From: Andre Malo Date: Wed, 9 Oct 2002 01:16:06 +0000 (+0000) Subject: fix many links in respect to the aaa changes. X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e8c1b1f03417602db3a9239ea69b867459407990;p=apache fix many links in respect to the aaa changes. Probably overlooked one or two ;-) Some files are left unmodified, since the parts there aren't clear or have to be (re-)written: ebcdic.xml new_features_2_0.xml upgrading.xml git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97153 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/env.xml b/docs/manual/env.xml index d5fee84654..4a8058c4e1 100644 --- a/docs/manual/env.xml +++ b/docs/manual/env.xml @@ -121,7 +121,7 @@ - mod_access + mod_authz_host mod_cgi mod_ext_filter mod_headers @@ -130,9 +130,9 @@ mod_rewrite - Allow + Allow CustomLog - Deny + Deny ExtFilterDefine Header LogFormat diff --git a/docs/manual/howto/htaccess.xml b/docs/manual/howto/htaccess.xml index 9b86100e3e..433fec3992 100755 --- a/docs/manual/howto/htaccess.xml +++ b/docs/manual/howto/htaccess.xml @@ -15,7 +15,8 @@ changes on a per-directory basis.

core - mod_auth + mod_authn_file + mod_authz_groupfile mod_cgi mod_include mod_mime @@ -29,8 +30,8 @@ changes on a per-directory basis.

SetHandler AuthType AuthName - AuthUserFile - AuthGroupFile + AuthUserFile + AuthGroupFile Require diff --git a/docs/manual/install.xml b/docs/manual/install.xml index 4ce89a5139..6d450c2c57 100644 --- a/docs/manual/install.xml +++ b/docs/manual/install.xml @@ -495,7 +495,7 @@
DBM

Several Apache features, including - mod_auth_dbm and mod_rewrite's + mod_authn_dbm and mod_rewrite's DBM RewriteMap use simple key/value databases for quick lookups of information. Apache includes SDBM with its source-code, so this database is always diff --git a/docs/manual/misc/rewriteguide.xml b/docs/manual/misc/rewriteguide.xml index fe316eab64..89b348b95e 100644 --- a/docs/manual/misc/rewriteguide.xml +++ b/docs/manual/misc/rewriteguide.xml @@ -2061,7 +2061,7 @@ RewriteRule !^http://[^/.]\.mydomain.com.* - [F] instance a authentication which checks for a set of explicitly configured users. Only these should receive access and without explicit prompting (which would occur - when using the Basic Auth via mod_access).

+ when using the Basic Auth via mod_auth_basic).

Solution:
diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml index f7f3a68298..11f214de10 100644 --- a/docs/manual/mod/core.xml +++ b/docs/manual/mod/core.xml @@ -183,7 +183,7 @@ response without an explicit character set Allow use of the authorization directives (AuthDBMGroupFile, AuthDBMUserFile, - AuthGroupFile, + AuthGroupFile, AuthName, AuthType, AuthUserFile,
Allow use of the directives controlling host access (Allow, Deny and Order).
+ module="mod_authz_host">Allow, Deny and Order).
Options
@@ -267,8 +267,8 @@ authentication marks. It must be accompanied by AuthType and Require directives, and directives such - as AuthUserFile and - AuthGroupFile to + as AuthUserFile and + AuthGroupFile to work.

For example:

@@ -301,8 +301,8 @@ authentication It must be accompanied by AuthName and Require directives, and directives such - as AuthUserFile and - AuthGroupFile to + as AuthUserFile and + AuthGroupFile to work.

Authentication, Authorization, @@ -947,7 +947,7 @@ MIME content-type address. (In "tcpwrappers" terminology this is called PARANOID.)

-

Regardless of the setting, when mod_access is +

Regardless of the setting, when mod_authz_host is used for controlling access by hostname, a double reverse lookup will be performed. This is necessary for security. Note that the result of this double-reverse isn't generally available unless you @@ -2002,8 +2002,8 @@ a resource

Require must be accompanied by AuthName and AuthType directives, and directives such - as AuthUserFile - and AuthGroupFile (to + as AuthUserFile + and AuthGroupFile (to define users and groups) in order to work correctly. Example:

@@ -2023,7 +2023,7 @@ a resource section.

Satisfy -mod_access +mod_authz_host @@ -2143,7 +2143,7 @@ user authentication

Access policy if both Allow and Allow and Require used. The parameter can be either all or any. This directive is only useful if access to a particular area is being restricted by both @@ -2168,7 +2168,7 @@ user authentication - Allow + Allow Require diff --git a/docs/manual/mod/mod_auth_ldap.xml b/docs/manual/mod/mod_auth_ldap.xml index 0ac0f48992..fe96647155 100644 --- a/docs/manual/mod/mod_auth_ldap.xml +++ b/docs/manual/mod/mod_auth_ldap.xml @@ -58,19 +58,14 @@ for HTTP Basic authentication.

  • Examples
    • -
  • Using TLS
    • -
  • Using SSL
  • @@ -79,7 +74,6 @@ for HTTP Basic authentication.
    • @@ -447,7 +441,8 @@ require valid-user FrontPage with mod_auth_ldap

    Normally, FrontPage uses FrontPage-web-specific user/group - files (i.e., the mod_auth module) to handle all + files (i.e., the mod_authn_file and + mod_authz_groupfile modules) to handle all authentication. Unfortunately, it is not possible to just change to LDAP authentication by adding the proper directives, because it will break the Permissions forms in @@ -496,8 +491,8 @@ AuthLDAPFrontPageHack on

    • When choosing the LDAP URL, the attribute to use for authentication should be something that will also be valid - for putting into a mod_auth user file. The user ID is - ideal for this.
      • + for putting into a mod_authn_file user file. + The user ID is ideal for this.
    • When adding users via FrontPage, FrontPage administrators should choose usernames that already exist in the LDAP @@ -507,9 +502,12 @@ AuthLDAPFrontPageHack on LDAP database, and not against the password in the local user file. This could cause confusion for web administrators.
      • -
    • Apache must be compiled with mod_auth in order to + +
    • Apache must be compiled with mod_auth_basic, + mod_authn_file and + mod_authz_groupfile in order to use FrontPage support. This is because Apache will still use - the mod_auth group file for determine the extent of a + the mod_authz_groupfile group file for determine the extent of a user's access to the FrontPage web.
    • The directives must be put in the .htaccess @@ -517,7 +515,7 @@ AuthLDAPFrontPageHack on type="section">Location or Directory directives won't work. This is because mod_auth_ldap has to be able to grab - the AuthUserFile + the AuthUserFile directive that is found in FrontPage .htaccess files so that it knows where to look for the valid user list. If the mod_auth_ldap directives aren't in the same diff --git a/docs/manual/mod/mod_authn_anon.xml b/docs/manual/mod/mod_authn_anon.xml index e127f32a96..48b99cc9e3 100644 --- a/docs/manual/mod/mod_authn_anon.xml +++ b/docs/manual/mod/mod_authn_anon.xml @@ -67,7 +67,7 @@ AuthType basic

      # An - AuthUserFile/AuthDBUserFile/AuthDBMUserFile
      + AuthUserFile/AuthDBMUserFile
      # directive must be specified, or use
      # Anonymous_Authoritative for public access.
      # In the .htaccess for the public directory, add:
      diff --git a/docs/manual/mod/mod_authz_host.xml b/docs/manual/mod/mod_authz_host.xml index e302718f90..60481343e0 100644 --- a/docs/manual/mod/mod_authz_host.xml +++ b/docs/manual/mod/mod_authz_host.xml @@ -14,13 +14,13 @@ address) Available in Apache 2.0.44 and later -

      The directives provided by mod_authz_host are used in Directory, Files, and Location sections as well as - .htaccess - files to control access to particular parts of the server. Access - can be controlled based on the client hostname, IP address, or +

      The directives provided by mod_authz_host are + used in Directory, + Files, and + Location sections + as well as .htaccess + files to control access to particular parts of the server. + Access can be controlled based on the client hostname, IP address, or other characteristics of the client request, as captured in environment variables. The Allow and

      You may wish to add a <Limit> clause inside the - <location> + <Location> directive to limit access to your server configuration information.

      @@ -74,9 +74,11 @@ host the module module-name. Example:

      -AddModuleInfo mod_authn_file.c 'See <A \
      - HREF="http://www.apache.org/docs-2.0/mod/mod_authn_file.html">\
      - http://www.apache.org/docs-2.0/mod/mod_authn_file.html</A>' + AddModuleInfo mod_authn_file.c 'See <a \
      + + href="http://www.apache.org/docs-2.0/mod/mod_authn_file.html">\
      + http://www.apache.org/docs-2.0/mod/mod_authn_file.html</a>' +       diff --git a/docs/manual/ssl/ssl_howto.xml b/docs/manual/ssl/ssl_howto.xml index f2509a4f59..28ac38940c 100644 --- a/docs/manual/ssl/ssl_howto.xml +++ b/docs/manual/ssl/ssl_howto.xml @@ -156,14 +156,14 @@ parts of the server?

      The key is to check for various ingredients of the client certficate. Usually this means to check the whole or part of the Distinguished Name (DN) of the Subject. For this two methods exists: The mod_auth based variant and the SSLRequire variant. The first method is good when the - clients are of totally different type, i.e. when their DNs have no - common fields (usually the organisation, etc.). In this case you've - to establish a password database containing all clients. The - second method is better when your clients are all part of a common - hierarchy which is encoded into the DN. Then you can match them more - easily.

      + >mod_auth_basic based variant and the SSLRequire variant. The first method is + good when the clients are of totally different type, i.e. when their + DNs have no common fields (usually the organisation, etc.). In this + case you've to establish a password database containing all + clients. The second method is better when your clients are all part of + a common hierarchy which is encoded into the DN. Then you can match + them more easily.

      The first method:

      httpd.conf
      @@ -178,6 +178,7 @@ SSLOptions           +FakeBasicAuth
 SSLRequireSSL
 AuthName             "Snake Oil Authentication"
 AuthType             Basic
+AuthBasicProvider    file
 AuthUserFile         /usr/local/apache2/conf/httpd.passwd
 require              valid-user
 </Directory>
      @@ -256,6 +257,7 @@ Allow 192.168.1.0/24 # HTTP Basic Authentication AuthType basic AuthName "Protected Intranet Area" +AuthBasicProvider file AuthUserFile conf/protected.passwd Require valid-user </Directory>