Add documentation (rough, but something) for new aaa modules.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96799 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 139 insertions, 0 deletions

diff --git a/docs/manual/mod/mod_authn_file.xml b/docs/manual/mod/mod_authn_file.xml
new file mode 100644
index 0000000000..fe4ed95396
--- /dev/null
+++ b/docs/manual/mod/mod_authn_file.xml
@@ -0,0 +1,139 @@
+<?xml version="1.0"?>
+<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
+<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
+<modulesynopsis>
+
+<name>mod_authn_file</name>
+<description>User authentication using text files</description>
+<status>Base</status>
+<sourcefile>mod_authn_file.c</sourcefile>
+<identifier>authn_file_module</identifier>
+<compatibility>Available in Apache 2.0.42 and later</compatibility>
+
+<summary>
+
+    <p>This module provides authentication front-ends such as
+    <module>mod_auth_digest</module> and <module>mod_auth_basic</module>
+    to authenticate users by looking up users in plain text password files.
+    Similar functionality is provided by <module>mod_authn_dbm</module>.</p>
+
+    <p>When using <module>mod_auth_basic</module> or
+    <module>mod_auth_digest</module>, this module is invoked via the
+    <directive module="mod_auth_basic">AuthBasicProvider</directive> or
+    <directive module="mod_auth_digest">AuthDigestProvider</directive>
+    with the 'file' value.</p>
+
+</summary>
+<seealso><directive module="core">AuthName</directive></seealso>
+<seealso><directive module="core">AuthType</directive></seealso>
+<seealso>
+  <directive module="mod_auth_basic">AuthBasicProvider</directive>
+</seealso>
+<seealso>
+  <directive module="mod_auth_digest">AuthDigestProvider</directive>
+</seealso>
+ 
+<directivesynopsis>
+<name>AuthUserFile</name>
+<description>Sets the name of a text file containing the list of users and
+passwords for authentication</description>
+<syntax>AuthUserFile <em>file-path</em></syntax>
+<contextlist>
+  <context>directory</context>
+  <context>.htaccess</context>
+</contextlist>
+<override>AuthConfig</override>
+
+<usage>
+    <p>The <directive>AuthUserFile</directive> directive sets the name
+    of a textual file containing the list of users and passwords for
+    user authentication. <em>File-path</em> is the path to the user
+    file. If it is not absolute (<em>i.e.</em>, if it doesn't begin
+    with a slash), it is treated as relative to the <directive
+    module="core">ServerRoot</directive>.</p>
+
+    <p>Each line of the user file contains a username followed by
+    a colon, followed by the <code>crypt()</code> encrypted
+    password. The behavior of multiple occurrences of the same user is
+    undefined.</p>
+
+    <p>The utility <a href="../programs/htpasswd.html">htpasswd</a>
+    which is installed as part of the binary distribution, or which
+    can be found in <code>src/support</code>, is used to maintain
+    this password file. See the <code>man</code> page for more
+    details. In short:</p>
+
+    <p>Create a password file 'Filename' with 'username' as the
+    initial ID. It will prompt for the password:</p>
+    <example>htpasswd -c Filename username</example>
+
+    <p>Add or modify 'username2' in the password file 'Filename':</p>
+    <example>htpasswd Filename username2</example>
+
+    <p>Note that searching large text files is <em>very</em>
+    inefficient; <directive
+    module="mod_authn_dbm">AuthDBMUserFile</directive> should be used
+    instead.</p>
+
+    <note><title>Security</title>
+    <p>Make sure that the <directive>AuthUserFile</directive> is
+	stored outside the document tree of the web-server; do <em>not</em>
+	put it in the directory that it protects. Otherwise, clients will
+	be able to download the <directive>AuthUserFile</directive>.</p>
+    </note>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AuthUserFileAuthoritative</name>
+<description>Sets whether authorization and authentication are
+passed to lower level modules</description>
+<syntax>AuthUserFileAuthoritative on|off</syntax>
+<default>AuthUserFileAuthoritative on</default>
+<contextlist>
+  <context>directory</context>
+  <context>.htaccess</context>
+</contextlist>
+<override>AuthConfig</override>
+
+<usage>
+    <note>This information has not been updated for Apache 2.0, which
+    uses a different system for module ordering.</note>
+
+    <p>Setting the <directive>AuthAuthoritative</directive> directive
+    explicitly to <strong>'off'</strong> allows for both
+    authentication and authorization to be passed on to lower level
+    modules (as defined in the <code>Configuration</code> and
+    <code>modules.c</code> files) if there is <strong>no
+    userID</strong> or <strong>rule</strong> matching the supplied
+    userID. If there is a userID and/or rule specified; the usual
+    password and access checks will be applied and a failure will give
+    an Authorization Required reply.</p>
+
+    <p>So if a userID appears in the database of more than one module;
+    or if a valid <directive module="core">Require</directive>
+    directive applies to more than one module; then the first module
+    will verify the credentials; and no access is passed on;
+    regardless of the AuthAuthoritative setting.</p>
+
+    <p>By default; control is not passed on; and an unknown userID or
+    rule will result in an Authorization Required reply. Not setting
+    it thus keeps the system secure; and forces an NCSA compliant
+    behaviour.</p>
+
+    <note><title>Security</title> Do consider the implications of
+    allowing a user to allow fall-through in his .htaccess file; and
+    verify that this is really what you want; Generally it is easier
+    to just secure a single .htpasswd file, than it is to secure a
+    database such as mSQL. Make sure that the <directive
+    module="mod_authn_file">AuthUserFile</directive> and the <directive
+    module="mod_authz_groupfile">AuthGroupFile</directive> are stored outside
+    the document tree of the web-server; do <em>not</em> put them in the
+    directory that they protect. Otherwise, clients will be able to
+    download the <directive module="mod_authn_file">AuthUserFile</directive>
+    and the <directive module="mod_authz_groupfile">AuthGroupFile</directive>.
+    </note>
+</usage>
+</directivesynopsis>
+
+</modulesynopsis>