From 98423d4728e445a42944aa2601dd932dfc6ffbb2 Mon Sep 17 00:00:00 2001 From: Jeff Trawick Date: Mon, 19 Aug 2013 13:57:47 +0000 Subject: [PATCH] 'make docs' xforms, adding new mod_authnz_fcgi files git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1515423 13f79535-47bb-0310-9956-ffa450edef68 --- docs/manual/mod/allmodules.xml | 1 + docs/manual/mod/allmodules.xml.de | 1 + docs/manual/mod/allmodules.xml.es | 1 + docs/manual/mod/allmodules.xml.fr | 1 + docs/manual/mod/allmodules.xml.ja | 1 + docs/manual/mod/allmodules.xml.ko | 1 + docs/manual/mod/allmodules.xml.tr | 1 + docs/manual/mod/allmodules.xml.zh-cn | 1 + docs/manual/mod/directives.html.de | 2 + docs/manual/mod/directives.html.en | 2 + docs/manual/mod/directives.html.es | 2 + docs/manual/mod/directives.html.ja.utf8 | 2 + docs/manual/mod/directives.html.ko.euc-kr | 2 + docs/manual/mod/directives.html.tr.utf8 | 2 + docs/manual/mod/directives.html.zh-cn | 2 + docs/manual/mod/event.html.fr | 12 +- docs/manual/mod/event.xml.meta | 2 +- docs/manual/mod/index.html.de | 2 + docs/manual/mod/index.html.en | 2 + docs/manual/mod/index.html.es | 2 + docs/manual/mod/index.html.fr | 2 + docs/manual/mod/index.html.ja.utf8 | 2 + docs/manual/mod/index.html.ko.euc-kr | 2 + docs/manual/mod/index.html.tr.utf8 | 2 + docs/manual/mod/index.html.zh-cn | 2 + docs/manual/mod/mod_auth_basic.html.fr | 77 ++- docs/manual/mod/mod_auth_basic.xml.meta | 2 +- docs/manual/mod/mod_authnz_fcgi.html | 5 + docs/manual/mod/mod_authnz_fcgi.html.en | 570 ++++++++++++++++++ docs/manual/mod/mod_authnz_fcgi.xml.meta | 12 + docs/manual/mod/mod_negotiation.html.en | 2 +- docs/manual/mod/mod_negotiation.html.fr | 2 + docs/manual/mod/mod_negotiation.xml.fr | 2 +- docs/manual/mod/mod_negotiation.xml.ja | 2 +- docs/manual/mod/mod_negotiation.xml.meta | 2 +- docs/manual/mod/quickreference.html.de | 6 + docs/manual/mod/quickreference.html.en | 6 + docs/manual/mod/quickreference.html.es | 6 + docs/manual/mod/quickreference.html.ja.utf8 | 6 + docs/manual/mod/quickreference.html.ko.euc-kr | 6 + docs/manual/mod/quickreference.html.tr.utf8 | 6 + docs/manual/mod/quickreference.html.zh-cn | 6 + docs/manual/sitemap.html.de | 1 + docs/manual/sitemap.html.en | 1 + docs/manual/sitemap.html.es | 1 + docs/manual/sitemap.html.fr | 1 + docs/manual/sitemap.html.ja.utf8 | 1 + docs/manual/sitemap.html.ko.euc-kr | 1 + docs/manual/sitemap.html.tr.utf8 | 1 + docs/manual/sitemap.html.zh-cn | 1 + docs/manual/upgrading.html.fr | 7 +- docs/manual/upgrading.xml.meta | 2 +- docs/manual/vhosts/name-based.html.en | 4 +- docs/manual/vhosts/name-based.html.fr | 2 + docs/manual/vhosts/name-based.xml.de | 2 +- docs/manual/vhosts/name-based.xml.fr | 2 +- docs/manual/vhosts/name-based.xml.ja | 2 +- docs/manual/vhosts/name-based.xml.ko | 2 +- docs/manual/vhosts/name-based.xml.meta | 2 +- docs/manual/vhosts/name-based.xml.tr | 2 +- 60 files changed, 779 insertions(+), 26 deletions(-) create mode 100644 docs/manual/mod/mod_authnz_fcgi.html create mode 100644 docs/manual/mod/mod_authnz_fcgi.html.en create mode 100644 docs/manual/mod/mod_authnz_fcgi.xml.meta diff --git a/docs/manual/mod/allmodules.xml b/docs/manual/mod/allmodules.xml index ea184375c1..002359e979 100644 --- a/docs/manual/mod/allmodules.xml +++ b/docs/manual/mod/allmodules.xml @@ -18,6 +18,7 @@ mod_authn_dbm.xml mod_authn_file.xml mod_authn_socache.xml + mod_authnz_fcgi.xml mod_authnz_ldap.xml mod_authz_core.xml mod_authz_dbd.xml diff --git a/docs/manual/mod/allmodules.xml.de b/docs/manual/mod/allmodules.xml.de index 22c1813b2e..c66dec5d2b 100644 --- a/docs/manual/mod/allmodules.xml.de +++ b/docs/manual/mod/allmodules.xml.de @@ -18,6 +18,7 @@ mod_authn_dbm.xml mod_authn_file.xml mod_authn_socache.xml + mod_authnz_fcgi.xml mod_authnz_ldap.xml mod_authz_core.xml mod_authz_dbd.xml diff --git a/docs/manual/mod/allmodules.xml.es b/docs/manual/mod/allmodules.xml.es index c7dcbe747d..dddff5a5dc 100644 --- a/docs/manual/mod/allmodules.xml.es +++ b/docs/manual/mod/allmodules.xml.es @@ -18,6 +18,7 @@ mod_authn_dbm.xml mod_authn_file.xml mod_authn_socache.xml + mod_authnz_fcgi.xml mod_authnz_ldap.xml mod_authz_core.xml mod_authz_dbd.xml diff --git a/docs/manual/mod/allmodules.xml.fr b/docs/manual/mod/allmodules.xml.fr index 1432ad92db..0f9c7a22e1 100644 --- a/docs/manual/mod/allmodules.xml.fr +++ b/docs/manual/mod/allmodules.xml.fr @@ -18,6 +18,7 @@ mod_authn_dbm.xml mod_authn_file.xml.fr mod_authn_socache.xml + mod_authnz_fcgi.xml mod_authnz_ldap.xml.fr mod_authz_core.xml mod_authz_dbd.xml diff --git a/docs/manual/mod/allmodules.xml.ja b/docs/manual/mod/allmodules.xml.ja index 2d4031ecec..7558840d36 100644 --- a/docs/manual/mod/allmodules.xml.ja +++ b/docs/manual/mod/allmodules.xml.ja @@ -18,6 +18,7 @@ mod_authn_dbm.xml.ja mod_authn_file.xml.ja mod_authn_socache.xml + mod_authnz_fcgi.xml mod_authnz_ldap.xml mod_authz_core.xml mod_authz_dbd.xml diff --git a/docs/manual/mod/allmodules.xml.ko b/docs/manual/mod/allmodules.xml.ko index 94e4ec8f81..e523aebe75 100644 --- a/docs/manual/mod/allmodules.xml.ko +++ b/docs/manual/mod/allmodules.xml.ko @@ -18,6 +18,7 @@ mod_authn_dbm.xml.ko mod_authn_file.xml.ko mod_authn_socache.xml + mod_authnz_fcgi.xml mod_authnz_ldap.xml mod_authz_core.xml mod_authz_dbd.xml diff --git a/docs/manual/mod/allmodules.xml.tr b/docs/manual/mod/allmodules.xml.tr index 2a6487050f..62a02d90e3 100644 --- a/docs/manual/mod/allmodules.xml.tr +++ b/docs/manual/mod/allmodules.xml.tr @@ -18,6 +18,7 @@ mod_authn_dbm.xml mod_authn_file.xml mod_authn_socache.xml + mod_authnz_fcgi.xml mod_authnz_ldap.xml mod_authz_core.xml mod_authz_dbd.xml diff --git a/docs/manual/mod/allmodules.xml.zh-cn b/docs/manual/mod/allmodules.xml.zh-cn index ea184375c1..002359e979 100644 --- a/docs/manual/mod/allmodules.xml.zh-cn +++ b/docs/manual/mod/allmodules.xml.zh-cn @@ -18,6 +18,7 @@ mod_authn_dbm.xml mod_authn_file.xml mod_authn_socache.xml + mod_authnz_fcgi.xml mod_authnz_ldap.xml mod_authz_core.xml mod_authz_dbd.xml diff --git a/docs/manual/mod/directives.html.de b/docs/manual/mod/directives.html.de index 6b338dda1d..7775c63e18 100644 --- a/docs/manual/mod/directives.html.de +++ b/docs/manual/mod/directives.html.de @@ -141,6 +141,8 @@
  • AuthnCacheSOCache
  • AuthnCacheTimeout
  • <AuthnProviderAlias>
    • +
  • AuthnzFcgiCheckAuthnProvider
    • +
  • AuthnzFcgiDefineProvider
  • AuthType
  • AuthUserFile
  • AuthzDBDLoginToReferer
    • diff --git a/docs/manual/mod/directives.html.en b/docs/manual/mod/directives.html.en index 6164b8089a..12d512b4bb 100644 --- a/docs/manual/mod/directives.html.en +++ b/docs/manual/mod/directives.html.en @@ -142,6 +142,8 @@
  • AuthnCacheSOCache
  • AuthnCacheTimeout
  • <AuthnProviderAlias>
    • +
  • AuthnzFcgiCheckAuthnProvider
    • +
  • AuthnzFcgiDefineProvider
  • AuthType
  • AuthUserFile
  • AuthzDBDLoginToReferer
    • diff --git a/docs/manual/mod/directives.html.es b/docs/manual/mod/directives.html.es index c6e615705b..4e447b4781 100644 --- a/docs/manual/mod/directives.html.es +++ b/docs/manual/mod/directives.html.es @@ -144,6 +144,8 @@
  • AuthnCacheSOCache
  • AuthnCacheTimeout
  • <AuthnProviderAlias>
    • +
  • AuthnzFcgiCheckAuthnProvider
    • +
  • AuthnzFcgiDefineProvider
  • AuthType
  • AuthUserFile
  • AuthzDBDLoginToReferer
    • diff --git a/docs/manual/mod/directives.html.ja.utf8 b/docs/manual/mod/directives.html.ja.utf8 index a85b5b5ec9..b6a53b94e1 100644 --- a/docs/manual/mod/directives.html.ja.utf8 +++ b/docs/manual/mod/directives.html.ja.utf8 @@ -139,6 +139,8 @@
  • AuthnCacheSOCache
  • AuthnCacheTimeout
  • <AuthnProviderAlias>
    • +
  • AuthnzFcgiCheckAuthnProvider
    • +
  • AuthnzFcgiDefineProvider
  • AuthType
  • AuthUserFile
  • AuthzDBDLoginToReferer
    • diff --git a/docs/manual/mod/directives.html.ko.euc-kr b/docs/manual/mod/directives.html.ko.euc-kr index f35c108ff7..6ae2237cdc 100644 --- a/docs/manual/mod/directives.html.ko.euc-kr +++ b/docs/manual/mod/directives.html.ko.euc-kr @@ -139,6 +139,8 @@
  • AuthnCacheSOCache
  • AuthnCacheTimeout
  • <AuthnProviderAlias>
    • +
  • AuthnzFcgiCheckAuthnProvider
    • +
  • AuthnzFcgiDefineProvider
  • AuthType
  • AuthUserFile
  • AuthzDBDLoginToReferer
    • diff --git a/docs/manual/mod/directives.html.tr.utf8 b/docs/manual/mod/directives.html.tr.utf8 index dae9b3f966..729f59f6fe 100644 --- a/docs/manual/mod/directives.html.tr.utf8 +++ b/docs/manual/mod/directives.html.tr.utf8 @@ -138,6 +138,8 @@
  • AuthnCacheSOCache
  • AuthnCacheTimeout
  • <AuthnProviderAlias>
    • +
  • AuthnzFcgiCheckAuthnProvider
    • +
  • AuthnzFcgiDefineProvider
  • AuthType
  • AuthUserFile
  • AuthzDBDLoginToReferer
    • diff --git a/docs/manual/mod/directives.html.zh-cn b/docs/manual/mod/directives.html.zh-cn index f44fd63516..8616a5e34c 100644 --- a/docs/manual/mod/directives.html.zh-cn +++ b/docs/manual/mod/directives.html.zh-cn @@ -137,6 +137,8 @@
  • AuthnCacheSOCache
  • AuthnCacheTimeout
  • <AuthnProviderAlias>
    • +
  • AuthnzFcgiCheckAuthnProvider
    • +
  • AuthnzFcgiDefineProvider
  • AuthType
  • AuthUserFile
  • AuthzDBDLoginToReferer
    • diff --git a/docs/manual/mod/event.html.fr b/docs/manual/mod/event.html.fr index 17f5e737d0..4a6c5446a6 100644 --- a/docs/manual/mod/event.html.fr +++ b/docs/manual/mod/event.html.fr @@ -27,8 +27,6 @@

    Langues Disponibles:  en  |  fr 

    -
    Cette traduction peut être périmée. Vérifiez la version - anglaise pour les changements récents.
    @@ -110,6 +108,16 @@ mobiliser des threads que pour les connexions en cours de traitement réserve un thread par connexion. Tous les modules fournis avec le serveur sont compatibles avec le MPM event.

    +

    Une restriction similaire existe pour les requêtes qui utilisent + un filtre en sortie qui doit lire et/ou modifier l'ensemble du corps + de réponse, comme dans le cas de mod_ssl, mod_deflate, ou + mod_include. Si la connexion avec le client se bloque pendant que le + filtre traite les données, et si la quantité de données générée par + ce filtre est trop importante pour être mise en tampon mémoire, le + thread utilisé pour la requête n'est pas libéré pendant que httpd + attend que toutes les données restantes aient été transmises au + client.

    +

    Le MPM présuppose que l'implémentation apr_pollset sous-jacente est raisonnablement sûre du point de vue des threads. Ceci permet au MPM d'éviter un verrouillage de haut niveau excessif, diff --git a/docs/manual/mod/event.xml.meta b/docs/manual/mod/event.xml.meta index 58ce5cc073..7b7fc287cf 100644 --- a/docs/manual/mod/event.xml.meta +++ b/docs/manual/mod/event.xml.meta @@ -8,6 +8,6 @@ en - fr + fr diff --git a/docs/manual/mod/index.html.de b/docs/manual/mod/index.html.de index bf98d1db04..f087241455 100644 --- a/docs/manual/mod/index.html.de +++ b/docs/manual/mod/index.html.de @@ -93,6 +93,8 @@ HTTP headers

    mod_authn_file
    User authentication using text files
    mod_authn_socache
    Manages a cache of authentication credentials to relieve the load on backends
    +
    mod_authnz_fcgi
    Allows a FastCGI authorizer application to handle Apache +httpd authentication and authorization
    mod_authnz_ldap
    Allows an LDAP directory to be used to store the database for HTTP Basic authentication.
    mod_authz_core
    Core Authorization
    diff --git a/docs/manual/mod/index.html.en b/docs/manual/mod/index.html.en index 3c218eada1..5545683cd1 100644 --- a/docs/manual/mod/index.html.en +++ b/docs/manual/mod/index.html.en @@ -89,6 +89,8 @@ HTTP headers
    mod_authn_file
    User authentication using text files
    mod_authn_socache
    Manages a cache of authentication credentials to relieve the load on backends
    +
    mod_authnz_fcgi
    Allows a FastCGI authorizer application to handle Apache +httpd authentication and authorization
    mod_authnz_ldap
    Allows an LDAP directory to be used to store the database for HTTP Basic authentication.
    mod_authz_core
    Core Authorization
    diff --git a/docs/manual/mod/index.html.es b/docs/manual/mod/index.html.es index 57f740a252..2055b58d28 100644 --- a/docs/manual/mod/index.html.es +++ b/docs/manual/mod/index.html.es @@ -94,6 +94,8 @@ HTTP headers
    mod_authn_file
    User authentication using text files
    mod_authn_socache
    Manages a cache of authentication credentials to relieve the load on backends
    +
    mod_authnz_fcgi
    Allows a FastCGI authorizer application to handle Apache +httpd authentication and authorization
    mod_authnz_ldap
    Allows an LDAP directory to be used to store the database for HTTP Basic authentication.
    mod_authz_core
    Core Authorization
    diff --git a/docs/manual/mod/index.html.fr b/docs/manual/mod/index.html.fr index e0a0a6c854..4d4dacd960 100644 --- a/docs/manual/mod/index.html.fr +++ b/docs/manual/mod/index.html.fr @@ -89,6 +89,8 @@ MD5 texte
    mod_authn_socache
    Manages a cache of authentication credentials to relieve the load on backends
    +
    mod_authnz_fcgi
    Allows a FastCGI authorizer application to handle Apache +httpd authentication and authorization
    mod_authnz_ldap
    Permet d'utiliser un annuaire LDAP pour l'authentification HTTP de base.
    mod_authz_core
    Core Authorization
    diff --git a/docs/manual/mod/index.html.ja.utf8 b/docs/manual/mod/index.html.ja.utf8 index 05bb94d4a6..35bdc8b0df 100644 --- a/docs/manual/mod/index.html.ja.utf8 +++ b/docs/manual/mod/index.html.ja.utf8 @@ -87,6 +87,8 @@ CGI スクリプトを実行する機能を提供
    mod_authn_file
    テキストファイルを用いたユーザ認証
    mod_authn_socache
    Manages a cache of authentication credentials to relieve the load on backends
    +
    mod_authnz_fcgi
    Allows a FastCGI authorizer application to handle Apache +httpd authentication and authorization
    mod_authnz_ldap
    Allows an LDAP directory to be used to store the database for HTTP Basic authentication.
    mod_authz_core
    Core Authorization
    diff --git a/docs/manual/mod/index.html.ko.euc-kr b/docs/manual/mod/index.html.ko.euc-kr index c15b32054b..115e5e18b6 100644 --- a/docs/manual/mod/index.html.ko.euc-kr +++ b/docs/manual/mod/index.html.ko.euc-kr @@ -86,6 +86,8 @@ address)
    mod_authn_file
    ¹®ÀÚÆÄÀÏÀ» ÀÌ¿ëÇÑ »ç¿ëÀÚ ÀÎÁõ
    mod_authn_socache
    Manages a cache of authentication credentials to relieve the load on backends
    +
    mod_authnz_fcgi
    Allows a FastCGI authorizer application to handle Apache +httpd authentication and authorization
    mod_authnz_ldap
    Allows an LDAP directory to be used to store the database for HTTP Basic authentication.
    mod_authz_core
    Core Authorization
    diff --git a/docs/manual/mod/index.html.tr.utf8 b/docs/manual/mod/index.html.tr.utf8 index 22a87c1e1d..c6c1ecdac3 100644 --- a/docs/manual/mod/index.html.tr.utf8 +++ b/docs/manual/mod/index.html.tr.utf8 @@ -85,6 +85,8 @@ HTTP headers
    mod_authn_file
    User authentication using text files
    mod_authn_socache
    Manages a cache of authentication credentials to relieve the load on backends
    +
    mod_authnz_fcgi
    Allows a FastCGI authorizer application to handle Apache +httpd authentication and authorization
    mod_authnz_ldap
    Allows an LDAP directory to be used to store the database for HTTP Basic authentication.
    mod_authz_core
    Core Authorization
    diff --git a/docs/manual/mod/index.html.zh-cn b/docs/manual/mod/index.html.zh-cn index 2b13e37d59..5212ac69bd 100644 --- a/docs/manual/mod/index.html.zh-cn +++ b/docs/manual/mod/index.html.zh-cn @@ -84,6 +84,8 @@ HTTP headers
    mod_authn_file
    User authentication using text files
    mod_authn_socache
    Manages a cache of authentication credentials to relieve the load on backends
    +
    mod_authnz_fcgi
    Allows a FastCGI authorizer application to handle Apache +httpd authentication and authorization
    mod_authnz_ldap
    Allows an LDAP directory to be used to store the database for HTTP Basic authentication.
    mod_authz_core
    Core Authorization
    diff --git a/docs/manual/mod/mod_auth_basic.html.fr b/docs/manual/mod/mod_auth_basic.html.fr index d29b652140..192666c5cb 100644 --- a/docs/manual/mod/mod_auth_basic.html.fr +++ b/docs/manual/mod/mod_auth_basic.html.fr @@ -29,8 +29,6 @@  ja  |  ko 

    -
    Cette traduction peut être périmée. Vérifiez la version - anglaise pour les changements récents.
    Description:Une variante du MPM worker conçue pour ne mobiliser des threads que pour les connexions en cours de traitement
    Statut:MPM
    @@ -210,8 +208,8 @@ cette zone du site web
    top

    AuthBasicUseDigestAlgorithm Directive

    Description:Authentification HTTP de base
    Statut:Base
    Identificateur de Module:auth_basic_module
    - @@ -219,9 +217,74 @@ Digest Authentication was in force instead of Basic Authentication. -
    Description:Check passwords against the authentication providers as if -Digest Authentication was in force instead of Basic Authentication. +
    Description:Vérifie les mots de passe auprès des fournisseurs +d'authentification à la manière de l'authentification de type Digest.
    Syntaxe:AuthBasicUseDigestAlgorithm MD5|Off
    Défaut:AuthBasicUseDigestAlgorithm Off
    AllowOverride:AuthConfig
    Statut:Base
    Module:mod_auth_basic

    La documentation de cette directive - n'a pas encore t traduite. Veuillez vous reporter la version - en langue anglaise.

    + +

    Normalement, lorsqu'on utilise l'authentification basique, les + fournisseurs spécifiés via la directive AuthBasicProvider tentent de + contrôler l'identité d'un utilisateur en recherchant dans leurs + bases de données l'existence d'un couple utilisateur/mot de passe + correspondant. Les mots de passe enregistrés sont en général + chiffrés, mais ce n'est pas systématique ; chaque fournisseur peut + choisir son propre mode de stockage des mots de passe.

    + +

    Lorsqu'on utilise l'authentification de type Digest, les + fournisseurs spécifiés par la directive AuthDigestProvider effectuent + une recherche similaire dans leurs bases de + données pour trouver un couple utilisateur/mot de passe + correspondant. Cependant, à la différence de l'authentification + basique, les données associées à chaque utilisateur et comportant le + nom d'utilisateur, le domaine de protection (realm) et le mot de + passe doivent être contenues dans une chaîne chiffrée (Voir le + document RFC 2617, + Section 3.2.2.2 pour plus de détails à propos du type de + chiffrement utilisé pour cette chaîne).

    + +

    A cause de la différence entre les méthodes de stockage des + données des authentifications de type basique et digest, le passage + d'une méthode d'authentification de type digest à une méthode + d'authentification de type basique requiert l'attribution de + nouveaux + mots de passe à chaque utilisateur, car leur mots de passe existant + ne peut pas être extrait à partir du schéma de stockage utilisé + par les fournisseurs d'authentification de type digest.

    + +

    Si la directive AuthBasicUseDigestAlgorithm est + définie à la valeur MD5, le mot de passe d'un + utilisateur dans le cas de l'authentification basique sera vérifié + en utilisant le même format de chiffrement que dans le cas de + l'authentification de type digest. Tout d'abord, une chaîne + comportant le nom d'utilisateur, le domaine de protection (realm) et + le mot de passe est générée sous forme de condensé (hash) en + utilisant l'algorithme MD5 ; puis le nom d'utilisateur et cette + chaîne chiffrée sont transmis aux fournisseurs spécifiés via la + directive AuthBasicProvider comme si la + directive AuthType + était définie à Digest et si l'authentification de type + Digest était utilisée. +

    + +

    Grâce à cette directive, un site peut basculer d'une + authentification de type digest à basique sans devoir changer les + mots de passe des utilisateurs.

    + +
    + Le processus inverse consistant à passer d'une authentification de + type basique à digest sans changer les mots de passe n'est en + général pas possible. Les mots de passe enregistrés dans le cas + d'une authentification de type basique ne pourront être extraits + et chiffrés à nouveau selon le schéma de l'authentification de + type digest, que s'ils ont été stockés en clair ou selon un schéma de + chiffrement réversible. +
    + +
    + Seuls les fournisseurs qui supportent l'authentification de type + digest pourront authentifier les utilisateurs lorsque la directive + AuthBasicUseDigestAlgorithm + est définie à MD5. L'utilisation d'un autre + fournisseur provoquera un message d'erreur et le client se verra + refuser l'accès.
    + +

    Langues Disponibles:  en  | diff --git a/docs/manual/mod/mod_auth_basic.xml.meta b/docs/manual/mod/mod_auth_basic.xml.meta index 6418e97753..dd48206a0e 100644 --- a/docs/manual/mod/mod_auth_basic.xml.meta +++ b/docs/manual/mod/mod_auth_basic.xml.meta @@ -8,7 +8,7 @@ en - fr + fr ja ko diff --git a/docs/manual/mod/mod_authnz_fcgi.html b/docs/manual/mod/mod_authnz_fcgi.html new file mode 100644 index 0000000000..b45dc4a8ae --- /dev/null +++ b/docs/manual/mod/mod_authnz_fcgi.html @@ -0,0 +1,5 @@ +# GENERATED FROM XML -- DO NOT EDIT + +URI: mod_authnz_fcgi.html.en +Content-Language: en +Content-type: text/html; charset=ISO-8859-1 diff --git a/docs/manual/mod/mod_authnz_fcgi.html.en b/docs/manual/mod/mod_authnz_fcgi.html.en new file mode 100644 index 0000000000..ac42a7a16b --- /dev/null +++ b/docs/manual/mod/mod_authnz_fcgi.html.en @@ -0,0 +1,570 @@ + + + +mod_authnz_fcgi - Apache HTTP Server + + + + + + + +

    +

    Modules | Directives | FAQ | Glossary | Sitemap

    +

    Apache HTTP Server Version 2.5

    +
    +
    <-
    + +
    +

    Apache Module mod_authnz_fcgi

    +
    +

    Available Languages:  en 

    +
    + + + +
    Description:Allows a FastCGI authorizer application to handle Apache +httpd authentication and authorization
    Status:Extension
    Module Identifier:authnz_fcgi_module
    Source File:mod_authnz_fcgi.c
    +

    Summary

    + +

    This module allows FastCGI authorizer applications to + authenticate users and authorize access to resources. It supports + generic FastCGI authorizers which participate in a single phase + for authentication and authorization as well as Apache httpd-specific + authenticators and authorizors which participate in one or both + phases.

    + +

    FastCGI authorizers can authenticate using user id and password, + such as for Basic authentication, or can authenticate using arbitrary + mechanisms.

    +
    + +
    top
    +
    +

    Invocation modes

    + +

    The invocation modes for FastCGI authorizers supported by this + module are distinguished by two characteristics, type and + auth mechanism.

    + +

    Type is simply authn for authentication, + authz for authorization, or authnz for + combined authentication and authorization.

    + +

    Auth mechanism refers to the Apache httpd configuration + mechanisms and processing phases, and can be + AuthBasicProvider, Require, or + check_user_id. The first two of these + correspond to the directives used to enable participation in the + appropriate processing phase.

    + +

    Descriptions of each mode:

    + +
    +
    Type authn, mechanism + AuthBasicProvider
    + +
    In this mode, + FCGI_ROLE is set to AUTHORIZER and + FCGI_APACHE_ROLE is set to AUTHENTICATOR. + The application must be defined as provider type authn + using + AuthnzFcgiDefineProvider and enabled with + AuthBasicProvider. + When invoked, the application is + expected to authenticate the client using the provided user id and + password. Example application: + +
    +#!/usr/bin/perl
+use FCGI;
+while (FCGI::accept >= 0) {
+    die if $ENV{'FCGI_APACHE_ROLE'} ne "AUTHENTICATOR";
+    die if $ENV{'FCGI_ROLE'}        ne "AUTHORIZER";
+    die if !$ENV{'REMOTE_PASSWD'};
+    die if !$ENV{'REMOTE_USER'};
+
+    print STDERR "This text is written to the web server error log.\n";
+
+    if ( ($ENV{'REMOTE_USER' } eq "foo" || $ENV{'REMOTE_USER'} eq "foo1") &&
+        $ENV{'REMOTE_PASSWD'} eq "bar" ) {
+        print "Status: 200\n";
+        print "Variable-AUTHN_1: authn_01\n";
+        print "Variable-AUTHN_2: authn_02\n";
+        print "\n";
+    }
+    else {
+        print "Status: 401\n\n";
+    }
+}
+
    + + + Example configuration: +
    +AuthnzFcgiDefineProvider authn FooAuthn fcgi://localhost:10102/
+<Location /protected/>
+  AuthType Basic
+  AuthName "Restricted"
+  AuthBasicProvider FooAuthn
+  Require ...
+</Location>
+
    + +
    + +
    Type authz, mechanism + Require
    +
    In this mode, FCGI_ROLE is set to + AUTHORIZER and FCGI_APACHE_ROLE is set to + AUTHORIZER. The application must be defined as + provider type authz using + AuthnzFcgiDefineProvider. When invoked, the application + is expected to authorize the client using the provided user id and other + request data. Example application: +
    +#!/usr/bin/perl
+use FCGI;
+while (FCGI::accept >= 0) {
+    die if $ENV{'FCGI_APACHE_ROLE'} ne "AUTHORIZER";
+    die if $ENV{'FCGI_ROLE'}        ne "AUTHORIZER";
+    die if $ENV{'REMOTE_PASSWD'};
+
+    print STDERR "This text is written to the web server error log.\n";
+
+    if ($ENV{'REMOTE_USER'} eq "foo1") {
+        print "Status: 200\n";
+        print "Variable-AUTHZ_1: authz_01\n";
+        print "Variable-AUTHZ_2: authz_02\n";
+        print "\n";
+    }
+    else {
+        print "Status: 403\n\n";
+    }
+}
+
    + + + Example configuration: +
    +AuthnzFcgiDefineProvider authz FooAuthz fcgi://localhost:10103/
+<Location /protected/>
+  AuthType ...
+  AuthName ...
+  AuthBasicProvider ...
+  Require FooAuthz
+</Location>
+
    + +
    + +
    Type authnz, mechanism + AuthBasicProvider + Require
    + +
    In this mode, which supports the web server-agnostic FastCGI + AUTHORIZER protocol, FCGI_ROLE is set to + AUTHORIZER and FCGI_APACHE_ROLE is not set. + The application must be defined as provider type authnz + using + AuthnzFcgiDefineProvider. The application is expected to + handle both authentication and authorization in the same invocation + using the user id, password, and other request data. The invocation + occurs during the Apache httpd API authentication phase. If the + application returns 200 and the same provider is invoked during the + authorization phase (via Require), mod_authnz_fcgi + will return success for the authorization phase without invoking the + application. Example application: +
    +#!/usr/bin/perl
+use FCGI;
+while (FCGI::accept >= 0) {
+    die if $ENV{'FCGI_APACHE_ROLE'};
+    die if $ENV{'FCGI_ROLE'} ne "AUTHORIZER";
+    die if !$ENV{'REMOTE_PASSWD'};
+    die if !$ENV{'REMOTE_USER'};
+
+    print STDERR "This text is written to the web server error log.\n";
+
+    if ( ($ENV{'REMOTE_USER' } eq "foo" || $ENV{'REMOTE_USER'} eq "foo1") &&
+        $ENV{'REMOTE_PASSWD'} eq "bar" &&
+        $ENV{'REQUEST_URI'} =~ m%/bar/.*%) {
+        print "Status: 200\n";
+        print "Variable-AUTHNZ_1: authnz_01\n";
+        print "Variable-AUTHNZ_2: authnz_02\n";
+        print "\n";
+    }
+    else {
+        print "Status: 401\n\n";
+    }
+}
+
    + + + Example configuration: +
    +AuthnzFcgiDefineProvider authnz FooAuthnz fcgi://localhost:10103/
+<Location /protected/>
+  AuthType Basic
+  AuthName "Restricted"
+  AuthBasicProvider FooAuthnz
+  Require FooAuthnz
+</Location>
+
    + +
    + +
    Type authn, mechanism + check_user_id
    + +
    In this mode, FCGI_ROLE is set to + AUTHORIZER and FCGI_APACHE_ROLE is set to + AUTHENTICATOR. The application must be defined as + provider type authn using + AuthnzFcgiDefineProvider. AuthnzFcgiCheckAuthnProvider + specifies when it is called. Example application: +
    +#!/usr/bin/perl
+use FCGI;
+while (FCGI::accept >= 0) {
+    die if $ENV{'FCGI_APACHE_ROLE'} ne "AUTHENTICATOR";
+    die if $ENV{'FCGI_ROLE'} ne "AUTHORIZER";
+
+    # This authorizer assumes that the RequireBasicAuth option of 
+    # AuthnzFcgiCheckAuthnProvider is On:
+    die if !$ENV{'REMOTE_PASSWD'};
+    die if !$ENV{'REMOTE_USER'};
+
+    print STDERR "This text is written to the web server error log.\n";
+
+    if ( ($ENV{'REMOTE_USER' } eq "foo" || $ENV{'REMOTE_USER'} eq "foo1") &&
+        $ENV{'REMOTE_PASSWD'} eq "bar" ) {
+        print "Status: 200\n";
+        print "Variable-AUTHNZ_1: authnz_01\n";
+        print "Variable-AUTHNZ_2: authnz_02\n";
+        print "\n";
+    }
+    else {
+        print "Status: 401\n\n";
+        # If a response body is written here, it will be returned to
+        # the client.
+    }
+}
+
    + + + Example configuration: +
    +AuthnzFcgiDefineProvider authn FooAuthn fcgi://localhost:10103/
+<Location /protected/>
+  AuthType ...
+  AuthName ...
+  AuthnzFcgiCheckAuthnProvider FooAuthn \
+                               Authoritative On \
+                               RequireBasicAuth Off \
+                               UserExpr "%{reqenv:REMOTE_USER}"
+  Require ...
+</Location>
+
    + +
    + +
    + +
    top
    +
    +

    Additional examples

    + +
      +
    1. If your application supports the separate authentication and + authorization roles (AUTHENTICATOR and AUTHORIZER), define + separate providers as follows, even if they map to the same + application: + +
      +AuthnzFcgiDefineProvider authn  FooAuthn  fcgi://localhost:10102/
+AuthnzFcgiDefineProvider authz  FooAuthz  fcgi://localhost:10102/
+
      + + + Specify the authn provider on + AuthBasicProvider + and the authz provider on + Require: + +
      +AuthType Basic
+AuthName "Restricted"
+AuthBasicProvider FooAuthn
+Require FooAuthz
+
      + +
      2. + +
    2. If your application supports the generic AUTHORIZER role + (authentication and authorizer in one invocation), define a + single provider as follows: + +
      +AuthnzFcgiDefineProvider authnz FooAuthnz fcgi://localhost:10103/
+
      + + + Specify the authnz provider on both AuthBasicProvider + and Require: + +
      +AuthType Basic
+AuthName "Restricted"
+AuthBasicProvider FooAuthnz
+Require FooAuthnz
+
      + +
      3. +
    +
    top
    +
    +

    Limitations

    + +

    The following are potential features which are not currently + implemented:

    + +
    +
    Apache httpd access checker
    +
    The Apache httpd API access check phase is a separate + phase from authentication and authorization. Some other FastCGI + implementations implement this phase, which is denoted by the + setting of FCGI_APACHE_ROLE to ACCESS_CHECKER.
    + +
    Local (Unix) sockets or pipes
    +
    Only TCP sockets are currently supported.
    + +
    Support for mod_authn_socache
    +
    mod_authn_socache interaction should be implemented for + applications which participate in Apache httpd-style + authentication.
    + +
    Support for digest authentication using AuthDigestProvider
    +
    This is expected to be a permanent limitation as there is + no authorizer flow for retrieving a hash.
    + +
    Application process management
    +
    This is expected to be permanently out of scope for + this module. Application processes must be controlled by + other means. For example, fcgistarter can be used to + start them.
    + +
    AP_AUTH_INTERNAL_PER_URI
    +
    All providers are currently registered as + AP_AUTH_INTERNAL_PER_CONF, which means that checks are not + performed again for internal subrequests with the same + access control configuration as the initial request.
    + +
    Protocol data charset conversion
    +
    If mod_authnz_fcgi runs in an EBCDIC compilation + environment, all FastCGI protocol data is written in EBCDIC + and expected to be received in EBCDIC.
    + +
    Multiple requests per connection
    +
    Currently the connection to the FastCGI authorizer is + closed after every phase of processing. For example, if the + authorizer handles separate authn and authz + phases then two connections will be used.
    + +
    + +
    top
    +
    +

    Logging

    + +
      +
    1. Processing errors are logged at log level error + and higher.
      2. +
    2. Messages written by the application are logged at log + level warn.
      3. +
    3. General messages for debugging are logged at log level + debug.
      4. +
    4. Environment variables passed to the application are + logged at log level trace2. The value of the + REMOTE_PASSWD variable will be obscured, + but any other sensitive data will be visible in the + log.
      5. +
    5. All I/O between the module and the FastCGI application, + including all environment variables, will be logged in printable + and hex format at log level trace5. All + sensitive data will be visible in the log.
      6. +
    + +

    LogLevel can be used + to configure a log level specific to mod_authnz_fcgi. For + example:

    + +
    +LogLevel info authnz_fcgi:trace8
+
    + + +
    +
    top
    +

    AuthnzFcgiCheckAuthnProvider Directive

    + + + + + + + +
    Description:Enables a FastCGI application to handle the check_authn +authentication hook.
    Syntax:AuthnzFcgiCheckAuthnProvider provider-name|None +option ...
    Default:none
    Context:directory
    Status:Extension
    Module:mod_authnz_fcgi
    +

    This directive is used to enable a FastCGI authorizer to + handle a specific processing phase of authentication or + authorization.

    + +

    Some capabilities of FastCGI authorizers require enablement + using this directive instead of + AuthBasicProvider:

    + +
      +
    • Non-Basic authentication; generally, determining the user + id of the client and returning it from the authorizer; see the + UserExpr option below
      • +
    • Selecting a custom response code; for a non-200 response + from the authorizer, the code from the authorizer will be the + status of the response
      • +
    • Setting the body of a non-200 response; if the authorizer + provides a response body with a non-200 response, that body + will be returned to the client; up to 8192 bytes of text are + supported
      • +
    + +
    +
    provider-name
    +
    This is the name of a provider defined with + AuthnzFcgiDefineProvider.
    + +
    None
    +
    Specify None to disable a provider enabled + with this directive in an outer scope, such as in a parent + directory.
    + +
    option
    +
    The following options are supported: + +
    +
    Authoritative On|Off (default On)
    +
    This controls whether or not other modules are allowed + to run when this module has a FastCGI authorizer configured + and it fails the request.
    + +
    RequireBasicAuth On|Off (default Off)
    +
    This controls whether or not Basic auth is required + before passing the request to the authorizer. If required, + the authorizer won't be invoked without a user id and + password; 401 will be returned for a request without that.
    + +
    UserExpr expr (no default)
    +
    When Basic authentication isn't provided by the client + and the authorizer determines the user, this expression, + evaluated after calling the authorizer, determines the + user. The expression follows + ap_expr syntax and must resolve to a string. A typical + use is to reference a Variable-XXX + setting returned by the authorizer using an option like + UserExpr "%{reqenv:XXX}". If + this option is specified and the user id can't be retrieved + using the expression after a successful authentication, the + request will be rejected with a 500 error.
    + +
    +
    +
    + +
    +
    top
    +

    AuthnzFcgiDefineProvider Directive

    + + + + + + + +
    Description:Defines a FastCGI application as a provider for +authentication and/or authorization
    Syntax:AuthnzFcgiDefineProvider type provider-name +backend-address
    Default:none
    Context:server config
    Status:Extension
    Module:mod_authnz_fcgi
    +

    This directive is used to define a FastCGI application as + a provider for a particular phase of authentication or + authorization.

    + +
    +
    type
    +
    This must be set to authn for authentication, + authz for authentication, or authnz for + a generic FastCGI authorizer which performs both checks.
    + +
    provider-name
    +
    This is used to assign a name to the provider which is + used in other directives such as + AuthBasicProvider + and + Require.
    + +
    backend-address
    +
    This specifies the address of the application, in the form + fcgi://hostname:port/. The application process(es) + must be managed independently, such as with + fcgistarter.
    +
    + +
    +
    +
    +

    Available Languages:  en 

    +
    top

    Comments

    Notice:
    This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our mailing lists.
    +
    + \ No newline at end of file diff --git a/docs/manual/mod/mod_authnz_fcgi.xml.meta b/docs/manual/mod/mod_authnz_fcgi.xml.meta new file mode 100644 index 0000000000..9ce87949f2 --- /dev/null +++ b/docs/manual/mod/mod_authnz_fcgi.xml.meta @@ -0,0 +1,12 @@ + + + + + mod_authnz_fcgi + /mod/ + .. + + + en + + diff --git a/docs/manual/mod/mod_negotiation.html.en b/docs/manual/mod/mod_negotiation.html.en index 7fb2791efd..ee824f33b4 100644 --- a/docs/manual/mod/mod_negotiation.html.en +++ b/docs/manual/mod/mod_negotiation.html.en @@ -207,7 +207,7 @@ Negotiation continue negotiating with the explicit type map.

    Other configuration directives, such as Alias can be used to map document.html to - document.html.var

    . + document.html.var.

    top
    diff --git a/docs/manual/mod/mod_negotiation.html.fr b/docs/manual/mod/mod_negotiation.html.fr index ab0bb1fd71..3e83d226a6 100644 --- a/docs/manual/mod/mod_negotiation.html.fr +++ b/docs/manual/mod/mod_negotiation.html.fr @@ -28,6 +28,8 @@  fr  |  ja 

    +
    Cette traduction peut être périmée. Vérifiez la version + anglaise pour les changements récents.
    diff --git a/docs/manual/mod/mod_negotiation.xml.fr b/docs/manual/mod/mod_negotiation.xml.fr index 044c981951..20f8799ec4 100644 --- a/docs/manual/mod/mod_negotiation.xml.fr +++ b/docs/manual/mod/mod_negotiation.xml.fr @@ -1,7 +1,7 @@ - + diff --git a/docs/manual/mod/mod_negotiation.xml.ja b/docs/manual/mod/mod_negotiation.xml.ja index 22c08d09f6..7ac8bded06 100644 --- a/docs/manual/mod/mod_negotiation.xml.ja +++ b/docs/manual/mod/mod_negotiation.xml.ja @@ -1,7 +1,7 @@ - + + + diff --git a/docs/manual/vhosts/name-based.xml.ja b/docs/manual/vhosts/name-based.xml.ja index 8b3ffe6b5f..3b7a57611b 100644 --- a/docs/manual/vhosts/name-based.xml.ja +++ b/docs/manual/vhosts/name-based.xml.ja @@ -1,7 +1,7 @@ - + + +
    Description:Effectue la négociation de contenu
    Statut:Base