From f6d418a04f9337ebdad59369fbac0bbf76103b83 Mon Sep 17 00:00:00 2001 From: Joshua Slive Date: Wed, 20 Feb 2002 16:17:40 +0000 Subject: [PATCH] Another xml comversion. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93513 13f79535-47bb-0310-9956-ffa450edef68 --- docs/manual/mod/mod_auth_dbm.html | 584 ++++++++++++++++++------------ docs/manual/mod/mod_auth_dbm.xml | 194 ++++++++++ 2 files changed, 555 insertions(+), 223 deletions(-) create mode 100644 docs/manual/mod/mod_auth_dbm.xml diff --git a/docs/manual/mod/mod_auth_dbm.html b/docs/manual/mod/mod_auth_dbm.html index 1402e7093a..c0a0c91acb 100644 --- a/docs/manual/mod/mod_auth_dbm.html +++ b/docs/manual/mod/mod_auth_dbm.html @@ -1,87 +1,225 @@ - - - - - - - Apache module mod_auth_dbm - - - - - - -

Module mod_auth_dbm

- -

This module provides for user authentication using DBM - files.

+ + + + +mod_auth_dbm - Apache HTTP Server + + + +
+
+[APACHE DOCUMENTATION]

Apache HTTP Server Version 2.0

+
+

Apache Module mod_auth_dbm

+ + + + +
+ + + + + + + + + + +
Description: +Provides for user authentication using DBM + files +
Status:Extension
Module Identifier:auth_dbm_module
+
+

Summary

+ + +

This module provides for HTTP Basic Authentication, where + the usernames and passwords are stored in DBM type database + files. It is an alternative to the plain text password files + provided by mod_auth.

+ + +

+See also: +

+ +

Directives

+ +
+

+AuthDBMAuthoritative Directive +

+ + + + +
+ + + + + + + + + + + + + + + + + + + + + + +
Description: Sets whether authentication and authorization will be +passwed on to lower level modules
Syntax: +AuthDBMAuthoritative on|off +
Default:AuthDBMAuthoritative on
Context:directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_auth_dbm
+
+ + + +
+ + + + +
This information has not been updated to take into account the +new module ordering techniques in Apache 2.0
+
+ + +

Setting the AuthDBMAuthoritative + directive explicitly to 'off' allows for both + authentication and authorization to be passed on to lower level + modules (as defined in the Configuration and + modules.c file if there is no userID + or rule matching the supplied userID. If there is + a userID and/or rule specified; the usual password and access + checks will be applied and a failure will give an Authorization + Required reply.

+ + +

So if a userID appears in the database of more than one module; + or if a valid Require + directive applies to more than one module; then the first module + will verify the credentials; and no access is passed on; + regardless of the AuthAuthoritative setting.

+ + +

A common use for this is in conjunction with one of the + basic auth modules; such as mod_auth. Whereas this + DBM module supplies the bulk of the user credential checking; a + few (administrator) related accesses fall through to a lower + level with a well protected .htpasswd file.

-

Status: Extension
- Source File: - mod_auth_dbm.c
- Module Identifier: - auth_dbm_module

+ +

By default, control is not passed on and an unknown userID + or rule will result in an Authorization Required reply. Not + setting it thus keeps the system secure and forces an NCSA + compliant behaviour.

-

Summary

+ +

Security: Do consider the implications of allowing a user to + allow fall-through in his .htaccess file; and verify that this + is really what you want; Generally it is easier to just secure + a single .htpasswd file, than it is to secure a database which + might have more access interfaces.

-

This module provides for HTTP Basic Authentication, where - the usernames and passwords are stored in DBM type database - files. It is an alternative to the plain text password files - provided by mod_auth.

- -

Directives

- - - -

See also: Satisfy and Require.

-
- -

AuthDBMGroupFile

- - Syntax: AuthDBMGroupFile - file-path
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: Extension
- Module: mod_auth_dbm - -

The AuthDBMGroupFile directive sets the name of a DBM file - containing the list of user groups for user authentication. - File-path is the absolute path to the group file.

- -

The group file is keyed on the username. The value for a + +

+

+AuthDBMGroupFile Directive +

+ + + + +
+ + + + + + + + + + + + + + + + + + + +
Description: Sets the name of the database file containing the list +of user groups for authentication
Syntax: +AuthDBMGroupFile file-path + +
Context:directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_auth_dbm
+
+ + +

The AuthDBMGroupFile directive sets the + name of a DBM file containing the list of user groups for user + authentication. File-path is the absolute path to the + group file.

+ + +

The group file is keyed on the username. The value for a user is a comma-separated list of the groups to which the users belongs. There must be no whitespace within the value, and it must never contain any colons.

-

Security: make sure that the AuthDBMGroupFile is stored - outside the document tree of the web-server; do not - put it in the directory that it protects. Otherwise, clients - will be able to download the AuthDBMGroupFile unless otherwise - protected.

+ +

Security: make sure that the + AuthDBMGroupFile is stored outside the + document tree of the web-server; do not put it in the + directory that it protects. Otherwise, clients will be able to + download the AuthDBMGroupFile unless + otherwise protected.

-

Combining Group and Password DBM files: In some cases it is + +

Combining Group and Password DBM files: In some cases it is easier to manage a single database which contains both the password and group details for each user. This simplifies any support programs that need to be written: they now only have to @@ -89,61 +227,149 @@ accomplished by first setting the group and password files to point to the same DBM:

-
- AuthDBMGroupFile /www/userbase
- AuthDBMUserFile /www/userbase -
- The key for the single DBM is the username. The value consists - of - -
- Unix Crypt-ed Password : List of Groups [ : (ignored) - ] -
- The password section contains the Unix crypt() password as - before. This is followed by a colon and the comma separated - list of groups. Other data may optionally be left in the DBM - file after another colon; it is ignored by the authentication + +
+ + + + +
+AuthDBMGroupFile /www/userbase
+AuthDBMUserFile /www/userbase +
+
+ + +

The key for the single DBM is the username. The value consists + of

+ + +
+ + + + +
Unix Crypt-ed Password : List of Groups [ : (ignored) + ]
+
+ + +

The password section contains the Unix crypt() + password as before. This is followed by a colon and the comma + separated list of groups. Other data may optionally be left in the + DBM file after another colon; it is ignored by the authentication module. This is what www.telescope.org uses for its combined - password and group database. - -

See also AuthName, AuthType and AuthDBMUserFile.

-
- -

AuthDBMUserFile

- - Syntax: AuthDBMUserFile - file-path
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: Extension
- Module: mod_auth_dbm - -

The AuthDBMUserFile directive sets the name of a DBM file - containing the list of users and passwords for user - authentication. File-path is the absolute path to the - user file.

- -

The user file is keyed on the username. The value for a user - is the crypt() encrypted password, optionally followed by a - colon and arbitrary data. The colon and the data following it + password and group database.

+ + +
+

+AuthDBMType Directive +

+ + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + +
Description: Sets the type of database file that is used to +store passwords
Syntax: +AuthDBMType default|SDBM|GDBM|DB +
Default:AuthDBMType default
Context:directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_auth_dbm
Compatibility:Available in version 2.0.30 and later.
+
+ + + +

Sets the type of database file that is used to store the passwords. +The default database type is determined at compile time. The +availability of other types of database files also depends on +compile-time settings.

+ + +

It is crucial that whatever program you use to create your password +files is configured to use the same type of database.

+ + +
+

+AuthDBMUserFile Directive +

+ + + + +
+ + + + + + + + + + + + + + + + + + + +
Description: Sets thename of a database file containing the list of users and +passwords for authentication
Syntax: +AuthDBMUserFile file-path + +
Context:directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_auth_dbm
+
+ + +

The AuthDBMUserFile directive sets the + name of a DBM file containing the list of users and passwords for + user authentication. File-path is the absolute path to + the user file.

+ + +

The user file is keyed on the username. The value for a user is + the crypt() encrypted password, optionally followed + by a colon and arbitrary data. The colon and the data following it will be ignored by the server.

-

Security: make sure that the AuthDBMUserFile is stored - outside the document tree of the web-server; do not - put it in the directory that it protects. Otherwise, clients - will be able to download the AuthDBMUserFile.

+ +

Security: make sure that the + AuthDBMUserFile is stored outside the + document tree of the web-server; do not put it in the + directory that it protects. Otherwise, clients will be able to + download the AuthDBMUserFile.

-

Important compatibility note: The implementation of + +

Important compatibility note: The implementation of "dbmopen" in the apache modules reads the string length of the hashed values from the DBM data structures, rather than relying upon the string being NULL-appended. Some applications, such as @@ -152,104 +378,16 @@ interchangeably between applications this may be a part of the problem.

-

A perl script called + +

A perl script called dbmmanage is included with Apache. This program can be used to create and update DBM format password files for use with this module.

- See also AuthName, AuthType and AuthDBMGroupFile. -
- -

AuthDBMType

-

Syntax: AuthDBMType - default|SDBM|GDBM|DB
- Default: - AuthDBMType default
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: Extension
- Module: mod_auth_dbm
- Compatibility: - Available in version 2.0.30 and later.

- -

Sets the type of database file that is used to store the passwords. -The default database type is determined at compile time. The -availability of other types of database files also depends on -compile-time settings.

-

It is crucial that whatever program you use to create your password -files is configured to use the same type of database.

- -
-

AuthDBMAuthoritative

- - Syntax: AuthDBMAuthoritative - on|off
- Default: - AuthDBMAuthoritative on
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: Extension
- Module: mod_auth_dbm - -

Setting the AuthDBMAuthoritative directive explicitly to - 'off' allows for both authentication and - authorization to be passed on to lower level modules (as - defined in the Configuration and - modules.c file if there is no - userID or rule matching the supplied - userID. If there is a userID and/or rule specified; the usual - password and access checks will be applied and a failure will - give an Authorization Required reply.

- -

So if a userID appears in the database of more than one - module; or if a valid Require directive applies to - more than one module; then the first module will verify the - credentials; and no access is passed on; regardless of the - AuthAuthoritative setting.

- -

A common use for this is in conjunction with one of the - basic auth modules; such as mod_auth.c. Whereas this - DBM module supplies the bulk of the user credential checking; a - few (administrator) related accesses fall through to a lower - level with a well protected .htpasswd file.

- -

By default, control is not passed on and an unknown userID - or rule will result in an Authorization Required reply. Not - setting it thus keeps the system secure and forces an NCSA - compliant behaviour.

- -

Security: Do consider the implications of allowing a user to - allow fall-through in his .htaccess file; and verify that this - is really what you want; Generally it is easier to just secure - a single .htpasswd file, than it is to secure a database which - might have more access interfaces.

- -

See also AuthName, AuthType and AuthDBMGroupFile.

- -

-

- + +
+

Apache HTTP Server Version 2.0

+IndexHome +
+ - diff --git a/docs/manual/mod/mod_auth_dbm.xml b/docs/manual/mod/mod_auth_dbm.xml new file mode 100644 index 0000000000..6d50bcec67 --- /dev/null +++ b/docs/manual/mod/mod_auth_dbm.xml @@ -0,0 +1,194 @@ + + + + +mod_auth_dbm +Provides for user authentication using DBM + files +Extension +mod_auth_dbm.c +auth_dbm_module + + +

This module provides for HTTP Basic Authentication, where + the usernames and passwords are stored in DBM type database + files. It is an alternative to the plain text password files + provided by mod_auth.

+ + +AuthName +AuthType +Require +Satisfy + + +AuthDBMGroupFile +Sets the name of the database file containing the list +of user groups for authentication +AuthDBMGroupFile file-path +directory.htaccess + +AuthConfig + + +

The AuthDBMGroupFile directive sets the + name of a DBM file containing the list of user groups for user + authentication. File-path is the absolute path to the + group file.

+ +

The group file is keyed on the username. The value for a + user is a comma-separated list of the groups to which the users + belongs. There must be no whitespace within the value, and it + must never contain any colons.

+ +

Security: make sure that the + AuthDBMGroupFile is stored outside the + document tree of the web-server; do not put it in the + directory that it protects. Otherwise, clients will be able to + download the AuthDBMGroupFile unless + otherwise protected.

+ +

Combining Group and Password DBM files: In some cases it is + easier to manage a single database which contains both the + password and group details for each user. This simplifies any + support programs that need to be written: they now only have to + deal with writing to and locking a single DBM file. This can be + accomplished by first setting the group and password files to + point to the same DBM:

+ + +AuthDBMGroupFile /www/userbase
+AuthDBMUserFile /www/userbase + + +

The key for the single DBM is the username. The value consists + of

+ +Unix Crypt-ed Password : List of Groups [ : (ignored) + ] + +

The password section contains the Unix crypt() + password as before. This is followed by a colon and the comma + separated list of groups. Other data may optionally be left in the + DBM file after another colon; it is ignored by the authentication + module. This is what www.telescope.org uses for its combined + password and group database.

+ + + + +AuthDBMUserFile +Sets thename of a database file containing the list of users and +passwords for authentication +AuthDBMUserFile file-path +directory.htaccess + +AuthConfig + + +

The AuthDBMUserFile directive sets the + name of a DBM file containing the list of users and passwords for + user authentication. File-path is the absolute path to + the user file.

+ +

The user file is keyed on the username. The value for a user is + the crypt() encrypted password, optionally followed + by a colon and arbitrary data. The colon and the data following it + will be ignored by the server.

+ +

Security: make sure that the + AuthDBMUserFile is stored outside the + document tree of the web-server; do not put it in the + directory that it protects. Otherwise, clients will be able to + download the AuthDBMUserFile.

+ +

Important compatibility note: The implementation of + "dbmopen" in the apache modules reads the string length of the + hashed values from the DBM data structures, rather than relying + upon the string being NULL-appended. Some applications, such as + the Netscape web server, rely upon the string being + NULL-appended, so if you are having trouble using DBM files + interchangeably between applications this may be a part of the + problem.

+ +

A perl script called + dbmmanage is included with + Apache. This program can be used to create and update DBM + format password files for use with this module.

+ + + + +AuthDBMType +Sets the type of database file that is used to +store passwords +AuthDBMType default|SDBM|GDBM|DB +AuthDBMType default +directory.htaccess + +AuthConfig +Available in version 2.0.30 and later. + + + +

Sets the type of database file that is used to store the passwords. +The default database type is determined at compile time. The +availability of other types of database files also depends on +compile-time settings.

+ +

It is crucial that whatever program you use to create your password +files is configured to use the same type of database.

+ + + + +AuthDBMAuthoritative +Sets whether authentication and authorization will be +passwed on to lower level modules +AuthDBMAuthoritative on|off +AuthDBMAuthoritative on +directory.htaccess + +AuthConfig + + + +This information has not been updated to take into account the +new module ordering techniques in Apache 2.0 + +

Setting the AuthDBMAuthoritative + directive explicitly to 'off' allows for both + authentication and authorization to be passed on to lower level + modules (as defined in the Configuration and + modules.c file if there is no userID + or rule matching the supplied userID. If there is + a userID and/or rule specified; the usual password and access + checks will be applied and a failure will give an Authorization + Required reply.

+ +

So if a userID appears in the database of more than one module; + or if a valid Require + directive applies to more than one module; then the first module + will verify the credentials; and no access is passed on; + regardless of the AuthAuthoritative setting.

+ +

A common use for this is in conjunction with one of the + basic auth modules; such as mod_auth. Whereas this + DBM module supplies the bulk of the user credential checking; a + few (administrator) related accesses fall through to a lower + level with a well protected .htpasswd file.

+ +

By default, control is not passed on and an unknown userID + or rule will result in an Authorization Required reply. Not + setting it thus keeps the system secure and forces an NCSA + compliant behaviour.

+ +

Security: Do consider the implications of allowing a user to + allow fall-through in his .htaccess file; and verify that this + is really what you want; Generally it is easier to just secure + a single .htpasswd file, than it is to secure a database which + might have more access interfaces.

+ + + + \ No newline at end of file -- 2.50.1