From 615a862f2ed74bea7d0efa93073c4eaa0190df74 Mon Sep 17 00:00:00 2001
From: Andre Malo
So if a userID appears in the database of more than one module;
or if a valid Require
directive applies to more than one module; then the first module
will verify the credentials; and no access is passed on;
- regardless of the AuthAuthoritative setting.
AuthBasicAuthoritative
+ setting.
By default control is not passed on and an unknown userID or - rule will result in an Authorization Required reply. Not setting + rule will result in an "Authentication Required" reply. Not setting it thus keeps the system secure and forces an NCSA compliant behaviour.
diff --git a/docs/manual/mod/mod_auth_basic.xml b/docs/manual/mod/mod_auth_basic.xml index 677019d7f5..5c205ad3c0 100644 --- a/docs/manual/mod/mod_auth_basic.xml +++ b/docs/manual/mod/mod_auth_basic.xml @@ -72,16 +72,17 @@ lower level modules no userID or rule matching the supplied userID. If there is a userID and/or rule specified, the usual password and access checks will be applied and a failure will give - an Authorization Required reply. + an "Authentication Required" reply.So if a userID appears in the database of more than one module;
or if a valid
By default control is not passed on and an unknown userID or - rule will result in an Authorization Required reply. Not setting + rule will result in an "Authentication Required" reply. Not setting it thus keeps the system secure and forces an NCSA compliant behaviour.
diff --git a/docs/manual/mod/mod_authn_dbm.html.en b/docs/manual/mod/mod_authn_dbm.html.en index f8d8d835e6..29947f4860 100644 --- a/docs/manual/mod/mod_authn_dbm.html.en +++ b/docs/manual/mod/mod_authn_dbm.html.en @@ -94,15 +94,16 @@ passwords for authentication the user file.The user file is keyed on the username. The value for a user is
- the crypt()
encrypted password, optionally followed
- by a colon and arbitrary data. The colon and the data following it
- will be ignored by the server.
Security: make sure that the
- AuthDBMUserFile
is stored outside the
- document tree of the web-server; do not put it in the
- directory that it protects. Otherwise, clients will be able to
- download the AuthDBMUserFile
.
Make sure that the AuthDBMUserFile
is stored
+ outside the document tree of the web-server; do not put it in
+ the directory that it protects. Otherwise, clients will be able to
+ download the AuthDBMUserFile
.
Important compatibility note: The implementation of
dbmopen
in the apache modules reads the string length of
diff --git a/docs/manual/mod/mod_authn_dbm.xml b/docs/manual/mod/mod_authn_dbm.xml
index f79b615a3c..c9be2eafab 100644
--- a/docs/manual/mod/mod_authn_dbm.xml
+++ b/docs/manual/mod/mod_authn_dbm.xml
@@ -49,15 +49,16 @@ passwords for authentication
the user file.
The user file is keyed on the username. The value for a user is
- the crypt()
encrypted password, optionally followed
- by a colon and arbitrary data. The colon and the data following it
- will be ignored by the server.
Security: make sure that the
-
Make sure that the
Important compatibility note: The implementation of
dbmopen
in the apache modules reads the string length of
--
2.40.0