From: Justin Erenkrantz <jerenkrantz@apache.org>
Date: Fri, 20 Sep 2002 05:15:23 +0000 (+0000)
Subject: Remove mention of AuthDBMAuthoritative and AuthUserFileAuthoritative
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d37aa0c7d82aecd5ab8ceb24f84b33ada145597d;p=apache

Remove mention of AuthDBMAuthoritative and AuthUserFileAuthoritative
directives.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96923 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/mod_authn_dbm.html.en b/docs/manual/mod/mod_authn_dbm.html.en
index b547d825e1..0ef60d652a 100644
--- a/docs/manual/mod/mod_authn_dbm.html.en
+++ b/docs/manual/mod/mod_authn_dbm.html.en
@@ -20,53 +20,11 @@
     <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code> or
     <code class="directive"><a href="../mod/mod_auth_digest.html#authdigestprovider">AuthDigestProvider</a></code>
     with the 'dbm' value.</p>
-</div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authdbmauthoritative">AuthDBMAuthoritative</a></li><li><img alt="" src="../images/down.gif" /> <a href="#authdbmtype">AuthDBMType</a></li><li><img alt="" src="../images/down.gif" /> <a href="#authdbmuserfile">AuthDBMUserFile</a></li></ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li><li>
+</div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authdbmtype">AuthDBMType</a></li><li><img alt="" src="../images/down.gif" /> <a href="#authdbmuserfile">AuthDBMUserFile</a></li></ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li><li>
   <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code>
 </li><li>
   <code class="directive"><a href="../mod/mod_auth_digest.html#authdigestprovider">AuthDigestProvider</a></code>
-</li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDBMAuthoritative" id="AuthDBMAuthoritative">AuthDBMAuthoritative</a> <a name="authdbmauthoritative" id="authdbmauthoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
-              </a></th><td>Sets whether authentication and authorization will be
-passwed on to lower level modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
-              </a></th><td>AuthDBMAuthoritative on|off</td></tr><tr><th><a href="directive-dict.html#Default">Default: 
-              </a></th><td><code>AuthDBMAuthoritative on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
-              </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
-              </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
-              </a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:
-              </a></th><td>mod_authn_dbm</td></tr></table>
-
-    <p>Setting the <code class="directive">AuthDBMAuthoritative</code>
-    directive explicitly to <strong>'off'</strong> allows for both
-    authentication and authorization to be passed on to lower level
-    modules (as defined in the <code>Configuration</code> and
-    <code>modules.c</code> file if there is <strong>no userID</strong>
-    or <strong>rule</strong> matching the supplied userID. If there is
-    a userID and/or rule specified; the usual password and access
-    checks will be applied and a failure will give an Authorization
-    Required reply.</p>
-
-    <p>So if a userID appears in the database of more than one module;
-    or if a valid <code class="directive"><a href="../mod/core.html#require">Require</a></code>
-    directive applies to more than one module; then the first module
-    will verify the credentials; and no access is passed on;
-    regardless of the <code class="directive">AuthAuthoritative</code> setting.</p>
-
-    <p>A common use for this is in conjunction with one of the
-    auth providers; such as <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code>. Whereas this
-    DBM module supplies the bulk of the user credential checking; a
-    few (administrator) related accesses fall through to a lower
-    level with a well protected .htpasswd file.</p>
-
-    <p>By default, control is not passed on and an unknown userID
-    or rule will result in an Authorization Required reply. Not
-    setting it thus keeps the system secure and forces an NCSA
-    compliant behaviour.</p>
-
-    <p>Security: Do consider the implications of allowing a user to
-    allow fall-through in his .htaccess file; and verify that this
-    is really what you want; Generally it is easier to just secure
-    a single .htpasswd file, than it is to secure a database which
-    might have more access interfaces.</p>
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDBMType" id="AuthDBMType">AuthDBMType</a> <a name="authdbmtype" id="authdbmtype">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
+</li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDBMType" id="AuthDBMType">AuthDBMType</a> <a name="authdbmtype" id="authdbmtype">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
               </a></th><td>Sets the type of database file that is used to
 store passwords</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
               </a></th><td>AuthDBMType default|SDBM|GDBM|NDBM|DB</td></tr><tr><th><a href="directive-dict.html#Default">Default: 
diff --git a/docs/manual/mod/mod_authn_dbm.xml b/docs/manual/mod/mod_authn_dbm.xml
index 57b4479d27..85307b225a 100644
--- a/docs/manual/mod/mod_authn_dbm.xml
+++ b/docs/manual/mod/mod_authn_dbm.xml
@@ -101,51 +101,4 @@ files is configured to use the same type of database.</p>
 </usage>
 </directivesynopsis>
 
-<directivesynopsis>
-<name>AuthDBMAuthoritative</name>
-<description>Sets whether authentication and authorization will be
-passwed on to lower level modules</description>
-<syntax>AuthDBMAuthoritative on|off</syntax>
-<default>AuthDBMAuthoritative on</default>
-<contextlist><context>directory</context><context>.htaccess</context>
-</contextlist>
-<override>AuthConfig</override>
-
-<usage>
-
-    <p>Setting the <directive>AuthDBMAuthoritative</directive>
-    directive explicitly to <strong>'off'</strong> allows for both
-    authentication and authorization to be passed on to lower level
-    modules (as defined in the <code>Configuration</code> and
-    <code>modules.c</code> file if there is <strong>no userID</strong>
-    or <strong>rule</strong> matching the supplied userID. If there is
-    a userID and/or rule specified; the usual password and access
-    checks will be applied and a failure will give an Authorization
-    Required reply.</p>
-
-    <p>So if a userID appears in the database of more than one module;
-    or if a valid <directive module="core">Require</directive>
-    directive applies to more than one module; then the first module
-    will verify the credentials; and no access is passed on;
-    regardless of the <directive>AuthAuthoritative</directive> setting.</p>
-
-    <p>A common use for this is in conjunction with one of the
-    auth providers; such as <module>mod_authn_file</module>. Whereas this
-    DBM module supplies the bulk of the user credential checking; a
-    few (administrator) related accesses fall through to a lower
-    level with a well protected .htpasswd file.</p>
-
-    <p>By default, control is not passed on and an unknown userID
-    or rule will result in an Authorization Required reply. Not
-    setting it thus keeps the system secure and forces an NCSA
-    compliant behaviour.</p>
-
-    <p>Security: Do consider the implications of allowing a user to
-    allow fall-through in his .htaccess file; and verify that this
-    is really what you want; Generally it is easier to just secure
-    a single .htpasswd file, than it is to secure a database which
-    might have more access interfaces.</p>
-</usage>
-</directivesynopsis>
-
 </modulesynopsis>
diff --git a/docs/manual/mod/mod_authn_file.html.en b/docs/manual/mod/mod_authn_file.html.en
index 7def1468b7..1e49444ba0 100644
--- a/docs/manual/mod/mod_authn_file.html.en
+++ b/docs/manual/mod/mod_authn_file.html.en
@@ -22,7 +22,7 @@
     <code class="directive"><a href="../mod/mod_auth_digest.html#authdigestprovider">AuthDigestProvider</a></code>
     with the 'file' value.</p>
 
-</div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authuserfile">AuthUserFile</a></li><li><img alt="" src="../images/down.gif" /> <a href="#authuserfileauthoritative">AuthUserFileAuthoritative</a></li></ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li><li>
+</div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authuserfile">AuthUserFile</a></li></ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li><li>
   <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code>
 </li><li>
   <code class="directive"><a href="../mod/mod_auth_digest.html#authdigestprovider">AuthDigestProvider</a></code>
@@ -68,47 +68,4 @@ passwords for authentication</td></tr><tr><th><a href="directive-dict.html#Synta
 	put it in the directory that it protects. Otherwise, clients will
 	be able to download the <code class="directive">AuthUserFile</code>.</p>
     </div>
-</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthUserFileAuthoritative" id="AuthUserFileAuthoritative">AuthUserFileAuthoritative</a> <a name="authuserfileauthoritative" id="authuserfileauthoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
-              </a></th><td>Sets whether authorization and authentication are
-passed to lower level modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
-              </a></th><td>AuthUserFileAuthoritative on|off</td></tr><tr><th><a href="directive-dict.html#Default">Default: 
-              </a></th><td><code>AuthUserFileAuthoritative on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
-              </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
-              </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
-              </a></th><td>Base</td></tr><tr><th><a href="directive-dict.html#Module">Module:
-              </a></th><td>mod_authn_file</td></tr></table>
-    <div class="note">This information has not been updated for Apache 2.0, which
-    uses a different system for module ordering.</div>
-
-    <p>Setting the <code class="directive">AuthAuthoritative</code> directive
-    explicitly to <strong>'off'</strong> allows for both
-    authentication and authorization to be passed on to lower level
-    modules (as defined in the <code>Configuration</code> and
-    <code>modules.c</code> files) if there is <strong>no
-    userID</strong> or <strong>rule</strong> matching the supplied
-    userID. If there is a userID and/or rule specified; the usual
-    password and access checks will be applied and a failure will give
-    an Authorization Required reply.</p>
-
-    <p>So if a userID appears in the database of more than one module;
-    or if a valid <code class="directive"><a href="../mod/core.html#require">Require</a></code>
-    directive applies to more than one module; then the first module
-    will verify the credentials; and no access is passed on;
-    regardless of the AuthAuthoritative setting.</p>
-
-    <p>By default; control is not passed on; and an unknown userID or
-    rule will result in an Authorization Required reply. Not setting
-    it thus keeps the system secure; and forces an NCSA compliant
-    behaviour.</p>
-
-    <div class="note"><h3>Security</h3> Do consider the implications of
-    allowing a user to allow fall-through in his .htaccess file; and
-    verify that this is really what you want; Generally it is easier
-    to just secure a single .htpasswd file, than it is to secure a
-    database such as mSQL. Make sure that the <code class="directive"><a href="#authuserfile">AuthUserFile</a></code> and the <code class="directive"><a href="../mod/mod_authz_groupfile.html#authgroupfile">AuthGroupFile</a></code> are stored outside
-    the document tree of the web-server; do <em>not</em> put them in the
-    directory that they protect. Otherwise, clients will be able to
-    download the <code class="directive"><a href="#authuserfile">AuthUserFile</a></code>
-    and the <code class="directive"><a href="../mod/mod_authz_groupfile.html#authgroupfile">AuthGroupFile</a></code>.
-    </div>
 </div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
\ No newline at end of file
diff --git a/docs/manual/mod/mod_authn_file.xml b/docs/manual/mod/mod_authn_file.xml
index fe4ed95396..d3b534ea8c 100644
--- a/docs/manual/mod/mod_authn_file.xml
+++ b/docs/manual/mod/mod_authn_file.xml
@@ -84,56 +84,4 @@ passwords for authentication</description>
 </usage>
 </directivesynopsis>
 
-<directivesynopsis>
-<name>AuthUserFileAuthoritative</name>
-<description>Sets whether authorization and authentication are
-passed to lower level modules</description>
-<syntax>AuthUserFileAuthoritative on|off</syntax>
-<default>AuthUserFileAuthoritative on</default>
-<contextlist>
-  <context>directory</context>
-  <context>.htaccess</context>
-</contextlist>
-<override>AuthConfig</override>
-
-<usage>
-    <note>This information has not been updated for Apache 2.0, which
-    uses a different system for module ordering.</note>
-
-    <p>Setting the <directive>AuthAuthoritative</directive> directive
-    explicitly to <strong>'off'</strong> allows for both
-    authentication and authorization to be passed on to lower level
-    modules (as defined in the <code>Configuration</code> and
-    <code>modules.c</code> files) if there is <strong>no
-    userID</strong> or <strong>rule</strong> matching the supplied
-    userID. If there is a userID and/or rule specified; the usual
-    password and access checks will be applied and a failure will give
-    an Authorization Required reply.</p>
-
-    <p>So if a userID appears in the database of more than one module;
-    or if a valid <directive module="core">Require</directive>
-    directive applies to more than one module; then the first module
-    will verify the credentials; and no access is passed on;
-    regardless of the AuthAuthoritative setting.</p>
-
-    <p>By default; control is not passed on; and an unknown userID or
-    rule will result in an Authorization Required reply. Not setting
-    it thus keeps the system secure; and forces an NCSA compliant
-    behaviour.</p>
-
-    <note><title>Security</title> Do consider the implications of
-    allowing a user to allow fall-through in his .htaccess file; and
-    verify that this is really what you want; Generally it is easier
-    to just secure a single .htpasswd file, than it is to secure a
-    database such as mSQL. Make sure that the <directive
-    module="mod_authn_file">AuthUserFile</directive> and the <directive
-    module="mod_authz_groupfile">AuthGroupFile</directive> are stored outside
-    the document tree of the web-server; do <em>not</em> put them in the
-    directory that they protect. Otherwise, clients will be able to
-    download the <directive module="mod_authn_file">AuthUserFile</directive>
-    and the <directive module="mod_authz_groupfile">AuthGroupFile</directive>.
-    </note>
-</usage>
-</directivesynopsis>
-
 </modulesynopsis>

Description: -	Sets whether authentication and authorization will be -passwed on to lower level modules
Syntax: -	AuthDBMAuthoritative on\|off
Default: -	`AuthDBMAuthoritative on`
Context: -	directory, .htaccess
Override: -	AuthConfig
Status: -	Extension
Module: -	mod_authn_dbm