Add documentation for GroupExternalAuthNCheck

author Micah Andersen <micah@bimi.org>

Wed, 2 May 2018 14:01:26 +0000 (10:01 -0400)

committer Micah Andersen <micah@bimi.org>

Wed, 2 May 2018 14:01:26 +0000 (10:01 -0400)
author Micah Andersen <micah@bimi.org>
Wed, 2 May 2018 14:01:26 +0000 (10:01 -0400)
committer Micah Andersen <micah@bimi.org>
Wed, 2 May 2018 14:01:26 +0000 (10:01 -0400)
diff --git a/mod_authnz_external/INSTALL b/mod_authnz_external/INSTALL

index 93752e5993f066224c51ef608c4e0e6385930f3a..c2561010f282efa79983e7595710eb9fb6298e7e 100644 (file)
--- a/mod_authnz_external/INSTALL
+++ b/mod_authnz_external/INSTALL
@@ -555,6 +555,19 @@ instructions to your server configuration.
      Under Apache 2.4 you can control the return code using the
      'AuthzSendForbiddenOnFailure' directive.
  
+    * USING GROUP CHECKING INDEPENDENT OF USER CHECKING:
+
+    Normally, the group authorization process checks that a user was 
+    successfully authenticated by the user authentication module before 
+    actually running the external group checking program.  This may be 
+    undesirable if your goal is to use mod_authz_external on its own as 
+    a group checker, without any user checking. You can use the 
+    following directive in your Apache config to disable the user 
+    authentication check:
+    
+    GroupExternalAuthNCheck Off
+    
+
      * INTERACTIONS WITH OTHER AUTHENTICATORS:
  
      Previous versions of mod_authnz_external had 'GroupExternalAuthoritative'
author	Micah Andersen <micah@bimi.org>
	Wed, 2 May 2018 14:01:26 +0000 (10:01 -0400)
committer	Micah Andersen <micah@bimi.org>
	Wed, 2 May 2018 14:01:26 +0000 (10:01 -0400)