
-compile-time settings.</p>
-<p>It is crucial that whatever program you use to create your password
-files is configured to use the same type of database.</p>
-
- <hr />
- <h2><a id="authdbmauthoritative"
- name="authdbmauthoritative">AuthDBMAuthoritative</a></h2>
- <!--%plaintext <?INDEX {\tt AuthDBMAuthoritative} directive> -->
- <a href="directive-dict.html#Syntax"
- rel="Help"><strong>Syntax:</strong></a> AuthDBMAuthoritative
- on|off<br />
- <a href="directive-dict.html#Default"
- rel="Help"><strong>Default:</strong></a>
- <code>AuthDBMAuthoritative on</code><br />
- <a href="directive-dict.html#Context"
- rel="Help"><strong>Context:</strong></a> directory,
- .htaccess<br />
- <a href="directive-dict.html#Override"
- rel="Help"><strong>Override:</strong></a> AuthConfig<br />
- <a href="directive-dict.html#Status"
- rel="Help"><strong>Status:</strong></a> Extension<br />
- <a href="directive-dict.html#Module"
- rel="Help"><strong>Module:</strong></a> mod_auth_dbm
-
- <p>Setting the AuthDBMAuthoritative directive explicitly to
- <strong>'off'</strong> allows for both authentication and
- authorization to be passed on to lower level modules (as
- defined in the <code>Configuration</code> and
- <code>modules.c</code> file if there is <strong>no
- userID</strong> or <strong>rule</strong> matching the supplied
- userID. If there is a userID and/or rule specified; the usual
- password and access checks will be applied and a failure will
- give an Authorization Required reply.</p>
-
- <p>So if a userID appears in the database of more than one
- module; or if a valid <code>Require</code> directive applies to
- more than one module; then the first module will verify the
- credentials; and no access is passed on; regardless of the
- AuthAuthoritative setting.</p>
-
- <p>A common use for this is in conjunction with one of the
- basic auth modules; such as <a
- href="mod_auth.html"><code>mod_auth.c</code></a>. Whereas this
- DBM module supplies the bulk of the user credential checking; a
- few (administrator) related accesses fall through to a lower
- level with a well protected .htpasswd file.</p>
-
- <p>By default, control is not passed on and an unknown userID
- or rule will result in an Authorization Required reply. Not
- setting it thus keeps the system secure and forces an NCSA
- compliant behaviour.</p>
-
- <p>Security: Do consider the implications of allowing a user to
- allow fall-through in his .htaccess file; and verify that this
- is really what you want; Generally it is easier to just secure
- a single .htpasswd file, than it is to secure a database which
- might have more access interfaces.</p>
-
- <p>See also <a href="core.html#authname">AuthName</a>, <a
- href="core.html#authtype">AuthType</a> and <a
- href="#authdbmgroupfile">AuthDBMGroupFile</a>.</p>
-
- <p><!--#include virtual="footer.html" -->
- </p>
- </body>
+</usage>
+<hr>
+<h3 align="center">Apache HTTP Server Version 2.0</h3>
+<a href="./"><img alt="Index" src="../images/index.gif"></a><a href="../"><img alt="Home" src="../images/home.gif"></a>
+</blockquote>
+</body>
</html>
-
--- /dev/null
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="../style/manual.xsl"?>
+<modulesynopsis>
+
+<name>mod_auth_dbm</name>
+<description>Provides for user authentication using DBM
+ files</description>
+<status>Extension</status>
+<sourcefile>mod_auth_dbm.c</sourcefile>
+<identifier>auth_dbm_module</identifier>
+
+<summary>
+ <p>This module provides for HTTP Basic Authentication, where
+ the usernames and passwords are stored in DBM type database
+ files. It is an alternative to the plain text password files
+ provided by <module>mod_auth</module>.</p>
+</summary>
+
+<seealso><directive module="core">AuthName</directive></seealso>
+<seealso><directive module="core">AuthType</directive></seealso>
+<seealso><directive module="core">Require</directive></seealso>
+<seealso><directive module="core">Satisfy</directive></seealso>
+
+<directivesynopsis>
+<name>AuthDBMGroupFile</name>
+<description>Sets the name of the database file containing the list
+of user groups for authentication</description>
+<syntax>AuthDBMGroupFile <em>file-path</em></syntax>
+<contextlist><context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>AuthConfig</override>
+
+<usage>
+ <p>The <directive>AuthDBMGroupFile</directive> directive sets the
+ name of a DBM file containing the list of user groups for user
+ authentication. <em>File-path</em> is the absolute path to the
+ group file.</p>
+
+ <p>The group file is keyed on the username. The value for a
+ user is a comma-separated list of the groups to which the users
+ belongs. There must be no whitespace within the value, and it
+ must never contain any colons.</p>
+
+ <p>Security: make sure that the
+ <directive>AuthDBMGroupFile</directive> is stored outside the
+ document tree of the web-server; do <em>not</em> put it in the
+ directory that it protects. Otherwise, clients will be able to
+ download the <directive>AuthDBMGroupFile</directive> unless
+ otherwise protected.</p>
+
+ <p>Combining Group and Password DBM files: In some cases it is
+ easier to manage a single database which contains both the
+ password and group details for each user. This simplifies any
+ support programs that need to be written: they now only have to
+ deal with writing to and locking a single DBM file. This can be
+ accomplished by first setting the group and password files to
+ point to the same DBM:</p>
+
+<example>
+AuthDBMGroupFile /www/userbase<br />
+AuthDBMUserFile /www/userbase
+</example>
+
+ <p>The key for the single DBM is the username. The value consists
+ of</p>
+
+<example>Unix Crypt-ed Password : List of Groups [ : (ignored)
+ ]</example>
+
+ <p>The password section contains the Unix <code>crypt()</code>
+ password as before. This is followed by a colon and the comma
+ separated list of groups. Other data may optionally be left in the
+ DBM file after another colon; it is ignored by the authentication
+ module. This is what www.telescope.org uses for its combined
+ password and group database.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AuthDBMUserFile</name>
+<description>Sets thename of a database file containing the list of users and
+passwords for authentication</description>
+<syntax>AuthDBMUserFile <em>file-path</em></syntax>
+<contextlist><context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>AuthConfig</override>
+
+<usage>
+ <p>The <directive>AuthDBMUserFile</directive> directive sets the
+ name of a DBM file containing the list of users and passwords for
+ user authentication. <em>File-path</em> is the absolute path to
+ the user file.</p>
+
+ <p>The user file is keyed on the username. The value for a user is
+ the <code>crypt()</code> encrypted password, optionally followed
+ by a colon and arbitrary data. The colon and the data following it
+ will be ignored by the server.</p>
+
+ <p>Security: make sure that the
+ <directive>AuthDBMUserFile</directive> is stored outside the
+ document tree of the web-server; do <em>not</em> put it in the
+ directory that it protects. Otherwise, clients will be able to
+ download the <directive>AuthDBMUserFile</directive>.</p>
+
+ <p>Important compatibility note: The implementation of
+ "dbmopen" in the apache modules reads the string length of the
+ hashed values from the DBM data structures, rather than relying
+ upon the string being NULL-appended. Some applications, such as
+ the Netscape web server, rely upon the string being
+ NULL-appended, so if you are having trouble using DBM files
+ interchangeably between applications this may be a part of the
+ problem.</p>
+
+ <p>A perl script called
+ <a href="../programs/dbmmanage.html">dbmmanage</a> is included with
+ Apache. This program can be used to create and update DBM
+ format password files for use with this module.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AuthDBMType</name>
+<description>Sets the type of database file that is used to
+store passwords</description>
+<syntax>AuthDBMType default|SDBM|GDBM|DB</syntax>
+<default>AuthDBMType default</default>
+<contextlist><context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>AuthConfig</override>
+<compatibility>Available in version 2.0.30 and later.</compatibility>
+
+<usage>
+
+<p>Sets the type of database file that is used to store the passwords.
+The default database type is determined at compile time. The
+availability of other types of database files also depends on
+compile-time settings.</p>
+
+<p>It is crucial that whatever program you use to create your password
+files is configured to use the same type of database.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AuthDBMAuthoritative</name>
+<description>Sets whether authentication and authorization will be
+passwed on to lower level modules</description>
+<syntax>AuthDBMAuthoritative on|off</syntax>
+<default>AuthDBMAuthoritative on</default>
+<contextlist><context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>AuthConfig</override>
+
+<usage>
+
+<note>This information has not been updated to take into account the
+new module ordering techniques in Apache 2.0</note>
+
+ <p>Setting the <directive>AuthDBMAuthoritative</directive>
+ directive explicitly to <strong>'off'</strong> allows for both
+ authentication and authorization to be passed on to lower level
+ modules (as defined in the <code>Configuration</code> and
+ <code>modules.c</code> file if there is <strong>no userID</strong>
+ or <strong>rule</strong> matching the supplied userID. If there is
+ a userID and/or rule specified; the usual password and access
+ checks will be applied and a failure will give an Authorization
+ Required reply.</p>
+
+ <p>So if a userID appears in the database of more than one module;
+ or if a valid <directive module="core">Require</directive>
+ directive applies to more than one module; then the first module
+ will verify the credentials; and no access is passed on;
+ regardless of the <directive>AuthAuthoritative</directive> setting.</p>
+
+ <p>A common use for this is in conjunction with one of the
+ basic auth modules; such as <module>mod_auth</module>. Whereas this
+ DBM module supplies the bulk of the user credential checking; a
+ few (administrator) related accesses fall through to a lower
+ level with a well protected .htpasswd file.</p>
+
+ <p>By default, control is not passed on and an unknown userID
+ or rule will result in an Authorization Required reply. Not
+ setting it thus keeps the system secure and forces an NCSA
+ compliant behaviour.</p>
+
+ <p>Security: Do consider the implications of allowing a user to
+ allow fall-through in his .htaccess file; and verify that this
+ is really what you want; Generally it is easier to just secure
+ a single .htpasswd file, than it is to secure a database which
+ might have more access interfaces.</p>
+</usage>
+</directivesynopsis>
+
+</modulesynopsis>
\ No newline at end of file
projects / apache / commitdiff