Date: Sat, 14 Sep 2002 00:09:22 +0000 (+0000) Subject: Add documentation (rough, but something) for new aaa modules. X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9ad6a9cc92e1f240a280e03aae921b8dc6edd0f2;p=apache Add documentation (rough, but something) for new aaa modules. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96799 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/mod_auth_basic.html.en b/docs/manual/mod/mod_auth_basic.html.en new file mode 100644 index 0000000000..dd794fa69f --- /dev/null +++ b/docs/manual/mod/mod_auth_basic.html.en @@ -0,0 +1,62 @@ + + +mod_auth_basic - Apache HTTP Server

Apache > HTTP Server > Documentation > Version 2.0 > Modules

Apache Module mod_auth_basic

Description: +	Basic authentication
Status: +	Base
Module Identifier: +	auth_basic_module
Source File: +	mod_auth_basic.c
Compatibility: +	Available in Apache 2.0.42 and later

Summary

+ +

This module allows the use of HTTP Basic Authentication to + restrict access by looking up users in the given providers. + HTTP Digest Authentication is provided by + mod_auth_digest.

+ +

AuthBasicAuthoritative Directive

Description: +	Sets whether authorization and authentication are +passed to lower level modules
Syntax: +	AuthBasicAuthoritative on\|off
Default: +	`AuthBasicAuthoritative on`
Context: +	directory, .htaccess
Override: +	AuthConfig
Status: +	Base
Module: +	mod_auth_basic

Setting the AuthBasicAuthoritative directive + explicitly to 'off' allows for both + authentication and authorization to be passed on to lower level + modules (as defined in the Configuration and + modules.c files) if there is no + userID or rule matching the supplied + userID. If there is a userID and/or rule specified; the usual + password and access checks will be applied and a failure will give + an Authorization Required reply.

+ +

So if a userID appears in the database of more than one module; + or if a valid Require + directive applies to more than one module; then the first module + will verify the credentials; and no access is passed on; + regardless of the AuthAuthoritative setting.

+ +

By default; control is not passed on; and an unknown userID or + rule will result in an Authorization Required reply. Not setting + it thus keeps the system secure; and forces an NCSA compliant + behaviour.

+ +

AuthBasicProvider Directive

Description: +	Sets the authentication provider(s) for this location
Syntax: +	AuthBasicProvider provider-name
Context: +	directory, location, .htaccess
Override: +	AuthConfig
Status: +	Base
Module: +	mod_auth_basic

The AuthBasicProvider directive sets + which provider is used to authenticate the users for this location.

+ +

See mod_authn_dbm, mod_authn_file + for providers.

+ +

\ No newline at end of file diff --git a/docs/manual/mod/mod_auth_basic.xml b/docs/manual/mod/mod_auth_basic.xml new file mode 100644 index 0000000000..03a6735a32 --- /dev/null +++ b/docs/manual/mod/mod_auth_basic.xml @@ -0,0 +1,82 @@ + + + + + +mod_auth_basic +Basic authentication +Base +mod_auth_basic.c +auth_basic_module +Available in Apache 2.0.42 and later + +

+ +

This module allows the use of HTTP Basic Authentication to + restrict access by looking up users in the given providers. + HTTP Digest Authentication is provided by + mod_auth_digest.

+ +

+AuthName +AuthType + + +AuthBasicProvider +Sets the authentication provider(s) for this location +AuthBasicProvider provider-name + + directory + location + .htaccess + +AuthConfig + + +

The AuthBasicProvider directive sets + which provider is used to authenticate the users for this location.

+ +

See mod_authn_dbm, mod_authn_file + for providers.

+ + + + + +AuthBasicAuthoritative +Sets whether authorization and authentication are +passed to lower level modules +AuthBasicAuthoritative on|off +AuthBasicAuthoritative on + + directory + .htaccess + +AuthConfig + + +

Setting the AuthBasicAuthoritative directive + explicitly to 'off' allows for both + authentication and authorization to be passed on to lower level + modules (as defined in the Configuration and + modules.c files) if there is no + userID or rule matching the supplied + userID. If there is a userID and/or rule specified; the usual + password and access checks will be applied and a failure will give + an Authorization Required reply.

+ +

So if a userID appears in the database of more than one module; + or if a valid Require + directive applies to more than one module; then the first module + will verify the credentials; and no access is passed on; + regardless of the AuthAuthoritative setting.

+ +

+ + + + + diff --git a/docs/manual/mod/mod_authn_dbm.html.en b/docs/manual/mod/mod_authn_dbm.html.en new file mode 100644 index 0000000000..b547d825e1 --- /dev/null +++ b/docs/manual/mod/mod_authn_dbm.html.en @@ -0,0 +1,124 @@ + + +mod_authn_dbm - Apache HTTP Server

Apache > HTTP Server > Documentation > Version 2.0 > Modules

Apache Module mod_authn_dbm

Description: +	User authentication using DBM files
Status: +	Extension
Module Identifier: +	authn_dbm_module
Source File: +	mod_authn_dbm.c
Compatibility: +	Available in Apache 2.0.42 and later

Summary

This module provides authentication front-ends such as + mod_auth_digest and mod_auth_basic + to authenticate users by looking up users in plain text password files. + Similar functionality is provided by mod_authn_file.

+ +

When using mod_auth_basic or + mod_auth_digest, this module is invoked via the + AuthBasicProvider or + AuthDigestProvider + with the 'dbm' value.

Directives

AuthDBMAuthoritative
AuthDBMType
AuthDBMUserFile

AuthDBMAuthoritative Directive

Description: +	Sets whether authentication and authorization will be +passwed on to lower level modules
Syntax: +	AuthDBMAuthoritative on\|off
Default: +	`AuthDBMAuthoritative on`
Context: +	directory, .htaccess
Override: +	AuthConfig
Status: +	Extension
Module: +	mod_authn_dbm

+ +

Setting the AuthDBMAuthoritative + directive explicitly to 'off' allows for both + authentication and authorization to be passed on to lower level + modules (as defined in the Configuration and + modules.c file if there is no userID + or rule matching the supplied userID. If there is + a userID and/or rule specified; the usual password and access + checks will be applied and a failure will give an Authorization + Required reply.

+ +

A common use for this is in conjunction with one of the + auth providers; such as mod_authn_file. Whereas this + DBM module supplies the bulk of the user credential checking; a + few (administrator) related accesses fall through to a lower + level with a well protected .htpasswd file.

+ +

By default, control is not passed on and an unknown userID + or rule will result in an Authorization Required reply. Not + setting it thus keeps the system secure and forces an NCSA + compliant behaviour.

+ +

Security: Do consider the implications of allowing a user to + allow fall-through in his .htaccess file; and verify that this + is really what you want; Generally it is easier to just secure + a single .htpasswd file, than it is to secure a database which + might have more access interfaces.

AuthDBMType Directive

Description: +	Sets the type of database file that is used to +store passwords
Syntax: +	AuthDBMType default\|SDBM\|GDBM\|NDBM\|DB
Default: +	`AuthDBMType default`
Context: +	directory, .htaccess
Override: +	AuthConfig
Status: +	Extension
Module: +	mod_authn_dbm
Compatibility: +	Available in version 2.0.30 and later.

+ +

Sets the type of database file that is used to store the passwords. +The default database type is determined at compile time. The +availability of other types of database files also depends on +compile-time settings.

+ +

It is crucial that whatever program you use to create your password +files is configured to use the same type of database.

AuthDBMUserFile Directive

Description: +	Sets the name of a database file containing the list of users and +passwords for authentication
Syntax: +	AuthDBMUserFile file-path
Context: +	directory, .htaccess
Override: +	AuthConfig
Status: +	Extension
Module: +	mod_authn_dbm

The AuthDBMUserFile directive sets the + name of a DBM file containing the list of users and passwords for + user authentication. File-path is the absolute path to + the user file.

+ +

The user file is keyed on the username. The value for a user is + the crypt() encrypted password, optionally followed + by a colon and arbitrary data. The colon and the data following it + will be ignored by the server.

+ +

Security: make sure that the + AuthDBMUserFile is stored outside the + document tree of the web-server; do not put it in the + directory that it protects. Otherwise, clients will be able to + download the AuthDBMUserFile.

+ +

Important compatibility note: The implementation of + "dbmopen" in the apache modules reads the string length of the + hashed values from the DBM data structures, rather than relying + upon the string being NULL-appended. Some applications, such as + the Netscape web server, rely upon the string being + NULL-appended, so if you are having trouble using DBM files + interchangeably between applications this may be a part of the + problem.

+ +

A perl script called + dbmmanage is included with + Apache. This program can be used to create and update DBM + format password files for use with this module.

\ No newline at end of file diff --git a/docs/manual/mod/mod_authn_dbm.xml b/docs/manual/mod/mod_authn_dbm.xml new file mode 100644 index 0000000000..57b4479d27 --- /dev/null +++ b/docs/manual/mod/mod_authn_dbm.xml @@ -0,0 +1,151 @@ + + + + + +mod_authn_dbm +User authentication using DBM files +Extension +mod_authn_dbm.c +authn_dbm_module +Available in Apache 2.0.42 and later + +

This module provides authentication front-ends such as + mod_auth_digest and mod_auth_basic + to authenticate users by looking up users in plain text password files. + Similar functionality is provided by mod_authn_file.

+ +

When using mod_auth_basic or + mod_auth_digest, this module is invoked via the + AuthBasicProvider or + AuthDigestProvider + with the 'dbm' value.

+ +AuthName +AuthType + + AuthBasicProvider + + + AuthDigestProvider + + + +AuthDBMUserFile +Sets the name of a database file containing the list of users and +passwords for authentication +AuthDBMUserFile file-path + + directory + .htaccess + +AuthConfig + + +

The AuthDBMUserFile directive sets the + name of a DBM file containing the list of users and passwords for + user authentication. File-path is the absolute path to + the user file.

+ +

Security: make sure that the + AuthDBMUserFile is stored outside the + document tree of the web-server; do not put it in the + directory that it protects. Otherwise, clients will be able to + download the AuthDBMUserFile.

+ +

A perl script called + dbmmanage is included with + Apache. This program can be used to create and update DBM + format password files for use with this module.

+ + + + +AuthDBMType +Sets the type of database file that is used to +store passwords +AuthDBMType default|SDBM|GDBM|NDBM|DB +AuthDBMType default + + directory + .htaccess + +AuthConfig +Available in version 2.0.30 and later. + + + +

+ +

It is crucial that whatever program you use to create your password +files is configured to use the same type of database.

+ + + + +AuthDBMAuthoritative +Sets whether authentication and authorization will be +passwed on to lower level modules +AuthDBMAuthoritative on|off +AuthDBMAuthoritative on +directory.htaccess + +AuthConfig + + + +

Setting the AuthDBMAuthoritative + directive explicitly to 'off' allows for both + authentication and authorization to be passed on to lower level + modules (as defined in the Configuration and + modules.c file if there is no userID + or rule matching the supplied userID. If there is + a userID and/or rule specified; the usual password and access + checks will be applied and a failure will give an Authorization + Required reply.

+ +

A common use for this is in conjunction with one of the + auth providers; such as mod_authn_file. Whereas this + DBM module supplies the bulk of the user credential checking; a + few (administrator) related accesses fall through to a lower + level with a well protected .htpasswd file.

+ +

+ + + + diff --git a/docs/manual/mod/mod_authn_file.html.en b/docs/manual/mod/mod_authn_file.html.en new file mode 100644 index 0000000000..7def1468b7 --- /dev/null +++ b/docs/manual/mod/mod_authn_file.html.en @@ -0,0 +1,114 @@ + + +mod_authn_file - Apache HTTP Server

Apache > HTTP Server > Documentation > Version 2.0 > Modules

Apache Module mod_authn_file

Description: +	User authentication using text files
Status: +	Base
Module Identifier: +	authn_file_module
Source File: +	mod_authn_file.c
Compatibility: +	Available in Apache 2.0.42 and later

Summary

+ +

When using mod_auth_basic or + mod_auth_digest, this module is invoked via the + AuthBasicProvider or + AuthDigestProvider + with the 'file' value.

+ +

Directives

AuthUserFile
AuthUserFileAuthoritative

AuthUserFile Directive

Description: +	Sets the name of a text file containing the list of users and +passwords for authentication
Syntax: +	AuthUserFile file-path
Context: +	directory, .htaccess
Override: +	AuthConfig
Status: +	Base
Module: +	mod_authn_file

The AuthUserFile directive sets the name + of a textual file containing the list of users and passwords for + user authentication. File-path is the path to the user + file. If it is not absolute (i.e., if it doesn't begin + with a slash), it is treated as relative to the ServerRoot.

+ +

Each line of the user file contains a username followed by + a colon, followed by the crypt() encrypted + password. The behavior of multiple occurrences of the same user is + undefined.

+ +

The utility htpasswd + which is installed as part of the binary distribution, or which + can be found in src/support, is used to maintain + this password file. See the man page for more + details. In short:

+ +

Create a password file 'Filename' with 'username' as the + initial ID. It will prompt for the password:

htpasswd -c Filename username

+ +

Add or modify 'username2' in the password file 'Filename':

htpasswd Filename username2

+ +

Note that searching large text files is very + inefficient; AuthDBMUserFile should be used + instead.

+ +

Security

Make sure that the AuthUserFile is + stored outside the document tree of the web-server; do not + put it in the directory that it protects. Otherwise, clients will + be able to download the AuthUserFile.

AuthUserFileAuthoritative Directive

Description: +	Sets whether authorization and authentication are +passed to lower level modules
Syntax: +	AuthUserFileAuthoritative on\|off
Default: +	`AuthUserFileAuthoritative on`
Context: +	directory, .htaccess
Override: +	AuthConfig
Status: +	Base
Module: +	mod_authn_file

This information has not been updated for Apache 2.0, which + uses a different system for module ordering.

+ +

Setting the AuthAuthoritative directive + explicitly to 'off' allows for both + authentication and authorization to be passed on to lower level + modules (as defined in the Configuration and + modules.c files) if there is no + userID or rule matching the supplied + userID. If there is a userID and/or rule specified; the usual + password and access checks will be applied and a failure will give + an Authorization Required reply.

+ +

Security

Do consider the implications of + allowing a user to allow fall-through in his .htaccess file; and + verify that this is really what you want; Generally it is easier + to just secure a single .htpasswd file, than it is to secure a + database such as mSQL. Make sure that the AuthUserFile and the AuthGroupFile are stored outside + the document tree of the web-server; do not put them in the + directory that they protect. Otherwise, clients will be able to + download the AuthUserFile + and the AuthGroupFile. +

\ No newline at end of file diff --git a/docs/manual/mod/mod_authn_file.xml b/docs/manual/mod/mod_authn_file.xml new file mode 100644 index 0000000000..fe4ed95396 --- /dev/null +++ b/docs/manual/mod/mod_authn_file.xml @@ -0,0 +1,139 @@ + + + + + +mod_authn_file +User authentication using text files +Base +mod_authn_file.c +authn_file_module +Available in Apache 2.0.42 and later + +

+ +

When using mod_auth_basic or + mod_auth_digest, this module is invoked via the + AuthBasicProvider or + AuthDigestProvider + with the 'file' value.

+ +

+AuthName +AuthType + + AuthBasicProvider + + + AuthDigestProvider + + + +AuthUserFile +Sets the name of a text file containing the list of users and +passwords for authentication +AuthUserFile file-path + + directory + .htaccess + +AuthConfig + + +

The AuthUserFile directive sets the name + of a textual file containing the list of users and passwords for + user authentication. File-path is the path to the user + file. If it is not absolute (i.e., if it doesn't begin + with a slash), it is treated as relative to the ServerRoot.

+ +

Each line of the user file contains a username followed by + a colon, followed by the crypt() encrypted + password. The behavior of multiple occurrences of the same user is + undefined.

+ +

Create a password file 'Filename' with 'username' as the + initial ID. It will prompt for the password:

+ htpasswd -c Filename username + +

Add or modify 'username2' in the password file 'Filename':

+ htpasswd Filename username2 + +

Note that searching large text files is very + inefficient; AuthDBMUserFile should be used + instead.

+ + Security +

Make sure that the AuthUserFile is + stored outside the document tree of the web-server; do not + put it in the directory that it protects. Otherwise, clients will + be able to download the AuthUserFile.

+ + + + + +AuthUserFileAuthoritative +Sets whether authorization and authentication are +passed to lower level modules +AuthUserFileAuthoritative on|off +AuthUserFileAuthoritative on + + directory + .htaccess + +AuthConfig + + + This information has not been updated for Apache 2.0, which + uses a different system for module ordering. + +

Setting the AuthAuthoritative directive + explicitly to 'off' allows for both + authentication and authorization to be passed on to lower level + modules (as defined in the Configuration and + modules.c files) if there is no + userID or rule matching the supplied + userID. If there is a userID and/or rule specified; the usual + password and access checks will be applied and a failure will give + an Authorization Required reply.

+ +

+ + Security Do consider the implications of + allowing a user to allow fall-through in his .htaccess file; and + verify that this is really what you want; Generally it is easier + to just secure a single .htpasswd file, than it is to secure a + database such as mSQL. Make sure that the AuthUserFile and the AuthGroupFile are stored outside + the document tree of the web-server; do not put them in the + directory that they protect. Otherwise, clients will be able to + download the AuthUserFile + and the AuthGroupFile. + + + + + diff --git a/docs/manual/mod/mod_authz_dbm.html.en b/docs/manual/mod/mod_authz_dbm.html.en new file mode 100644 index 0000000000..4e8e4bea28 --- /dev/null +++ b/docs/manual/mod/mod_authz_dbm.html.en @@ -0,0 +1,126 @@ + + +mod_authz_dbm - Apache HTTP Server

Apache > HTTP Server > Documentation > Version 2.0 > Modules

Apache Module mod_authz_dbm

Description: +	Group authorization using DBM files
Status: +	Extension
Module Identifier: +	authz_dbm_module
Source File: +	mod_authz_dbm.c
Compatibility: +	Available in Apache 2.0.42 and later

Summary

This module provides authorization capabilities so that + authenticated users can be allowed or denied access to portions + of the web site by group membership. Similar functionality is + provided by mod_authz_groupfile.

Directives

AuthDBMGroupFile
AuthzDBMAuthoritative
AuthzDBMType

AuthDBMGroupFile Directive

Description: +	Sets the name of the database file containing the list +of user groups for authentication
Syntax: +	AuthDBMGroupFile file-path
Context: +	directory, .htaccess
Override: +	AuthConfig
Status: +	Extension
Module: +	mod_authz_dbm

The AuthDBMGroupFile directive sets the + name of a DBM file containing the list of user groups for user + authentication. File-path is the absolute path to the + group file.

+ +

The group file is keyed on the username. The value for a + user is a comma-separated list of the groups to which the users + belongs. There must be no whitespace within the value, and it + must never contain any colons.

+ +

Security: make sure that the + AuthDBMGroupFile is stored outside the + document tree of the web-server; do not put it in the + directory that it protects. Otherwise, clients will be able to + download the AuthDBMGroupFile unless + otherwise protected.

+ +

Combining Group and Password DBM files: In some cases it is + easier to manage a single database which contains both the + password and group details for each user. This simplifies any + support programs that need to be written: they now only have to + deal with writing to and locking a single DBM file. This can be + accomplished by first setting the group and password files to + point to the same DBM:

+ +

+AuthDBMGroupFile /www/userbase +AuthDBMUserFile /www/userbase +

+ +

The key for the single DBM is the username. The value consists + of

+ +

Unix Crypt-ed Password : List of Groups [ : (ignored) + ]

+ +

The password section contains the Unix crypt() + password as before. This is followed by a colon and the comma + separated list of groups. Other data may optionally be left in the + DBM file after another colon; it is ignored by the authentication + module. This is what www.telescope.org uses for its combined + password and group database.

AuthzDBMAuthoritative Directive

Description: +	Sets whether authorization will be passed on to lower level modules
Syntax: +	AuthzDBMAuthoritative on\|off
Default: +	`AuthzDBMAuthoritative on`
Context: +	directory, .htaccess
Override: +	AuthConfig
Status: +	Extension
Module: +	mod_authz_dbm

+ +

Setting the AuthzDBMAuthoritative + directive explicitly to 'off' allows for both + authentication and authorization to be passed on to lower level + modules (as defined in the Configuration and + modules.c file if there is no userID + or rule matching the supplied userID. If there is + a userID and/or rule specified; the usual password and access + checks will be applied and a failure will give an Authorization + Required reply.

+ +

AuthzDBMType Directive

Description: +	Sets the type of database file that is used to +store passwords
Syntax: +	AuthzDBMType default\|SDBM\|GDBM\|NDBM\|DB
Default: +	`AuthzDBMType default`
Context: +	directory, .htaccess
Override: +	AuthConfig
Status: +	Extension
Module: +	mod_authz_dbm
Compatibility: +	Available in version 2.0.30 and later.

+ +

It is crucial that whatever program you use to create your password +files is configured to use the same type of database.

\ No newline at end of file diff --git a/docs/manual/mod/mod_authz_dbm.xml b/docs/manual/mod/mod_authz_dbm.xml new file mode 100644 index 0000000000..624f71619d --- /dev/null +++ b/docs/manual/mod/mod_authz_dbm.xml @@ -0,0 +1,151 @@ + + + + + +mod_authz_dbm +Group authorization using DBM files +Extension +mod_authz_dbm.c +authz_dbm_module +Available in Apache 2.0.42 and later + +

+ +Require +Satisfy + + +AuthDBMGroupFile +Sets the name of the database file containing the list +of user groups for authentication +AuthDBMGroupFile file-path +directory.htaccess + +AuthConfig + + +

The AuthDBMGroupFile directive sets the + name of a DBM file containing the list of user groups for user + authentication. File-path is the absolute path to the + group file.

+ +

Security: make sure that the + AuthDBMGroupFile is stored outside the + document tree of the web-server; do not put it in the + directory that it protects. Otherwise, clients will be able to + download the AuthDBMGroupFile unless + otherwise protected.

+ +

+ + +AuthDBMGroupFile /www/userbase
+AuthDBMUserFile /www/userbase + + +

The key for the single DBM is the username. The value consists + of

+ +Unix Crypt-ed Password : List of Groups [ : (ignored) + ] + +

+ + + + +AuthzDBMType +Sets the type of database file that is used to +store passwords +AuthzDBMType default|SDBM|GDBM|NDBM|DB +AuthzDBMType default + + directory + .htaccess + +AuthConfig +Available in version 2.0.30 and later. + + + +

+ +

It is crucial that whatever program you use to create your password +files is configured to use the same type of database.

+ + + + +AuthzDBMAuthoritative +Sets whether authorization will be passed on to lower level modules +AuthzDBMAuthoritative on|off +AuthzDBMAuthoritative on + + directory + .htaccess + +AuthConfig + + + +

Setting the AuthzDBMAuthoritative + directive explicitly to 'off' allows for both + authentication and authorization to be passed on to lower level + modules (as defined in the Configuration and + modules.c file if there is no userID + or rule matching the supplied userID. If there is + a userID and/or rule specified; the usual password and access + checks will be applied and a failure will give an Authorization + Required reply.

+ +

+ + + + diff --git a/docs/manual/mod/mod_authz_groupfile.html.en b/docs/manual/mod/mod_authz_groupfile.html.en new file mode 100644 index 0000000000..f9cbe56867 --- /dev/null +++ b/docs/manual/mod/mod_authz_groupfile.html.en @@ -0,0 +1,81 @@ + + +mod_authz_groupfile - Apache HTTP Server

Apache > HTTP Server > Documentation > Version 2.0 > Modules

Apache Module mod_authz_groupfile

Description: +	Group authorization using plaintext files
Status: +	Extension
Module Identifier: +	authz_groupfile_module
Source File: +	mod_authz_groupfile.c
Compatibility: +	Available in Apache 2.0.42 and later

Summary

Directives

AuthGroupFile
AuthzGroupFileAuthoritative

AuthGroupFile Directive

Description: +	Sets the name of a text file containing the list +of user groups for authentication
Syntax: +	AuthGroupFile file-path
Context: +	directory, .htaccess
Override: +	AuthConfig
Status: +	Extension
Module: +	mod_authz_groupfile

The AuthGroupFile directive sets the + name of a textual file containing the list of user groups for user + authentication. File-path is the path to the group + file. If it is not absolute (i.e., if it doesn't begin + with a slash), it is treated as relative to the ServerRoot.

+ +

Each line of the group file contains a groupname followed by a + colon, followed by the member usernames separated by spaces. + Example:

+ +

mygroup: bob joe anne

+ +

Note that searching large text files is very + inefficient; AuthDBMGroupFile should be used + instead.

+ +

Security

Make sure that the AuthGroupFile is + stored outside the document tree of the web-server; do not + put it in the directory that it protects. Otherwise, clients will + be able to download the AuthGroupFile.

AuthzGroupFileAuthoritative Directive

Description: +	Sets whether authorization will be passed on to lower level modules
Syntax: +	AuthzGroupFileAuthoritative on\|off
Default: +	`AuthzGroupFileAuthoritative on`
Context: +	directory, .htaccess
Override: +	AuthConfig
Status: +	Extension
Module: +	mod_authz_groupfile

+ +

Setting the AuthzGroupFileAuthoritative + directive explicitly to 'off' allows for + authorization to be passed on to lower level modules (as defined in + the Configuration and modules.c file if + there is no userID or rule matching + the supplied userID. If there is a userID and/or rule specified; the + usual password and access checks will be applied and a failure will + give an Authorization Required reply.

+ +

So if a valid Require + directive applies to more than one module; then the first module + will verify the credentials; and no access is passed on; + regardless of the AuthzGroupFileAuthoritative + setting.

+ +

\ No newline at end of file diff --git a/docs/manual/mod/mod_authz_groupfile.xml b/docs/manual/mod/mod_authz_groupfile.xml new file mode 100644 index 0000000000..0753de7257 --- /dev/null +++ b/docs/manual/mod/mod_authz_groupfile.xml @@ -0,0 +1,103 @@ + + + + + +mod_authz_groupfile +Group authorization using plaintext files +Extension +mod_authz_groupfile.c +authz_groupfile_module +Available in Apache 2.0.42 and later + +

+ +Require +Satisfy + + +AuthGroupFile +Sets the name of a text file containing the list +of user groups for authentication +AuthGroupFile file-path + + directory + .htaccess + +AuthConfig + + +

The AuthGroupFile directive sets the + name of a textual file containing the list of user groups for user + authentication. File-path is the path to the group + file. If it is not absolute (i.e., if it doesn't begin + with a slash), it is treated as relative to the ServerRoot.

+ +

Each line of the group file contains a groupname followed by a + colon, followed by the member usernames separated by spaces. + Example:

+ + mygroup: bob joe anne + +

Note that searching large text files is very + inefficient; AuthDBMGroupFile should be used + instead.

+ + Security +

Make sure that the AuthGroupFile is + stored outside the document tree of the web-server; do not + put it in the directory that it protects. Otherwise, clients will + be able to download the AuthGroupFile.

+ + + + + +AuthzGroupFileAuthoritative +Sets whether authorization will be passed on to lower level modules +AuthzGroupFileAuthoritative on|off +AuthzGroupFileAuthoritative on + + directory + .htaccess + +AuthConfig + + + +

Setting the AuthzGroupFileAuthoritative + directive explicitly to 'off' allows for + authorization to be passed on to lower level modules (as defined in + the Configuration and modules.c file if + there is no userID or rule matching + the supplied userID. If there is a userID and/or rule specified; the + usual password and access checks will be applied and a failure will + give an Authorization Required reply.

+ +

So if a valid Require + directive applies to more than one module; then the first module + will verify the credentials; and no access is passed on; + regardless of the AuthzGroupFileAuthoritative + setting.

+ +

+ + + +

Apache Module mod_auth_basic

Summary

Directives

See also

AuthBasicAuthoritative Directive

AuthBasicProvider Directive

Apache Module mod_authn_dbm

Summary

Directives

See also

AuthDBMAuthoritative Directive

AuthDBMType Directive

AuthDBMUserFile Directive

Apache Module mod_authn_file

Summary

Directives

See also

AuthUserFile Directive

Security

AuthUserFileAuthoritative Directive

Security

Apache Module mod_authz_dbm

Summary

Directives

See also

AuthDBMGroupFile Directive

AuthzDBMAuthoritative Directive

AuthzDBMType Directive

Apache Module mod_authz_groupfile

Summary

Directives

See also

AuthGroupFile Directive

Security

AuthzGroupFileAuthoritative Directive