From 6d772e5ca8176c4832be2f908ec52c782a7c9650 Mon Sep 17 00:00:00 2001 From: Erik Abele Date: Sat, 24 Aug 2002 12:01:56 +0000 Subject: [PATCH] Fixed some typos, improved the security note. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96518 13f79535-47bb-0310-9956-ffa450edef68 --- docs/manual/mod/mod_auth.html.en | 49 ++++++++++++++++--------------- docs/manual/mod/mod_auth.xml | 50 +++++++++++++++++--------------- 2 files changed, 51 insertions(+), 48 deletions(-) diff --git a/docs/manual/mod/mod_auth.html.en b/docs/manual/mod/mod_auth.html.en index 6b729e19f2..5f8c882463 100644 --- a/docs/manual/mod/mod_auth.html.en +++ b/docs/manual/mod/mod_auth.html.en @@ -10,7 +10,7 @@

This module allows the use of HTTP Basic Authentication to restrict access by looking up users in plain text password and group files. Similar functionality and greater scalability is - provided by mod_auth_dbm. HTTP Digest + provided by mod_auth_dbm. HTTP Digest Authentication is provided by mod_auth_digest.

@@ -23,9 +23,8 @@ passed to lower level modulesStatus: BaseModule: mod_auth - -
This information has not been updated for Apache 2.0, which -uses a different system for module ordering.
+
This information has not been updated for Apache 2.0, which + uses a different system for module ordering.

Setting the AuthAuthoritative directive explicitly to 'off' allows for both @@ -59,10 +58,11 @@ uses a different system for module ordering. allowing a user to allow fall-through in his .htaccess file; and verify that this is really what you want; Generally it is easier to just secure a single .htpasswd file, than it is to secure a - database such as mSQL. Make sure that the AuthUserFile is stored outside the - document tree of the web-server; do not put it in the - directory that it protects. Otherwise, clients will be able to - download the AuthUserFile. + database such as mSQL. Make sure that the AuthUserFile and the AuthGroupFile are stored outside the + document tree of the web-server; do not put them in the + directory that they protect. Otherwise, clients will be able to + download the AuthUserFile + and the AuthGroupFile.

AuthGroupFile Directive

Description: Sets the name of a text file containing the list @@ -82,18 +82,18 @@ of user groups for authentication
mygroup: bob joe anne
+
mygroup: bob joe anne

Note that searching large text files is very inefficient; AuthDBMGroupFile should be used instead.

-

Security

-

Make sure that the AuthGroupFile is stored outside - the document tree of the web-server; do not put it in - the directory that it protects. Otherwise, clients will be able - to download the AuthGroupFile.

-
+

Security

+

Make sure that the AuthGroupFile is + stored outside the document tree of the web-server; do not + put it in the directory that it protects. Otherwise, clients will + be able to download the AuthGroupFile.

+

AuthUserFile Directive

Description: Sets the name of a text file containing the list of users and passwords for authentication
Syntax: @@ -108,7 +108,7 @@ passwords for authentication
ServerRoot.

-

Each line of the user file file contains a username followed by +

Each line of the user file contains a username followed by a colon, followed by the crypt() encrypted password. The behavior of multiple occurrences of the same user is undefined.

@@ -121,18 +121,19 @@ passwords for authentication
htpasswd -c Filename username
+
htpasswd -c Filename username
-

Adds or modifies in password file 'Filename' the 'username':

-
htpasswd Filename username2
+

Add or modify 'username' in the password file 'Filename':

+
htpasswd Filename username2

Note that searching large text files is very inefficient; AuthDBMUserFile should be used instead.

-

Security

Make sure that the AuthUserFile is -stored outside the document tree of the web-server; do not -put it in the directory that it protects. Otherwise, clients will be -able to download the AuthUserFile.

- +

Security

+

Make sure that the AuthUserFile is + stored outside the document tree of the web-server; do not + put it in the directory that it protects. Otherwise, clients will + be able to download the AuthUserFile.

+

Apache HTTP Server Version 2.0

IndexHome \ No newline at end of file diff --git a/docs/manual/mod/mod_auth.xml b/docs/manual/mod/mod_auth.xml index 453f3b4e05..77b04c1061 100644 --- a/docs/manual/mod/mod_auth.xml +++ b/docs/manual/mod/mod_auth.xml @@ -14,7 +14,7 @@

This module allows the use of HTTP Basic Authentication to restrict access by looking up users in plain text password and group files. Similar functionality and greater scalability is - provided by mod_auth_dbm. HTTP Digest + provided by mod_auth_dbm. HTTP Digest Authentication is provided by mod_auth_digest.

@@ -45,19 +45,19 @@ of user groups for authentication colon, followed by the member usernames separated by spaces. Example:

-mygroup: bob joe anne + mygroup: bob joe anne

Note that searching large text files is very inefficient; AuthDBMGroupFile should be used instead.

-Security -

Make sure that the AuthGroupFile is stored outside - the document tree of the web-server; do not put it in - the directory that it protects. Otherwise, clients will be able - to download the AuthGroupFile.

- + Security +

Make sure that the AuthGroupFile is + stored outside the document tree of the web-server; do not + put it in the directory that it protects. Otherwise, clients will + be able to download the AuthGroupFile.

+ @@ -78,7 +78,7 @@ passwords for authentication with a slash), it is treated as relative to the ServerRoot.

-

Each line of the user file file contains a username followed by +

Each line of the user file contains a username followed by a colon, followed by the crypt() encrypted password. The behavior of multiple occurrences of the same user is undefined.

@@ -91,21 +91,22 @@ passwords for authentication

Create a password file 'Filename' with 'username' as the initial ID. It will prompt for the password:

-htpasswd -c Filename username + htpasswd -c Filename username -

Adds or modifies in password file 'Filename' the 'username':

-htpasswd Filename username2 +

Add or modify 'username' in the password file 'Filename':

+ htpasswd Filename username2

Note that searching large text files is very inefficient; AuthDBMUserFile should be used instead.

-Security

Make sure that the AuthUserFile is -stored outside the document tree of the web-server; do not -put it in the directory that it protects. Otherwise, clients will be -able to download the AuthUserFile.

 - + Security +

Make sure that the AuthUserFile is + stored outside the document tree of the web-server; do not + put it in the directory that it protects. Otherwise, clients will + be able to download the AuthUserFile.

+ @@ -120,9 +121,8 @@ passed to lower level modules AuthConfig - -This information has not been updated for Apache 2.0, which -uses a different system for module ordering. + This information has not been updated for Apache 2.0, which + uses a different system for module ordering.

Setting the AuthAuthoritative directive explicitly to 'off' allows for both @@ -158,10 +158,12 @@ uses a different system for module ordering. verify that this is really what you want; Generally it is easier to just secure a single .htpasswd file, than it is to secure a database such as mSQL. Make sure that the AuthUserFile is stored outside the - document tree of the web-server; do not put it in the - directory that it protects. Otherwise, clients will be able to - download the AuthUserFile. + module="mod_auth">AuthUserFile and the AuthGroupFile are stored outside the + document tree of the web-server; do not put them in the + directory that they protect. Otherwise, clients will be able to + download the AuthUserFile + and the AuthGroupFile. -- 2.50.1