XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
This file is generated from xml source: DO NOT EDIT
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- --><title>Module Index - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body id="module-index"><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs-project/">Documentation</a> > <a href="../">Version 2.0</a></div><div id="preamble"><h1>Module Index</h1>
+ --><title>Module Index - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body id="module-index"><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs-project/">Documentation</a> > <a href="../">Version 2.0</a></div><div id="page-content"><div id="preamble"><h1>Module Index</h1>
<p>
Below is a list of all of the modules that come as part of
the Apache distribution. See also the complete
alphabetical list of <a href="directives.html">all Apache
directives</a>.
</p>
- </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2>Core Features and Multi-Processing Modules</h2><dl><dt><a href="core.html">core</a></dt><dd>Core Apache HTTP Server features that are always
-available</dd><dt><a href="mpm_common.html">mpm_common</a></dt><dd>A collection of directives that are implemented by
-more than one multi-processing module (MPM)</dd><dt><a href="mpm_netware.html">mpm_netware</a></dt><dd>Multi-Processing Module implementing an exclusively threaded web
- server optimized for Novell NetWare</dd><dt><a href="mpm_winnt.html">mpm_winnt</a></dt><dd>This Multi-Processing Module is optimized for Windows
- NT.</dd><dt><a href="perchild.html">perchild</a></dt><dd>Multi-Processing Module allowing for daemon processes
+ </div><div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#core">Core Features and Multi-Processing Modules</a></li><li><img alt="" src="../images/down.gif" /> <a href="#other">Other Modules</a></li><li><img alt="" src="../images/down.gif" /> <a href="#obsolete">Obsolete Modules</a></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a id="core" name="core">Core Features and Multi-Processing Modules</a></h2><dl><dt><a href="core.html">core</a></dt><dd>Core Apache HTTP Server features that are always
+available</dd>
+<dt><a href="mpm_common.html">mpm_common</a></dt><dd>A collection of directives that are implemented by
+more than one multi-processing module (MPM)</dd>
+<dt><a href="mpm_netware.html">mpm_netware</a></dt><dd>Multi-Processing Module implementing an exclusively threaded web
+ server optimized for Novell NetWare</dd>
+<dt><a href="mpm_winnt.html">mpm_winnt</a></dt><dd>This Multi-Processing Module is optimized for Windows
+ NT.</dd>
+<dt><a href="perchild.html">perchild</a></dt><dd>Multi-Processing Module allowing for daemon processes
serving requests to be assigned a variety of different
- userids</dd><dt><a href="prefork.html">prefork</a></dt><dd>Implements a non-threaded, pre-forking web server</dd><dt><a href="worker.html">worker</a></dt><dd>Multi-Processing Module implementing a hybrid
- multi-threaded multi-process web server</dd></dl></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2>Other Modules</h2><dl><dt><a href="mod_actions.html">mod_actions</a></dt><dd>This module provides for executing CGI scripts based on
-media type or request method.</dd><dt><a href="mod_alias.html">mod_alias</a></dt><dd>Provides for mapping different parts of the host
- filesystem in the document tree and for URL redirection</dd><dt><a href="mod_asis.html">mod_asis</a></dt><dd>Sends files that contain their own
-HTTP headers</dd><dt><a href="mod_auth_basic.html">mod_auth_basic</a></dt><dd>Basic authentication</dd><dt><a href="mod_auth_digest.html">mod_auth_digest</a></dt><dd>User authentication using MD5
- Digest Authentication.</dd><dt><a href="mod_auth_ldap.html">mod_auth_ldap</a></dt><dd>Allows an LDAP directory to be used to store the database
-for HTTP Basic authentication.</dd><dt><a href="mod_authn_anon.html">mod_authn_anon</a></dt><dd>Allows "anonymous" user access to authenticated
- areas</dd><dt><a href="mod_authn_dbm.html">mod_authn_dbm</a></dt><dd>User authentication using DBM files</dd><dt><a href="mod_authn_file.html">mod_authn_file</a></dt><dd>User authentication using text files</dd><dt><a href="mod_authz_dbm.html">mod_authz_dbm</a></dt><dd>Group authorization using DBM files</dd><dt><a href="mod_authz_groupfile.html">mod_authz_groupfile</a></dt><dd>Group authorization using plaintext files</dd><dt><a href="mod_authz_host.html">mod_authz_host</a></dt><dd>Group authorizations based on host (name or IP
-address)</dd><dt><a href="mod_autoindex.html">mod_autoindex</a></dt><dd>Generates directory indexes,
+ userids</dd>
+<dt><a href="prefork.html">prefork</a></dt><dd>Implements a non-threaded, pre-forking web server</dd>
+<dt><a href="worker.html">worker</a></dt><dd>Multi-Processing Module implementing a hybrid
+ multi-threaded multi-process web server</dd>
+</dl></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a id="other" name="other">Other Modules</a></h2><dl><dt><a href="mod_actions.html">mod_actions</a></dt><dd>This module provides for executing CGI scripts based on
+media type or request method.</dd>
+<dt><a href="mod_alias.html">mod_alias</a></dt><dd>Provides for mapping different parts of the host
+ filesystem in the document tree and for URL redirection</dd>
+<dt><a href="mod_asis.html">mod_asis</a></dt><dd>Sends files that contain their own
+HTTP headers</dd>
+<dt><a href="mod_auth_basic.html">mod_auth_basic</a></dt><dd>Basic authentication</dd>
+<dt><a href="mod_auth_digest.html">mod_auth_digest</a></dt><dd>User authentication using MD5
+ Digest Authentication.</dd>
+<dt><a href="mod_auth_ldap.html">mod_auth_ldap</a></dt><dd>Allows an LDAP directory to be used to store the database
+for HTTP Basic authentication.</dd>
+<dt><a href="mod_authn_anon.html">mod_authn_anon</a></dt><dd>Allows "anonymous" user access to authenticated
+ areas</dd>
+<dt><a href="mod_authn_dbm.html">mod_authn_dbm</a></dt><dd>User authentication using DBM files</dd>
+<dt><a href="mod_authn_file.html">mod_authn_file</a></dt><dd>User authentication using text files</dd>
+<dt><a href="mod_authz_dbm.html">mod_authz_dbm</a></dt><dd>Group authorization using DBM files</dd>
+<dt><a href="mod_authz_groupfile.html">mod_authz_groupfile</a></dt><dd>Group authorization using plaintext files</dd>
+<dt><a href="mod_authz_host.html">mod_authz_host</a></dt><dd>Group authorizations based on host (name or IP
+address)</dd>
+<dt><a href="mod_autoindex.html">mod_autoindex</a></dt><dd>Generates directory indexes,
automatically, similar to the Unix <em>ls</em> command or the
- Win32 <em>dir</em> shell command</dd><dt><a href="mod_cache.html">mod_cache</a></dt><dd>Content cache keyed to URIs.</dd><dt><a href="mod_cern_meta.html">mod_cern_meta</a></dt><dd>CERN httpd metafile semantics</dd><dt><a href="mod_cgi.html">mod_cgi</a></dt><dd>Execution of CGI scripts</dd><dt><a href="mod_cgid.html">mod_cgid</a></dt><dd>Execution of CGI scripts using an
- external CGI daemon</dd><dt><a href="mod_charset_lite.html">mod_charset_lite</a></dt><dd>Specify character set translation or recoding</dd><dt><a href="mod_dav.html">mod_dav</a></dt><dd>Distributed Authoring and Versioning
-(<a href="http://www.webdav.org/">WebDAV</a>) functionality</dd><dt><a href="mod_deflate.html">mod_deflate</a></dt><dd>Compress content before
- it is delivered to the client</dd><dt><a href="mod_dir.html">mod_dir</a></dt><dd>Provides for "trailing slash" redirects and
- serving directory index files</dd><dt><a href="mod_echo.html">mod_echo</a></dt><dd>A simple echo server to illustrate protocol
-modules</dd><dt><a href="mod_env.html">mod_env</a></dt><dd>Modifies the environment which is
- passed to CGI scripts and SSI pages</dd><dt><a href="mod_example.html">mod_example</a></dt><dd>Illustrates the Apache module API</dd><dt><a href="mod_expires.html">mod_expires</a></dt><dd>Generation of
+ Win32 <em>dir</em> shell command</dd>
+<dt><a href="mod_cache.html">mod_cache</a></dt><dd>Content cache keyed to URIs.</dd>
+<dt><a href="mod_cern_meta.html">mod_cern_meta</a></dt><dd>CERN httpd metafile semantics</dd>
+<dt><a href="mod_cgi.html">mod_cgi</a></dt><dd>Execution of CGI scripts</dd>
+<dt><a href="mod_cgid.html">mod_cgid</a></dt><dd>Execution of CGI scripts using an
+ external CGI daemon</dd>
+<dt><a href="mod_charset_lite.html">mod_charset_lite</a></dt><dd>Specify character set translation or recoding</dd>
+<dt><a href="mod_dav.html">mod_dav</a></dt><dd>Distributed Authoring and Versioning
+(<a href="http://www.webdav.org/">WebDAV</a>) functionality</dd>
+<dt><a href="mod_deflate.html">mod_deflate</a></dt><dd>Compress content before
+ it is delivered to the client</dd>
+<dt><a href="mod_dir.html">mod_dir</a></dt><dd>Provides for "trailing slash" redirects and
+ serving directory index files</dd>
+<dt><a href="mod_echo.html">mod_echo</a></dt><dd>A simple echo server to illustrate protocol
+modules</dd>
+<dt><a href="mod_env.html">mod_env</a></dt><dd>Modifies the environment which is
+ passed to CGI scripts and SSI pages</dd>
+<dt><a href="mod_example.html">mod_example</a></dt><dd>Illustrates the Apache module API</dd>
+<dt><a href="mod_expires.html">mod_expires</a></dt><dd>Generation of
<code>Expires</code> HTTP headers according to user-specified
- criteria</dd><dt><a href="mod_ext_filter.html">mod_ext_filter</a></dt><dd>Pass the response body
+ criteria</dd>
+<dt><a href="mod_ext_filter.html">mod_ext_filter</a></dt><dd>Pass the response body
through an external program before delivery to the
- client</dd><dt><a href="mod_file_cache.html">mod_file_cache</a></dt><dd>Caches a static list of files in memory</dd><dt><a href="mod_headers.html">mod_headers</a></dt><dd>Customization of HTTP request
- and response headers</dd><dt><a href="mod_imap.html">mod_imap</a></dt><dd>Server-side imagemap processing</dd><dt><a href="mod_include.html">mod_include</a></dt><dd>Server-parsed html documents (Server Side Includes)</dd><dt><a href="mod_info.html">mod_info</a></dt><dd>Provides a comprehensive overview of the server
-configuration</dd><dt><a href="mod_isapi.html">mod_isapi</a></dt><dd>ISAPI Extensions within Apache for Windows</dd><dt><a href="mod_ldap.html">mod_ldap</a></dt><dd>LDAP connection pooling and result caching
-services for use by other LDAP modules</dd><dt><a href="mod_log_config.html">mod_log_config</a></dt><dd>Logging of the requests made to the server</dd><dt><a href="mod_logio.html">mod_logio</a></dt><dd>Logging of input and output bytes per request</dd><dt><a href="mod_mime.html">mod_mime</a></dt><dd>Associates the requested filename's extensions
+ client</dd>
+<dt><a href="mod_file_cache.html">mod_file_cache</a></dt><dd>Caches a static list of files in memory</dd>
+<dt><a href="mod_headers.html">mod_headers</a></dt><dd>Customization of HTTP request
+ and response headers</dd>
+<dt><a href="mod_imap.html">mod_imap</a></dt><dd>Server-side imagemap processing</dd>
+<dt><a href="mod_include.html">mod_include</a></dt><dd>Server-parsed html documents (Server Side Includes)</dd>
+<dt><a href="mod_info.html">mod_info</a></dt><dd>Provides a comprehensive overview of the server
+configuration</dd>
+<dt><a href="mod_isapi.html">mod_isapi</a></dt><dd>ISAPI Extensions within Apache for Windows</dd>
+<dt><a href="mod_ldap.html">mod_ldap</a></dt><dd>LDAP connection pooling and result caching
+services for use by other LDAP modules</dd>
+<dt><a href="mod_log_config.html">mod_log_config</a></dt><dd>Logging of the requests made to the server</dd>
+<dt><a href="mod_logio.html">mod_logio</a></dt><dd>Logging of input and output bytes per request</dd>
+<dt><a href="mod_mime.html">mod_mime</a></dt><dd>Associates the requested filename's extensions
with the file's behavior (handlers and filters)
and content (mime-type, language, character set and
- encoding)</dd><dt><a href="mod_mime_magic.html">mod_mime_magic</a></dt><dd>Determines the MIME type of a file
- by looking at a few bytes of its contents</dd><dt><a href="mod_negotiation.html">mod_negotiation</a></dt><dd>Provides for <a href="../content-negotiation.html">content negotiation</a></dd><dt><a href="mod_proxy.html">mod_proxy</a></dt><dd>HTTP/1.1 proxy/gateway server</dd><dt><a href="mod_rewrite.html">mod_rewrite</a></dt><dd>Provides a rule-based rewriting engine to rewrite requested
-URLs on the fly</dd><dt><a href="mod_setenvif.html">mod_setenvif</a></dt><dd>Allows the setting of environment variables based
-on characteristics of the request</dd><dt><a href="mod_so.html">mod_so</a></dt><dd>Loading of executable code and
-modules into the server at start-up or restart time</dd><dt><a href="mod_speling.html">mod_speling</a></dt><dd>Attempts to correct mistaken URLs that
+ encoding)</dd>
+<dt><a href="mod_mime_magic.html">mod_mime_magic</a></dt><dd>Determines the MIME type of a file
+ by looking at a few bytes of its contents</dd>
+<dt><a href="mod_negotiation.html">mod_negotiation</a></dt><dd>Provides for <a href="../content-negotiation.html">content negotiation</a></dd>
+<dt><a href="mod_proxy.html">mod_proxy</a></dt><dd>HTTP/1.1 proxy/gateway server</dd>
+<dt><a href="mod_rewrite.html">mod_rewrite</a></dt><dd>Provides a rule-based rewriting engine to rewrite requested
+URLs on the fly</dd>
+<dt><a href="mod_setenvif.html">mod_setenvif</a></dt><dd>Allows the setting of environment variables based
+on characteristics of the request</dd>
+<dt><a href="mod_so.html">mod_so</a></dt><dd>Loading of executable code and
+modules into the server at start-up or restart time</dd>
+<dt><a href="mod_speling.html">mod_speling</a></dt><dd>Attempts to correct mistaken URLs that
users might have entered by ignoring capitalization and by
-allowing up to one misspelling</dd><dt><a href="mod_ssl.html">mod_ssl</a></dt><dd>Strong cryptography using the Secure Sockets
-Layer (SSL) and Transport Layer Security (TLS) protocols</dd><dt><a href="mod_status.html">mod_status</a></dt><dd>Provides information on server activity and
-performance</dd><dt><a href="mod_suexec.html">mod_suexec</a></dt><dd>Allows CGI scripts to run as a specified user
-and Group</dd><dt><a href="mod_unique_id.html">mod_unique_id</a></dt><dd>Provides an environment variable with a unique
-identifier for each request</dd><dt><a href="mod_userdir.html">mod_userdir</a></dt><dd>User-specific directories</dd><dt><a href="mod_usertrack.html">mod_usertrack</a></dt><dd>
+allowing up to one misspelling</dd>
+<dt><a href="mod_ssl.html">mod_ssl</a></dt><dd>Strong cryptography using the Secure Sockets
+Layer (SSL) and Transport Layer Security (TLS) protocols</dd>
+<dt><a href="mod_status.html">mod_status</a></dt><dd>Provides information on server activity and
+performance</dd>
+<dt><a href="mod_suexec.html">mod_suexec</a></dt><dd>Allows CGI scripts to run as a specified user
+and Group</dd>
+<dt><a href="mod_unique_id.html">mod_unique_id</a></dt><dd>Provides an environment variable with a unique
+identifier for each request</dd>
+<dt><a href="mod_userdir.html">mod_userdir</a></dt><dd>User-specific directories</dd>
+<dt><a href="mod_usertrack.html">mod_usertrack</a></dt><dd>
<em>Clickstream</em> logging of user activity on a site
-</dd><dt><a href="mod_vhost_alias.html">mod_vhost_alias</a></dt><dd>Provides for dynamically configured mass virtual
-hosting</dd></dl></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
\ No newline at end of file
+</dd>
+<dt><a href="mod_vhost_alias.html">mod_vhost_alias</a></dt><dd>Provides for dynamically configured mass virtual
+hosting</dd>
+</dl></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a id="obsolete" name="obsolete">Obsolete Modules</a></h2><dl><dt><a href="obs_mod_access.html">mod_access</a></dt><dd><em>(replaced by <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code> since 2.0.44)</em><br />Provides access control based on client hostname, IP
+address, or other characteristics of the client request.</dd>
+<dt><a href="obs_mod_auth.html">mod_auth</a></dt><dd><em>(obsolete since 2.0.44)</em><br />User authentication using text files</dd>
+<dt><a href="obs_mod_auth_anon.html">mod_auth_anon</a></dt><dd><em>(replaced by <code class="module"><a href="../mod/mod_authn_anon.html">mod_authn_anon</a></code> since 2.0.44)</em><br />Allows "anonymous" user access to authenticated
+ areas</dd>
+<dt><a href="obs_mod_auth_dbm.html">mod_auth_dbm</a></dt><dd><em>(obsolete since 2.0.44)</em><br />Provides for user authentication using DBM
+ files</dd>
+<dt><a href="obs_mod_auth_digest.html">mod_auth_digest</a></dt><dd><em>(obsolete since 2.0.44)</em><br />User authentication using MD5
+ Digest Authentication.</dd>
+</dl></div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ --><title>mod_access - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs-project/">Documentation</a> > <a href="../">Version 2.0</a> > <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Obsolete Apache Module mod_access</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description:
+ </a></th><td>Provides access control based on client hostname, IP
+address, or other characteristics of the client request.</td></tr><tr><th><a href="module-dict.html#Status">Status:
+ </a></th><td>Obsolete<em> (replaced by <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code> since 2.0.44)</em><br /></td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:
+ </a></th><td>access_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File:
+ </a></th><td>mod_access.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
+ </a></th><td>Available only in versions up to 2.0.43</td></tr></table><h3>Summary</h3>
+ <div class="warning"><h3>This module is obsolete!</h3>
+ <p>Note, that this module has been marked as obsolete. A bunch
+ of modules was introduced in Apache version 2.0.44 that
+ support the new Authentication/Authorization provider mechnism.</p>
+
+ <p>If you want to use host based access control, you have to invoke the
+ <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code> module now.</p>
+
+ <p>This document is kept only for historical reasons and no
+ longer maintained.</p>
+ </div>
+
+ <p>The directives provided by mod_access are used in <code class="directive"><a href="../mod/core.html#directory"><Directory></a></code>, <code class="directive"><a href="../mod/core.html#files"><Files></a></code>, and <code class="directive"><a href="../mod/core.html#location"><Location></a></code> sections as well as
+ <code><a href="core.html#accessfilename">.htaccess</a></code>
+ files to control access to particular parts of the server. Access
+ can be controlled based on the client hostname, IP address, or
+ other characteristics of the client request, as captured in <a href="../env.html">environment variables</a>. The <code class="directive"><a href="#allow">Allow</a></code> and <code class="directive"><a href="#deny">Deny</a></code> directives are used to
+ specify which clients are or are not allowed access to the server,
+ while the <code class="directive"><a href="#order">Order</a></code>
+ directive sets the default access state, and configures how the
+ <code class="directive"><a href="#allow">Allow</a></code> and <code class="directive"><a href="#deny">Deny</a></code> directives interact with each
+ other.</p>
+
+ <p>Both host-based access restrictions and password-based
+ authentication may be implemented simultaneously. In that case,
+ the <code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code> directive is used
+ to determine how the two sets of restrictions interact.</p>
+
+ <p>In general, access restriction directives apply to all
+ access methods (<code>GET</code>, <code>PUT</code>,
+ <code>POST</code>, etc). This is the desired behavior in most
+ cases. However, it is possible to restrict some methods, while
+ leaving other methods unrestricted, by enclosing the directives
+ in a <code class="directive"><a href="../mod/core.html#limit"><Limit></a></code> section.</p>
+</div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#allow">Allow</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#deny">Deny</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#order">Order</a></li>
+</ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Allow" id="Allow">Allow</a> <a name="allow" id="allow">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+ </a></th><td>Controls which hosts can access an area of the
+server</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code> Allow from
+ all|<var>host</var>|env=<var>env-variable</var>
+ [<var>host</var>|env=<var>env-variable</var>] ...</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
+ </a></th><td>Limit</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>mod_access</td></tr></table>
+
+ <p>The <code class="directive">Allow</code> directive affects which hosts can
+ access an area of the server. Access can be controlled by
+ hostname, IP Address, IP Address range, or by other
+ characteristics of the client request captured in environment
+ variables.</p>
+
+ <p>The first argument to this directive is always
+ <code>from</code>. The subsequent arguments can take three
+ different forms. If <code>Allow from all</code> is specified, then
+ all hosts are allowed access, subject to the configuration of the
+ <code class="directive"><a href="#deny">Deny</a></code> and <code class="directive"><a href="#order">Order</a></code> directives as discussed
+ below. To allow only particular hosts or groups of hosts to access
+ the server, the <var>host</var> can be specified in any of the
+ following formats:</p>
+
+ <dl>
+ <dt>A (partial) domain-name</dt>
+
+ <dd>Example: <code>Allow from apache.org</code><br />
+ Hosts whose names match, or end in, this string are allowed
+ access. Only complete components are matched, so the above
+ example will match <code>foo.apache.org</code> but it will
+ not match <code>fooapache.org</code>. This configuration will
+ cause the server to perform a reverse DNS lookup on the
+ client IP address, regardless of the setting of the <code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code>
+ directive.</dd>
+
+ <dt>A full IP address</dt>
+
+ <dd>Example: <code>Allow from 10.1.2.3</code><br />
+ An IP address of a host allowed access</dd>
+
+ <dt>A partial IP address</dt>
+
+ <dd>Example: <code>Allow from 10.1</code><br />
+ The first 1 to 3 bytes of an IP address, for subnet
+ restriction.</dd>
+
+ <dt>A network/netmask pair</dt>
+
+ <dd>Example: <code>Allow from
+ 10.1.0.0/255.255.0.0</code><br />
+ A network a.b.c.d, and a netmask w.x.y.z. For more
+ fine-grained subnet restriction.</dd>
+
+ <dt>A network/nnn CIDR specification</dt>
+
+ <dd>Example: <code>Allow from 10.1.0.0/16</code><br />
+ Similar to the previous case, except the netmask consists of
+ nnn high-order 1 bits.</dd>
+ </dl>
+
+ <p>Note that the last three examples above match exactly the
+ same set of hosts.</p>
+
+ <p>IPv6 addresses and IPv6 subnets can be specified as shown
+ below:</p>
+
+ <div class="example"><p><code>
+ Allow from fe80::a00:20ff:fea7:ccea<br />
+ Allow from fe80::a00:20ff:fea7:ccea/10
+ </code></p></div>
+
+ <p>The third format of the arguments to the
+ <code class="directive">Allow</code> directive allows access to the server
+ to be controlled based on the existence of an <a href="../env.html">environment variable</a>. When <code>Allow from
+ env=<var>env-variable</var></code> is specified, then the request is
+ allowed access if the environment variable <var>env-variable</var>
+ exists. The server provides the ability to set environment
+ variables in a flexible way based on characteristics of the client
+ request using the directives provided by
+ <code class="module"><a href="../mod/mod_setenvif.html">mod_setenvif</a></code>. Therefore, this directive can be
+ used to allow access based on such factors as the clients
+ <code>User-Agent</code> (browser type), <code>Referer</code>, or
+ other HTTP request header fields.</p>
+
+ <div class="example"><h3>Example:</h3><p><code>
+ SetEnvIf User-Agent ^KnockKnock/2.0 let_me_in<br />
+ <Directory /docroot><br />
+ <span class="indent">
+ Order Deny,Allow<br />
+ Deny from all<br />
+ Allow from env=let_me_in<br />
+ </span>
+ </Directory>
+ </code></p></div>
+
+ <p>In this case, browsers with a user-agent string beginning
+ with <code>KnockKnock/2.0</code> will be allowed access, and all
+ others will be denied.</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Deny" id="Deny">Deny</a> <a name="deny" id="deny">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+ </a></th><td>Controls which hosts are denied access to the
+server</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code> Deny from
+ all|<var>host</var>|env=<var>env-variable</var>
+ [<var>host</var>|env=<var>env-variable</var>] ...</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
+ </a></th><td>Limit</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>mod_access</td></tr></table>
+ <p>This directive allows access to the server to be restricted
+ based on hostname, IP address, or environment variables. The
+ arguments for the <code class="directive">Deny</code> directive are
+ identical to the arguments for the <code class="directive"><a href="#allow">Allow</a></code> directive.</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Order" id="Order">Order</a> <a name="order" id="order">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+ </a></th><td>Controls the default access state and the order in which
+Allow and Deny are
+evaluated.</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code> Order <var>ordering</var></code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
+ </a></th><td><code>Order Deny,Allow</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
+ </a></th><td>Limit</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>mod_access</td></tr></table>
+
+ <p>The <code class="directive">Order</code> directive controls the default
+ access state and the order in which <code class="directive"><a href="#allow">Allow</a></code> and <code class="directive"><a href="#deny">Deny</a></code> directives are evaluated.
+ <var>Ordering</var> is one of</p>
+
+ <dl>
+ <dt>Deny,Allow</dt>
+
+ <dd>The <code class="directive"><a href="#deny">Deny</a></code> directives
+ are evaluated before the <code class="directive"><a href="#allow">Allow</a></code> directives. Access is
+ allowed by default. Any client which does not match a
+ <code class="directive"><a href="#deny">Deny</a></code> directive or does
+ match an <code class="directive"><a href="#allow">Allow</a></code>
+ directive will be allowed access to the server.</dd>
+
+ <dt>Allow,Deny</dt>
+
+ <dd>The <code class="directive"><a href="#allow">Allow</a></code>
+ directives are evaluated before the <code class="directive"><a href="#deny">Deny</a></code> directives. Access is denied
+ by default. Any client which does not match an <code class="directive"><a href="#allow">Allow</a></code> directive or does match a
+ <code class="directive"><a href="#deny">Deny</a></code> directive will be
+ denied access to the server.</dd>
+
+ <dt>Mutual-failure</dt>
+
+ <dd>Only those hosts which appear on the <code class="directive"><a href="#allow">Allow</a></code> list and do not appear on
+ the <code class="directive"><a href="#deny">Deny</a></code> list are
+ granted access. This ordering has the same effect as <code>Order
+ Allow,Deny</code> and is deprecated in favor of that
+ configuration.</dd>
+ </dl>
+
+ <p>Keywords may only be separated by a comma; no whitespace is
+ allowed between them. Note that in all cases every <code class="directive"><a href="#allow">Allow</a></code> and <code class="directive"><a href="#deny">Deny</a></code> statement is evaluated.</p>
+
+ <p>In the following example, all hosts in the apache.org domain
+ are allowed access; all other hosts are denied access.</p>
+
+ <div class="example"><p><code>
+ Order Deny,Allow<br />
+ Deny from all<br />
+ Allow from apache.org
+ </code></p></div>
+
+ <p>In the next example, all hosts in the apache.org domain are
+ allowed access, except for the hosts which are in the
+ foo.apache.org subdomain, who are denied access. All hosts not
+ in the apache.org domain are denied access because the default
+ state is to deny access to the server.</p>
+
+ <div class="example"><p><code>
+ Order Allow,Deny<br />
+ Allow from apache.org<br />
+ Deny from foo.apache.org
+ </code></p></div>
+
+ <p>On the other hand, if the <code class="directive">Order</code> in the last
+ example is changed to <code>Deny,Allow</code>, all hosts will
+ be allowed access. This happens because, regardless of the
+ actual ordering of the directives in the configuration file,
+ the <code>Allow from apache.org</code> will be evaluated last
+ and will override the <code>Deny from foo.apache.org</code>.
+ All hosts not in the <code>apache.org</code> domain will also
+ be allowed access because the default state will change to
+ <var>allow</var>.</p>
+
+ <p>The presence of an <code class="directive">Order</code> directive can affect
+ access to a part of the server even in the absence of accompanying
+ <code class="directive"><a href="#allow">Allow</a></code> and <code class="directive"><a href="#deny">Deny</a></code> directives because of its effect
+ on the default access state. For example,</p>
+
+ <div class="example"><p><code>
+ <Directory /www><br />
+ <span class="indent">
+ Order Allow,Deny<br />
+ </span>
+ </Directory>
+ </code></p></div>
+
+ <p>will deny all access to the <code>/www</code> directory
+ because the default access state will be set to
+ <var>deny</var>.</p>
+
+ <p>The <code class="directive">Order</code> directive controls the order of access
+ directive processing only within each phase of the server's
+ configuration processing. This implies, for example, that an
+ <code class="directive"><a href="#allow">Allow</a></code> or <code class="directive"><a href="#deny">Deny</a></code> directive occurring in a
+ <code class="directive"><a href="../mod/core.html#location"><Location></a></code> section will
+ always be evaluated after an <code class="directive"><a href="#allow">Allow</a></code> or <code class="directive"><a href="#deny">Deny</a></code> directive occurring in a
+ <code class="directive"><a href="../mod/core.html#directory"><Directory></a></code> section or
+ <code>.htaccess</code> file, regardless of the setting of the
+ <code class="directive">Order</code> directive. For details on the merging
+ of configuration sections, see the documentation on <a href="../sections.html">How Directory, Location and Files sections
+ work</a>.</p>
+</div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ --><title>mod_auth - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs-project/">Documentation</a> > <a href="../">Version 2.0</a> > <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Obsolete Apache Module mod_auth</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description:
+ </a></th><td>User authentication using text files</td></tr><tr><th><a href="module-dict.html#Status">Status:
+ </a></th><td>Obsolete<em> (obsolete since 2.0.44)</em><br /></td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:
+ </a></th><td>auth_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File:
+ </a></th><td>mod_auth.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
+ </a></th><td>Available only in versions up to 2.0.43</td></tr></table><h3>Summary</h3>
+ <div class="warning"><h3>This module is obsolete!</h3>
+ <p>Note, that this module has been marked as obsolete. A bunch
+ of modules was introduced in Apache version 2.0.44 that
+ support the new Authentication/Authorization provider mechnism.</p>
+
+ <p>In order to get the ability of HTTP Basic Authentication, you have
+ to use the <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code> module that implements
+ the HTTP part. <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code> provides for user
+ authentication based on plain text files. File based group
+ authorization is now done by the <code class="module"><a href="../mod/mod_authz_groupfile.html">mod_authz_groupfile</a></code>
+ module.</p>
+
+ <p>This document is kept only for historical reasons and no
+ longer maintained.</p>
+ </div>
+
+ <p>This module allows the use of HTTP Basic Authentication to
+ restrict access by looking up users in plain text password and
+ group files. Similar functionality and greater scalability is
+ provided by <code class="module"><a href="../mod/obs_mod_auth_dbm.html">mod_auth_dbm</a></code>. HTTP Digest
+ Authentication is provided by
+ <code class="module"><a href="../mod/obs_mod_auth_digest.html">mod_auth_digest</a></code>.</p>
+
+</div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authauthoritative">AuthAuthoritative</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#authgroupfile">AuthGroupFile</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#authuserfile">AuthUserFile</a></li>
+</ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthAuthoritative" id="AuthAuthoritative">AuthAuthoritative</a> <a name="authauthoritative" id="authauthoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+ </a></th><td>Sets whether authorization and authentication are
+passed to lower level modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code>AuthAuthoritative on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
+ </a></th><td><code>AuthAuthoritative on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
+ </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>mod_auth</td></tr></table>
+ <div class="note">This information has not been updated for Apache 2.0, which
+ uses a different system for module ordering.</div>
+
+ <p>Setting the <code class="directive">AuthAuthoritative</code> directive
+ explicitly to <strong>'off'</strong> allows for both
+ authentication and authorization to be passed on to lower level
+ modules (as defined in the <code>Configuration</code> and
+ <code>modules.c</code> files) if there is <strong>no
+ userID</strong> or <strong>rule</strong> matching the supplied
+ userID. If there is a userID and/or rule specified; the usual
+ password and access checks will be applied and a failure will give
+ an Authorization Required reply.</p>
+
+ <p>So if a userID appears in the database of more than one module;
+ or if a valid <code class="directive"><a href="../mod/core.html#require">Require</a></code>
+ directive applies to more than one module; then the first module
+ will verify the credentials; and no access is passed on;
+ regardless of the AuthAuthoritative setting.</p>
+
+ <p>A common use for this is in conjunction with one of the
+ database modules; such as <code class="module"><a href="../mod/obs_mod_auth_dbm.html">mod_auth_dbm</a></code>,
+ <code>mod_auth_msql</code>, and <code class="module"><a href="../mod/obs_mod_auth_anon.html">mod_auth_anon</a></code>.
+ These modules supply the bulk of the user credential checking; but
+ a few (administrator) related accesses fall through to a lower
+ level with a well protected <code class="directive"><a href="#authuserfile">AuthUserFile</a></code>.</p>
+
+ <p>By default; control is not passed on; and an unknown userID or
+ rule will result in an Authorization Required reply. Not setting
+ it thus keeps the system secure; and forces an NCSA compliant
+ behaviour.</p>
+
+ <div class="note"><h3>Security</h3> Do consider the implications of
+ allowing a user to allow fall-through in his .htaccess file; and
+ verify that this is really what you want; Generally it is easier
+ to just secure a single .htpasswd file, than it is to secure a
+ database such as mSQL. Make sure that the <code class="directive"><a href="#authuserfile">AuthUserFile</a></code> and the <code class="directive"><a href="#authgroupfile">AuthGroupFile</a></code> are stored outside the
+ document tree of the web-server; do <em>not</em> put them in the
+ directory that they protect. Otherwise, clients will be able to
+ download the <code class="directive"><a href="#authuserfile">AuthUserFile</a></code>
+ and the <code class="directive"><a href="#authgroupfile">AuthGroupFile</a></code>.
+ </div>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthGroupFile" id="AuthGroupFile">AuthGroupFile</a> <a name="authgroupfile" id="authgroupfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+ </a></th><td>Sets the name of a text file containing the list
+of user groups for authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code>AuthGroupFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
+ </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>mod_auth</td></tr></table>
+ <p>The <code class="directive">AuthGroupFile</code> directive sets the
+ name of a textual file containing the list of user groups for user
+ authentication. <var>File-path</var> is the path to the group
+ file. If it is not absolute (<em>i.e.</em>, if it doesn't begin
+ with a slash), it is treated as relative to the <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.</p>
+
+ <p>Each line of the group file contains a groupname followed by a
+ colon, followed by the member usernames separated by spaces.
+ Example:</p>
+
+ <div class="example"><p><code>mygroup: bob joe anne</code></p></div>
+
+ <p>Note that searching large text files is <em>very</em>
+ inefficient; <code class="directive"><a href="../mod/obs_mod_auth_dbm.html#authdbmgroupfile">AuthDBMGroupFile</a></code> should be used
+ instead.</p>
+
+ <div class="note"><h3>Security</h3>
+ <p>Make sure that the <code class="directive">AuthGroupFile</code> is
+ stored outside the document tree of the web-server; do <em>not</em>
+ put it in the directory that it protects. Otherwise, clients will
+ be able to download the <code class="directive">AuthGroupFile</code>.</p>
+ </div>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthUserFile" id="AuthUserFile">AuthUserFile</a> <a name="authuserfile" id="authuserfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+ </a></th><td>Sets the name of a text file containing the list of users and
+passwords for authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code>AuthUserFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
+ </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>mod_auth</td></tr></table>
+ <p>The <code class="directive">AuthUserFile</code> directive sets the name
+ of a textual file containing the list of users and passwords for
+ user authentication. <var>File-path</var> is the path to the user
+ file. If it is not absolute (<em>i.e.</em>, if it doesn't begin
+ with a slash), it is treated as relative to the <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.</p>
+
+ <p>Each line of the user file contains a username followed by
+ a colon, followed by the <code>crypt()</code> encrypted
+ password. The behavior of multiple occurrences of the same user is
+ undefined.</p>
+
+ <p>The utility <a href="../programs/htpasswd.html">htpasswd</a>
+ which is installed as part of the binary distribution, or which
+ can be found in <code>src/support</code>, is used to maintain
+ this password file. See the <code>man</code> page for more
+ details. In short:</p>
+
+ <p>Create a password file 'Filename' with 'username' as the
+ initial ID. It will prompt for the password:</p>
+
+ <div class="example"><p><code>htpasswd -c Filename username</code></p></div>
+
+ <p>Add or modify 'username2' in the password file 'Filename':</p>
+
+ <div class="example"><p><code>htpasswd Filename username2</code></p></div>
+
+ <p>Note that searching large text files is <em>very</em>
+ inefficient; <code class="directive"><a href="../mod/obs_mod_auth_dbm.html#authdbmuserfile">AuthDBMUserFile</a></code> should be used
+ instead.</p>
+
+ <div class="note"><h3>Security</h3>
+ <p>Make sure that the <code class="directive">AuthUserFile</code> is
+ stored outside the document tree of the web-server; do <em>not</em>
+ put it in the directory that it protects. Otherwise, clients will
+ be able to download the <code class="directive">AuthUserFile</code>.</p>
+ </div>
+</div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ --><title>mod_auth_anon - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs-project/">Documentation</a> > <a href="../">Version 2.0</a> > <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Obsolete Apache Module mod_auth_anon</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description:
+ </a></th><td>Allows "anonymous" user access to authenticated
+ areas</td></tr><tr><th><a href="module-dict.html#Status">Status:
+ </a></th><td>Obsolete<em> (replaced by <code class="module"><a href="../mod/mod_authn_anon.html">mod_authn_anon</a></code> since 2.0.44)</em><br /></td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:
+ </a></th><td>auth_anon_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File:
+ </a></th><td>mod_auth_anon.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
+ </a></th><td>Available only in versions up to 2.0.43</td></tr></table><h3>Summary</h3>
+ <div class="warning"><h3>This module is obsolete!</h3>
+ <p>Note, that this module has been marked as obsolete. A bunch
+ of modules was introduced in Apache version 2.0.44 that
+ support the new Authentication/Authorization provider mechnism.</p>
+
+ <p>In order to get the same functionality, you have to invoke the
+ <code class="module"><a href="../mod/mod_authn_anon.html">mod_authn_anon</a></code> module now.</p>
+
+
+
+
+ <p>This document is kept only for historical reasons and no
+ longer maintained.</p>
+ </div>
+
+ <p>This module does access control in a manner similar to
+ anonymous-ftp sites; <em>i.e.</em> have a 'magic' user id
+ 'anonymous' and the email address as a password. These email
+ addresses can be logged.</p>
+
+ <p>Combined with other (database) access control methods, this
+ allows for effective user tracking and customization according
+ to a user profile while still keeping the site open for
+ 'unregistered' users. One advantage of using Auth-based user
+ tracking is that, unlike magic-cookies and funny URL
+ pre/postfixes, it is completely browser independent and it
+ allows users to share URLs.</p>
+</div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#anonymous">Anonymous</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#anonymous_authoritative">Anonymous_Authoritative</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#anonymous_logemail">Anonymous_LogEmail</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#anonymous_mustgiveemail">Anonymous_MustGiveEmail</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#anonymous_nouserid">Anonymous_NoUserID</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#anonymous_verifyemail">Anonymous_VerifyEmail</a></li>
+</ul><h3>Topics</h3><ul id="topics"><li><img alt="" src="../images/down.gif" /> <a href="#example">Example</a></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="example" id="example">Example</a></h2>
+
+ <p>The example below (when combined with the Auth directives of a
+ htpasswd-file based (or GDM, mSQL etc.) base access
+ control system allows users in as 'guests' with the following
+ properties:</p>
+
+ <ul>
+ <li>It insists that the user enters a userId.
+ (<code>Anonymous_NoUserId</code>)</li>
+
+ <li>It insists that the user enters a password.
+ (<code>Anonymous_MustGiveEmail</code>)</li>
+
+ <li>The password entered must be a valid email address, ie.
+ contain at least one '@' and a '.'.
+ (<code>Anonymous_VerifyEmail</code>)</li>
+
+ <li>The userID must be one of <code>anonymous guest www test
+ welcome</code> and comparison is <strong>not</strong> case
+ sensitive.</li>
+
+ <li>And the Email addresses entered in the passwd field are
+ logged to the error log file
+ (<code>Anonymous_LogEmail</code>)</li>
+ </ul>
+
+ <p>Excerpt of httpd.conf:</p>
+
+ <div class="example"><p><code>
+ Anonymous_NoUserId off<br />
+ Anonymous_MustGiveEmail on<br />
+ Anonymous_VerifyEmail on<br />
+ Anonymous_LogEmail on<br />
+ Anonymous anonymous guest www test welcome<br />
+ <br />
+ AuthName "Use 'anonymous' & Email address for guest entry"<br />
+ AuthType basic<br />
+ <br />
+ # An
+ AuthUserFile/AuthDBUserFile/AuthDBMUserFile<br />
+ # directive must be specified, or use<br />
+ # Anonymous_Authoritative for public access.<br />
+ # In the .htaccess for the public directory, add:<br />
+ <Files *><br />
+ <span class="indent">
+ Order Deny,Allow<br />
+ Allow from all<br />
+ <br />
+ Require valid-user<br />
+ </span>
+ </Files>
+ </code></p></div>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous" id="Anonymous">Anonymous</a> <a name="anonymous" id="anonymous">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+ </a></th><td>Specifies userIDs that areallowed access without
+password verification</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code>Anonymous <var>user</var> [<var>user</var>] ...</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
+ </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>mod_auth_anon</td></tr></table>
+ <p>A list of one or more 'magic' userIDs which are allowed
+ access without password verification. The userIDs are space
+ separated. It is possible to use the ' and " quotes to allow a
+ space in a userID as well as the \ escape character.</p>
+
+ <p>Please note that the comparison is
+ <strong>case-IN-sensitive</strong>.<br />
+ I strongly suggest that the magic username
+ '<code>anonymous</code>' is always one of the allowed
+ userIDs.</p>
+
+ <div class="example"><h3>Example:</h3><p><code>
+ Anonymous anonymous "Not Registered" 'I don\'t know'
+ </code></p></div>
+
+ <p>This would allow the user to enter without password
+ verification by using the userId's 'anonymous',
+ 'AnonyMous','Not Registered' and 'I Don't Know'.</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous_Authoritative" id="Anonymous_Authoritative">Anonymous_Authoritative</a> <a name="anonymous_authoritative" id="anonymous_authoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+ </a></th><td>Configures if authorization will fall-through
+to other methods</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code>Anonymous_Authoritative on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
+ </a></th><td><code>Anonymous_Authoritative off</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
+ </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>mod_auth_anon</td></tr></table>
+ <p>When set 'on', there is no fall-through to other authorization
+ methods. So if a userID does not match the values specified in the
+ <code class="directive"><a href="#anonymous">Anonymous</a></code> directive,
+ access is denied.</p>
+
+ <p>Be sure you know what you are doing when you decide to
+ switch it on. And remember that it is the linking order of the
+ modules (in the Configuration / Make file) which details the
+ order in which the Authorization modules are queried.</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous_LogEmail" id="Anonymous_LogEmail">Anonymous_LogEmail</a> <a name="anonymous_logemail" id="anonymous_logemail">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+ </a></th><td>Sets whether the password entered will be logged in the
+error log</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code>Anonymous_LogEmail on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
+ </a></th><td><code>Anonymous_LogEmail on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
+ </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>mod_auth_anon</td></tr></table>
+ <p>When set <code>on</code>, the default, the 'password' entered
+ (which hopefully contains a sensible email address) is logged in
+ the error log.</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous_MustGiveEmail" id="Anonymous_MustGiveEmail">Anonymous_MustGiveEmail</a> <a name="anonymous_mustgiveemail" id="anonymous_mustgiveemail">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+ </a></th><td>Specifies whether blank passwords are allowed</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code>Anonymous_MustGiveEmail on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
+ </a></th><td><code>Anonymous_MustGiveEmail on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
+ </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>mod_auth_anon</td></tr></table>
+ <p>Specifies whether the user must specify an email address as
+ the password. This prohibits blank passwords.</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous_NoUserID" id="Anonymous_NoUserID">Anonymous_NoUserID</a> <a name="anonymous_nouserid" id="anonymous_nouserid">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+ </a></th><td>Sets whether the userID field may be empty</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code>Anonymous_NoUserID on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
+ </a></th><td><code>Anonymous_NoUserID off</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
+ </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>mod_auth_anon</td></tr></table>
+ <p>When set <code>on</code>, users can leave the userID (and
+ perhaps the password field) empty. This can be very convenient for
+ MS-Explorer users who can just hit return or click directly on the
+ OK button; which seems a natural reaction.</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous_VerifyEmail" id="Anonymous_VerifyEmail">Anonymous_VerifyEmail</a> <a name="anonymous_verifyemail" id="anonymous_verifyemail">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+ </a></th><td>Sets whether to check the password field for a correctly
+formatted email address</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code>Anonymous_VerifyEmail on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
+ </a></th><td><code>Anonymous_VerifyEmail off</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
+ </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>mod_auth_anon</td></tr></table>
+ <p>When set <code>on</code> the 'password' entered is checked for
+ at least one '@' and a '.' to encourage users to enter valid email
+ addresses (see the above <code class="directive"><a href="#auth_logemail">Auth_LogEmail</a></code>).</p>
+</div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ --><title>mod_auth_dbm - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs-project/">Documentation</a> > <a href="../">Version 2.0</a> > <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Obsolete Apache Module mod_auth_dbm</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description:
+ </a></th><td>Provides for user authentication using DBM
+ files</td></tr><tr><th><a href="module-dict.html#Status">Status:
+ </a></th><td>Obsolete<em> (obsolete since 2.0.44)</em><br /></td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:
+ </a></th><td>auth_dbm_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File:
+ </a></th><td>mod_auth_dbm.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
+ </a></th><td>Available only in versions up to 2.0.43</td></tr></table><h3>Summary</h3>
+ <div class="warning"><h3>This module is obsolete!</h3>
+ <p>Note, that this module has been marked as obsolete. A bunch
+ of modules was introduced in Apache version 2.0.44 that
+ support the new Authentication/Authorization provider mechnism.</p>
+
+ <p>In order to get the ability of HTTP Basic Authentication, you have
+ to use the <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code> module that implements
+ the HTTP part. <code class="module"><a href="../mod/mod_authn_dbm.html">mod_authn_dbm</a></code> provides for user
+ authentication based on DBM-files. DBM-File based group
+ authorization is now done by the <code class="module"><a href="../mod/mod_authz_dbm.html">mod_authz_dbm</a></code>
+ module.</p>
+
+ <p>This document is kept only for historical reasons and no
+ longer maintained.</p>
+ </div>
+
+ <p>This module provides for HTTP Basic Authentication, where
+ the usernames and passwords are stored in DBM type database
+ files. It is an alternative to the plain text password files
+ provided by <code class="module"><a href="../mod/obs_mod_auth.html">mod_auth</a></code>.</p>
+</div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authdbmauthoritative">AuthDBMAuthoritative</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#authdbmgroupfile">AuthDBMGroupFile</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#authdbmtype">AuthDBMType</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#authdbmuserfile">AuthDBMUserFile</a></li>
+</ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDBMAuthoritative" id="AuthDBMAuthoritative">AuthDBMAuthoritative</a> <a name="authdbmauthoritative" id="authdbmauthoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+ </a></th><td>Sets whether authentication and authorization will be
+passwed on to lower level modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code>AuthDBMAuthoritative on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
+ </a></th><td><code>AuthDBMAuthoritative on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
+ </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>mod_auth_dbm</td></tr></table>
+
+<div class="note">This information has not been updated to take into account the
+new module ordering techniques in Apache 2.0</div>
+
+ <p>Setting the <code class="directive">AuthDBMAuthoritative</code>
+ directive explicitly to <strong>'off'</strong> allows for both
+ authentication and authorization to be passed on to lower level
+ modules (as defined in the <code>Configuration</code> and
+ <code>modules.c</code> file if there is <strong>no userID</strong>
+ or <strong>rule</strong> matching the supplied userID. If there is
+ a userID and/or rule specified; the usual password and access
+ checks will be applied and a failure will give an Authorization
+ Required reply.</p>
+
+ <p>So if a userID appears in the database of more than one module;
+ or if a valid <code class="directive"><a href="../mod/core.html#require">Require</a></code>
+ directive applies to more than one module; then the first module
+ will verify the credentials; and no access is passed on;
+ regardless of the <code class="directive">AuthAuthoritative</code> setting.</p>
+
+ <p>A common use for this is in conjunction with one of the
+ basic auth modules; such as <code class="module"><a href="../mod/obs_mod_auth.html">mod_auth</a></code>. Whereas this
+ DBM module supplies the bulk of the user credential checking; a
+ few (administrator) related accesses fall through to a lower
+ level with a well protected .htpasswd file.</p>
+
+ <p>By default, control is not passed on and an unknown userID
+ or rule will result in an Authorization Required reply. Not
+ setting it thus keeps the system secure and forces an NCSA
+ compliant behaviour.</p>
+
+ <p>Security: Do consider the implications of allowing a user to
+ allow fall-through in his .htaccess file; and verify that this
+ is really what you want; Generally it is easier to just secure
+ a single .htpasswd file, than it is to secure a database which
+ might have more access interfaces.</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDBMGroupFile" id="AuthDBMGroupFile">AuthDBMGroupFile</a> <a name="authdbmgroupfile" id="authdbmgroupfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+ </a></th><td>Sets the name of the database file containing the list
+of user groups for authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code>AuthDBMGroupFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
+ </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>mod_auth_dbm</td></tr></table>
+ <p>The <code class="directive">AuthDBMGroupFile</code> directive sets the
+ name of a DBM file containing the list of user groups for user
+ authentication. <var>File-path</var> is the absolute path to the
+ group file.</p>
+
+ <p>The group file is keyed on the username. The value for a
+ user is a comma-separated list of the groups to which the users
+ belongs. There must be no whitespace within the value, and it
+ must never contain any colons.</p>
+
+ <p>Security: make sure that the
+ <code class="directive">AuthDBMGroupFile</code> is stored outside the
+ document tree of the web-server; do <em>not</em> put it in the
+ directory that it protects. Otherwise, clients will be able to
+ download the <code class="directive">AuthDBMGroupFile</code> unless
+ otherwise protected.</p>
+
+ <p>Combining Group and Password DBM files: In some cases it is
+ easier to manage a single database which contains both the
+ password and group details for each user. This simplifies any
+ support programs that need to be written: they now only have to
+ deal with writing to and locking a single DBM file. This can be
+ accomplished by first setting the group and password files to
+ point to the same DBM:</p>
+
+ <div class="example"><p><code>
+ AuthDBMGroupFile /www/userbase<br />
+ AuthDBMUserFile /www/userbase
+ </code></p></div>
+
+ <p>The key for the single DBM is the username. The value consists
+ of</p>
+
+ <div class="example"><p><code>
+ <var>Unix Crypt-ed Password</var>:<var>List of Groups</var>[:(ignored)]
+ </code></p></div>
+
+ <p>The password section contains the Unix <code>crypt()</code>
+ password as before. This is followed by a colon and the comma
+ separated list of groups. Other data may optionally be left in the
+ DBM file after another colon; it is ignored by the authentication
+ module. This is what www.telescope.org uses for its combined
+ password and group database.</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDBMType" id="AuthDBMType">AuthDBMType</a> <a name="authdbmtype" id="authdbmtype">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+ </a></th><td>Sets the type of database file that is used to
+store passwords</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code>AuthDBMType default|SDBM|GDBM|NDBM|DB</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
+ </a></th><td><code>AuthDBMType default</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
+ </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>mod_auth_dbm</td></tr><tr><th><a href="directive-dict.html#Compatibility">Compatibility:
+ </a></th><td>Available in version 2.0.30 and later.</td></tr></table>
+
+<p>Sets the type of database file that is used to store the passwords.
+The default database type is determined at compile time. The
+availability of other types of database files also depends on
+<a href="../install.html#dbm">compile-time settings</a>.</p>
+
+<p>It is crucial that whatever program you use to create your password
+files is configured to use the same type of database.</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDBMUserFile" id="AuthDBMUserFile">AuthDBMUserFile</a> <a name="authdbmuserfile" id="authdbmuserfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+ </a></th><td>Sets thename of a database file containing the list of users and
+passwords for authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code>AuthDBMUserFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
+ </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>mod_auth_dbm</td></tr></table>
+ <p>The <code class="directive">AuthDBMUserFile</code> directive sets the
+ name of a DBM file containing the list of users and passwords for
+ user authentication. <var>File-path</var> is the absolute path to
+ the user file.</p>
+
+ <p>The user file is keyed on the username. The value for a user is
+ the <code>crypt()</code> encrypted password, optionally followed
+ by a colon and arbitrary data. The colon and the data following it
+ will be ignored by the server.</p>
+
+ <p>Security: make sure that the
+ <code class="directive">AuthDBMUserFile</code> is stored outside the
+ document tree of the web-server; do <em>not</em> put it in the
+ directory that it protects. Otherwise, clients will be able to
+ download the <code class="directive">AuthDBMUserFile</code>.</p>
+
+ <p>Important compatibility note: The implementation of
+ "dbmopen" in the apache modules reads the string length of the
+ hashed values from the DBM data structures, rather than relying
+ upon the string being NULL-appended. Some applications, such as
+ the Netscape web server, rely upon the string being
+ NULL-appended, so if you are having trouble using DBM files
+ interchangeably between applications this may be a part of the
+ problem.</p>
+
+ <p>A perl script called
+ <a href="../programs/dbmmanage.html">dbmmanage</a> is included with
+ Apache. This program can be used to create and update DBM
+ format password files for use with this module.</p>
+</div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ --><title>mod_auth_digest - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs-project/">Documentation</a> > <a href="../">Version 2.0</a> > <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Obsolete Apache Module mod_auth_digest</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description:
+ </a></th><td>User authentication using MD5
+ Digest Authentication.</td></tr><tr><th><a href="module-dict.html#Status">Status:
+ </a></th><td>Obsolete<em> (obsolete since 2.0.44)</em><br /></td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:
+ </a></th><td>auth_digest_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File:
+ </a></th><td>mod_auth_digest.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
+ </a></th><td>Available only in versions up to 2.0.43. The new module
+that unfortunately is also named <code class="module"><a href="../mod/mod_auth_digest.html">mod_auth_digest</a></code>
+includes support for the auth provider mechanism introduced
+in 2.0.44.</td></tr></table><h3>Summary</h3>
+ <div class="warning"><h3>This module is obsolete!</h3>
+ <p>Note, that this module has been marked as obsolete. A bunch
+ of modules was introduced in Apache version 2.0.44 that
+ support the new Authentication/Authorization provider mechnism.</p>
+
+ <p>In order to get the ability of HTTP Digest Authentication, you have
+ to use the new <code class="module"><a href="../mod/mod_auth_digest.html">mod_auth_digest</a></code> module that implements
+ the HTTP part. The user and group data management is provided by the
+ <code>mod_authn_*</code> and <code>mod_authz_*</code> modules. If you
+ want to use your existing user files, have a look at <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code>.</p>
+
+ <p>This document is kept only for historical reasons and no
+ longer maintained.</p>
+ </div>
+
+ <p>This module implements HTTP Digest Authentication. However, it
+ has not been extensively tested and is therefore marked
+ experimental.</p>
+</div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authdigestalgorithm">AuthDigestAlgorithm</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#authdigestdomain">AuthDigestDomain</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#authdigestfile">AuthDigestFile</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#authdigestgroupfile">AuthDigestGroupFile</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#authdigestnccheck">AuthDigestNcCheck</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#authdigestnonceformat">AuthDigestNonceFormat</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#authdigestnoncelifetime">AuthDigestNonceLifetime</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#authdigestqop">AuthDigestQop</a></li>
+</ul><h3>Topics</h3><ul id="topics"><li><img alt="" src="../images/down.gif" /> <a href="#using">Using Digest Authentication</a></li></ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="using" id="using">Using Digest Authentication</a></h2>
+
+ <p>Using MD5 Digest authentication is very simple. Simply set
+ up authentication normally, using "AuthType Digest" and
+ "AuthDigestFile" instead of the normal "AuthType Basic" and
+ "AuthUserFile"; also, replace any "AuthGroupFile" with
+ "AuthDigestGroupFile". Then add a "AuthDigestDomain" directive
+ containing at least the root URI(s) for this protection space.
+ Example:</p>
+
+ <div class="example"><p><code>
+ <Location /private/><br />
+ <span class="indent">
+ AuthType Digest<br />
+ AuthName "private area"<br />
+ AuthDigestDomain /private/ http://mirror.my.dom/private2/<br />
+ AuthDigestFile /web/auth/.digest_pw<br />
+ Require valid-user<br />
+ </span>
+ </Location>
+ </code></p></div>
+
+ <div class="note"><h3>Note</h3>
+ <p>Digest authentication provides a more secure password system
+ than Basic authentication, but only works with supporting
+ browsers. As of July 2002, the major browsers that support digest
+ authentication are <a href="http://www.opera.com/">Opera</a>, <a href="http://www.microsoft.com/windows/ie/">MS Internet
+ Explorer</a> (fails when used with a query string), <a href="http://www.w3.org/Amaya/">Amaya</a> and <a href="http://www.mozilla.org">Mozilla</a>. Since digest
+ authentication is not as widely implemented as basic
+ authentication, you should use it only in controlled settings.</p>
+ </div>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestAlgorithm" id="AuthDigestAlgorithm">AuthDigestAlgorithm</a> <a name="authdigestalgorithm" id="authdigestalgorithm">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+ </a></th><td>Selects the algorithm used to calculate the challenge and
+response hases in digest authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code>AuthDigestAlgorithm MD5|MD5-sess</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
+ </a></th><td><code>AuthDigestAlgorithm MD5</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
+ </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>mod_auth_digest</td></tr></table>
+ <p>The <code class="directive">AuthDigestAlgorithm</code> directive
+ selects the algorithm used to calculate the challenge and response
+ hashes.</p>
+
+ <div class="note">
+ <code>MD5-sess</code> is not correctly implemented yet.
+ </div>
+
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestDomain" id="AuthDigestDomain">AuthDigestDomain</a> <a name="authdigestdomain" id="authdigestdomain">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+ </a></th><td>URIs that are in the same protection space for digest
+authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code>AuthDigestDomain <var>URI</var> [<var>URI</var>] ...</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
+ </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>mod_auth_digest</td></tr></table>
+ <p>The <code class="directive">AuthDigestDomain</code> directive allows
+ you to specify one or more URIs which are in the same protection
+ space (i.e. use the same realm and username/password info). The
+ specified URIs are prefixes, i.e. the client will assume that all
+ URIs "below" these are also protected by the same
+ username/password. The URIs may be either absolute URIs
+ (i.e. inluding a scheme, host, port, etc) or relative URIs.</p>
+
+ <p>This directive <em>should</em> always be specified and
+ contain at least the (set of) root URI(s) for this space.
+ Omitting to do so will cause the client to send the
+ Authorization header for <em>every request</em> sent to this
+ server. Apart from increasing the size of the request, it may
+ also have a detrimental effect on performance if
+ "AuthDigestNcCheck" is on.</p>
+
+ <p>The URIs specified can also point to different servers, in
+ which case clients (which understand this) will then share
+ username/password info across multiple servers without
+ prompting the user each time. </p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestFile" id="AuthDigestFile">AuthDigestFile</a> <a name="authdigestfile" id="authdigestfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+ </a></th><td>Location of the text file containing the list
+of users and encoded passwords for digest authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code>AuthDigestFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
+ </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>mod_auth_digest</td></tr></table>
+ <p>The <code class="directive">AuthDigestFile</code> directive sets the
+ name of a textual file containing the list of users and encoded
+ passwords for digest authentication. <var>File-path</var> is the
+ absolute path to the user file.</p>
+
+ <p>The digest file uses a special format. Files in this format
+ can be created using the <a href="../programs/htdigest.html">htdigest</a> utility found in
+ the support/ subdirectory of the Apache distribution.</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestGroupFile" id="AuthDigestGroupFile">AuthDigestGroupFile</a> <a name="authdigestgroupfile" id="authdigestgroupfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+ </a></th><td>Name of the text file containing the list of groups
+for digest authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code>AuthDigestGroupFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
+ </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>mod_auth_digest</td></tr></table>
+ <p>The <code class="directive">AuthDigestGroupFile</code> directive sets
+ the name of a textual file containing the list of groups and their
+ members (user names). <var>File-path</var> is the absolute path to
+ the group file.</p>
+
+ <p>Each line of the group file contains a groupname followed by
+ a colon, followed by the member usernames separated by spaces.
+ Example:</p>
+
+ <div class="example"><p><code>mygroup: bob joe anne</code></p></div>
+
+ <p>Note that searching large text files is <em>very</em>
+ inefficient.</p>
+
+ <p>Security: make sure that the AuthGroupFile is stored outside
+ the document tree of the web-server; do <em>not</em> put it in
+ the directory that it protects. Otherwise, clients will be able
+ to download the AuthGroupFile.</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestNcCheck" id="AuthDigestNcCheck">AuthDigestNcCheck</a> <a name="authdigestnccheck" id="authdigestnccheck">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+ </a></th><td>Enables or disables checking of the nonce-count sent by the
+server</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code>AuthDigestNcCheck On|Off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
+ </a></th><td><code>AuthDigestNcCheck Off</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>server config</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>mod_auth_digest</td></tr></table>
+ <div class="note">
+ Not implemented yet.
+ </div>
+
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestNonceFormat" id="AuthDigestNonceFormat">AuthDigestNonceFormat</a> <a name="authdigestnonceformat" id="authdigestnonceformat">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+ </a></th><td>Determines how the nonce is generated</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code>AuthDigestNonceFormat <var>format</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
+ </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>mod_auth_digest</td></tr></table>
+ <p><strong>Not implemented yet.</strong>
+ </p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestNonceLifetime" id="AuthDigestNonceLifetime">AuthDigestNonceLifetime</a> <a name="authdigestnoncelifetime" id="authdigestnoncelifetime">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+ </a></th><td>How long the server nonce is valid</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code>AuthDigestNonceLifetime <var>seconds</var></code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
+ </a></th><td><code>AuthDigestNonceLifetime 300</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
+ </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>mod_auth_digest</td></tr></table>
+ <p>The <code class="directive">AuthDigestNonceLifetime</code> directive
+ controls how long the server nonce is valid. When the client
+ contacts the server using an expired nonce the server will send
+ back a 401 with <code>stale=true</code>. If <var>seconds</var> is
+ greater than 0 then it specifies the amount of time for which the
+ nonce is valid; this should probably never be set to less than 10
+ seconds. If <var>seconds</var> is less than 0 then the nonce never
+ expires.
+ </p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestQop" id="AuthDigestQop">AuthDigestQop</a> <a name="authdigestqop" id="authdigestqop">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
+ </a></th><td>Determines the quality-of-protection to use in digest
+authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
+ </a></th><td><code>AuthDigestQop none|auth|auth-int [auth|auth-int]</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
+ </a></th><td><code>AuthDigestQop auth</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
+ </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
+ </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
+ </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
+ </a></th><td>mod_auth_digest</td></tr></table>
+ <p>The <code class="directive">AuthDigestQop</code> directive determines
+ the quality-of-protection to use. <code>auth</code> will only do
+ authentication (username/password); <code>auth-int</code> is
+ authentication plus integrity checking (an MD5 hash of the entity
+ is also computed and checked); <code>none</code> will cause the module
+ to use the old RFC-2069 digest algorithm (which does not include
+ integrity checking). Both <code>auth</code> and <code>auth-int</code> may
+ be specified, in which the case the browser will choose which of
+ these to use. <code>none</code> should only be used if the browser for
+ some reason does not like the challenge it receives otherwise.</p>
+
+ <div class="note">
+ <code>auth-int</code> is not implemented yet.
+ </div>
+</div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
\ No newline at end of file
<li><a href="mod/mod_userdir.html">Apache Module mod_userdir</a></li>
<li><a href="mod/mod_usertrack.html">Apache Module mod_usertrack</a></li>
<li><a href="mod/mod_vhost_alias.html">Apache Module mod_vhost_alias</a></li>
+</ul><ul><li><a href="mod/obs_mod_access.html">Obsolete Apache Module mod_access</a></li>
+<li><a href="mod/obs_mod_auth.html">Obsolete Apache Module mod_auth</a></li>
+<li><a href="mod/obs_mod_auth_anon.html">Obsolete Apache Module mod_auth_anon</a></li>
+<li><a href="mod/obs_mod_auth_dbm.html">Obsolete Apache Module mod_auth_dbm</a></li>
+<li><a href="mod/obs_mod_auth_digest.html">Obsolete Apache Module mod_auth_digest</a></li>
</ul></div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div><div class="section"><h2><a name="developer" id="developer">Developer Documentation</a></h2><ul><li class="separate"><a href="developer/">Overview</a></li>
<li><a href="developer/API.html">Apache API notes</a></li>
<li><a href="developer/debugging.html">Debugging Memory Allocation in APR</a></li>
projects / apache / commitdiff