From: Joshua Slive Date: Wed, 20 Feb 2002 15:58:40 +0000 (+0000) Subject: Add xml-ized mod_auth_anon. I had to change directives.html because this module X-Git-Tag: 2.0.33~182 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=df0b1dee0b828b223d082117f28cf25fa00a0801;p=apache Add xml-ized mod_auth_anon. I had to change directives.html because this module used a non-standard format for anchors that won't work now. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93512 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/directives.html b/docs/manual/mod/directives.html index c91a74166f..dcd6fb3b76 100644 --- a/docs/manual/mod/directives.html +++ b/docs/manual/mod/directives.html @@ -88,19 +88,19 @@
  • Anonymous
  • Anonymous_Authoritative
    • + href="mod_auth_anon.html#anonymous_uthoritative">Anonymous_Authoritative
  • Anonymous_LogEmail
    • + href="mod_auth_anon.html#anonymous_logemail">Anonymous_LogEmail
  • Anonymous_MustGiveEmail
    • + href="mod_auth_anon.html#anonymous_mustgiveemail">Anonymous_MustGiveEmail
  • Anonymous_NoUserID
    • + href="mod_auth_anon.html#anonymous_nouserid">Anonymous_NoUserID
  • Anonymous_VerifyEmail
    • + href="mod_auth_anon.html#anonymous_verifyemail">Anonymous_VerifyEmail
  • AssignUserID
    • diff --git a/docs/manual/mod/mod_auth_anon.html b/docs/manual/mod/mod_auth_anon.html index 85118488f9..2fd5fc8bf8 100644 --- a/docs/manual/mod/mod_auth_anon.html +++ b/docs/manual/mod/mod_auth_anon.html @@ -1,39 +1,50 @@ - - - - - - - Apache module mod_auth_anon.c - - - - - - -

    Module mod_auth_anon

    - This module allows "anonymous" user access to authenticated - areas. - -

    Status: Extension
    - Source File: - mod_auth_anon.c
    - Module Identifier: - auth_anon_module

    - -

    Summary

    - -

    This module does access control in a manner similar to + + + + +mod_auth_anon - Apache HTTP Server + + + +

    +
    +[APACHE DOCUMENTATION]

    Apache HTTP Server Version 2.0

    +
    +

    Apache Module mod_auth_anon

    + + + + +
    + + + + + + + + + + +
    Description: +Allows "anonymous" user access to authenticated + areas +
    Status:Extension
    Module Identifier:auth_anon_module
    +
    +

    Summary

    + + +

    This module does access control in a manner similar to anonymous-ftp sites; i.e. have a 'magic' user id 'anonymous' and the email address as a password. These email addresses can be logged.

    -

    Combined with other (database) access control methods, this + +

    Combined with other (database) access control methods, this allows for effective user tracking and customization according to a user profile while still keeping the site open for 'unregistered' users. One advantage of using Auth-based user @@ -41,237 +52,388 @@ pre/postfixes, it is completely browser independent and it allows users to share URLs.

    -

    Directives

    - - - -

    Example

    - The example below (when combined with the Auth directives of a +     +

    Directives

    + +

    Example

    + + +

    The example below (when combined with the Auth directives of a htpasswd-file based (or GDM, mSQL etc.) base access control system allows users in as 'guests' with the following - properties: + properties:

    - + + +

    Excerpt of httpd.conf:

    + + +
    + + + + +
    + Anonymous_NoUserId off
    + Anonymous_MustGiveEmail on
    + Anonymous_VerifyEmail on
    + Anonymous_LogEmail on
    + Anonymous anonymous guest www test welcome
    + +
    + AuthName "Use 'anonymous' & Email address for + guest entry"
    + AuthType basic
    + +
    + # An + AuthUserFile/AuthDBUserFile/AuthDBMUserFile
    + # directive must be specified, or use
    + # Anonymous_Authoritative for public access.
    + # In the .htaccess for the public directory, add:
    + <Files *>
    + Order Deny,Allow
    + Allow from all
    + +
    + Require valid-user
    + </Files>
    + +
    +
    + +
    +

    +Anonymous Directive +

    + + + + +
    + + + + + + + + + + + + + + + + + + + +
    Description: Specifies userIDs that areallowed access without +password verification
    Syntax: +Anonymous user [user] ... +
    Context:directory, .htaccess
    Override:AuthConfig
    Status:Extension
    Module:mod_auth_anon
    +
    + + +

    A list of one or more 'magic' userIDs which are allowed access without password verification. The userIDs are space separated. It is possible to use the ' and " quotes to allow a space in a userID as well as the \ escape character.

    -

    Please note that the comparison is - case-IN-sensitive.
    + +

    Please note that the comparison is + case-IN-sensitive.
    I strongly suggest that the magic username 'anonymous' is always one of the allowed userIDs.

    -

    Example:
    - Anonymous anonymous "Not Registered" 'I don\'t - know'

    + +

    Example:

    + +
    + + + + +
    Anonymous anonymous "Not Registered" 'I don\'t know'
    +
    -

    This would allow the user to enter without password + +

    This would allow the user to enter without password verification by using the userId's 'anonymous', 'AnonyMous','Not Registered' and 'I Don't Know'.

    -
    - -

    Anonymous_Authoritative directive

    - Syntax: Anonymous_Authoritative - on|off
    - Default: - Anonymous_Authoritative off
    - Context: directory, - .htaccess
    - Override: AuthConfig
    - Status: Extension
    - Module: mod_auth_anon - -

    When set 'on', there is no fall-through to other - authorization methods. So if a userID does not match the values - specified in the Anonymous directive, access is - denied.

    -

    Be sure you know what you are doing when you decide to + +

    +

    +Anonymous_Authoritative Directive +

    + + + + +
    + + + + + + + + + + + + + + + + + + + + + + +
    Description: Configures if authorization will fall-through +to other methods
    Syntax: +Anonymous_Authoritative on|off +
    Default:Anonymous_Authoritative off
    Context:directory, .htaccess
    Override:AuthConfig
    Status:Extension
    Module:mod_auth_anon
    +
    + + +

    When set 'on', there is no fall-through to other authorization + methods. So if a userID does not match the values specified in the + Anonymous directive, + access is denied.

    + + +

    Be sure you know what you are doing when you decide to switch it on. And remember that it is the linking order of the modules (in the Configuration / Make file) which details the order in which the Authorization modules are queried.

    -
    -

    Anonymous_LogEmail - directive

    - Syntax: Anonymous_LogEmail - on|off
    - Default: - Anonymous_LogEmail on
    - Context: directory, - .htaccess
    - Override: AuthConfig
    - Status: Extension
    - Module: mod_auth_anon - -

    When set 'on', the default, the 'password' entered (which - hopefully contains a sensible email address) is logged in the - error log.

    -
    - -

    Anonymous_MustGiveEmail directive

    - - Syntax: Anonymous_MustGiveEmail - on|off
    - Default: - Anonymous_MustGiveEmail on
    - Context: directory, - .htaccess
    - Override: AuthConfig
    - Status: Extension
    - Module: mod_auth_anon - -

    Specifies whether the user must specify an email address as + +

    +

    +Anonymous_LogEmail Directive +

    + + + + +
    + + + + + + + + + + + + + + + + + + + + + + +
    Description: Sets whether the password entered will be logged in the +error log
    Syntax: +Anonymous_LogEmail on|off +
    Default:Anonymous_LogEmail on
    Context:directory, .htaccess
    Override:AuthConfig
    Status:Extension
    Module:mod_auth_anon
    +
    + + +

    When set on, the default, the 'password' entered + (which hopefully contains a sensible email address) is logged in + the error log.

    + +     +
    +

    +Anonymous_MustGiveEmail Directive +

    + + + + +
    + + + + + + + + + + + + + + + + + + + + + + +
    Description: Specifies whether blank passwords are allowed
    Syntax: +Anonymous_MustGiveEmail on|off +
    Default:Anonymous_MustGiveEmail on
    Context:directory, .htaccess
    Override:AuthConfig
    Status:Extension
    Module:mod_auth_anon
    +
    + + +

    Specifies whether the user must specify an email address as the password. This prohibits blank passwords.

    -
    - -

    Anonymous_NoUserID - directive

    - Syntax: Anonymous_NoUserID - on|off
    - Default: - Anonymous_NoUserID off
    - Context: directory, - .htaccess
    - Override: AuthConfig
    - Status: Extension
    - Module: mod_auth_anon -

    When set 'on', users can leave the userID (and perhaps the - password field) empty. This can be very convenient for - MS-Explorer users who can just hit return or click directly on - the OK button; which seems a natural reaction.

    -
    - -

    Anonymous_VerifyEmail directive

    - Syntax: Anonymous_VerifyEmail - on|off
    - Default: - Anonymous_VerifyEmail off
    - Context: directory, - .htaccess
    - Override: AuthConfig
    - Status: Extension
    - Module: mod_auth_anon - -

    When set 'on' the 'password' entered is checked for at least - one '@' and a '.' to encourage users to enter valid email - addresses (see the above Auth_LogEmail). - -

    - +     +
    +

    +Anonymous_NoUserID Directive +

    + + + + +
    + + + + + + + + + + + + + + + + + + + + + + +
    Description: Sets whether the userID field may be empty
    Syntax: +Anonymous_NoUserID on|off +
    Default:Anonymous_NoUserID off
    Context:directory, .htaccess
    Override:AuthConfig
    Status:Extension
    Module:mod_auth_anon
    +
    + + +

    When set on, users can leave the userID (and + perhaps the password field) empty. This can be very convenient for + MS-Explorer users who can just hit return or click directly on the + OK button; which seems a natural reaction.

    + +     +
    +

    +AnonymousVerifyEmail Directive +

    + + + + +
    + + + + + + + + + + + + + + + + + + + + + + +
    Description: Sets whether to check the password field for a correctly +formatted email address
    Syntax: +Anonymous_VerifyEmail on|off +
    Default:Anonymous_VerifyEmail off
    Context:directory, .htaccess
    Override:AuthConfig
    Status:Extension
    Module:mod_auth_anon
    +
    + + +

    When set on the 'password' entered is checked for + at least one '@' and a '.' to encourage users to enter valid email + addresses (see the above Auth_LogEmail).

    + +     +
    +

    Apache HTTP Server Version 2.0

    +IndexHome +
    + - diff --git a/docs/manual/mod/mod_auth_anon.xml b/docs/manual/mod/mod_auth_anon.xml new file mode 100644 index 0000000000..c3dd6861ab --- /dev/null +++ b/docs/manual/mod/mod_auth_anon.xml @@ -0,0 +1,201 @@ + + + + +mod_auth_anon +Allows "anonymous" user access to authenticated + areas +Extension +mod_auth_anon.c +auth_anon_module + + +

    This module does access control in a manner similar to + anonymous-ftp sites; i.e. have a 'magic' user id + 'anonymous' and the email address as a password. These email + addresses can be logged.

    + +

    Combined with other (database) access control methods, this + allows for effective user tracking and customization according + to a user profile while still keeping the site open for + 'unregistered' users. One advantage of using Auth-based user + tracking is that, unlike magic-cookies and funny URL + pre/postfixes, it is completely browser independent and it + allows users to share URLs.

    +     + +
    Example + +

    The example below (when combined with the Auth directives of a + htpasswd-file based (or GDM, mSQL etc.) base access + control system allows users in as 'guests' with the following + properties:

    + +
      +
    • It insists that the user enters a userId. + (Anonymous_NoUserId)
      • + +
    • It insists that the user enters a password. + (Anonymous_MustGiveEmail)
      • + +
    • The password entered must be a valid email address, ie. + contain at least one '@' and a '.'. + (Anonymous_VerifyEmail)
      • + +
    • The userID must be one of anonymous guest www test + welcome and comparison is not case + sensitive.
      • + +
    • And the Email addresses entered in the passwd field are + logged to the error log file + (Anonymous_LogEmail)
      • +
    + +

    Excerpt of httpd.conf:

    + + + Anonymous_NoUserId off
    + Anonymous_MustGiveEmail on
    + Anonymous_VerifyEmail on
    + Anonymous_LogEmail on
    + Anonymous anonymous guest www test welcome
    +
    + AuthName "Use 'anonymous' & Email address for + guest entry"
    + AuthType basic
    +
    + # An + AuthUserFile/AuthDBUserFile/AuthDBMUserFile
    + # directive must be specified, or use
    + # Anonymous_Authoritative for public access.
    + # In the .htaccess for the public directory, add:
    + <Files *>
    + Order Deny,Allow
    + Allow from all
    +
    + Require valid-user
    + </Files>
    +     +
    + + +Anonymous +Specifies userIDs that areallowed access without +password verification +Anonymous user [user] ... +directory.htaccess + +AuthConfig + + +

    A list of one or more 'magic' userIDs which are allowed + access without password verification. The userIDs are space + separated. It is possible to use the ' and " quotes to allow a + space in a userID as well as the \ escape character.

    + +

    Please note that the comparison is + case-IN-sensitive.
    + I strongly suggest that the magic username + 'anonymous' is always one of the allowed + userIDs.

    + +

    Example:

    +Anonymous anonymous "Not Registered" 'I don\'t know' + +

    This would allow the user to enter without password + verification by using the userId's 'anonymous', + 'AnonyMous','Not Registered' and 'I Don't Know'.

    +     +     + + +Anonymous_Authoritative +Configures if authorization will fall-through +to other methods +Anonymous_Authoritative on|off +Anonymous_Authoritative off +directory.htaccess + +AuthConfig + + +

    When set 'on', there is no fall-through to other authorization + methods. So if a userID does not match the values specified in the + Anonymous directive, + access is denied.

    + +

    Be sure you know what you are doing when you decide to + switch it on. And remember that it is the linking order of the + modules (in the Configuration / Make file) which details the + order in which the Authorization modules are queried.

    +     +     + + +Anonymous_LogEmail +Sets whether the password entered will be logged in the +error log +Anonymous_LogEmail on|off +Anonymous_LogEmail on +directory.htaccess + +AuthConfig + + +

    When set on, the default, the 'password' entered + (which hopefully contains a sensible email address) is logged in + the error log.

    +     +     + + +Anonymous_MustGiveEmail +Specifies whether blank passwords are allowed +Anonymous_MustGiveEmail on|off +Anonymous_MustGiveEmail on +directory.htaccess + +AuthConfig + + +

    Specifies whether the user must specify an email address as + the password. This prohibits blank passwords.

    +     +     + + +Anonymous_NoUserID +Sets whether the userID field may be empty +Anonymous_NoUserID on|off +Anonymous_NoUserID off +directory.htaccess + +AuthConfig + + +

    When set on, users can leave the userID (and + perhaps the password field) empty. This can be very convenient for + MS-Explorer users who can just hit return or click directly on the + OK button; which seems a natural reaction.

    +     +     + + +AnonymousVerifyEmail +Sets whether to check the password field for a correctly +formatted email address +Anonymous_VerifyEmail on|off +Anonymous_VerifyEmail off +directory.htaccess + +AuthConfig + + +

    When set on the 'password' entered is checked for + at least one '@' and a '.' to encourage users to enter valid email + addresses (see the above Auth_LogEmail).

    +     +     + +     \ No newline at end of file