diff options
author | Justin Erenkrantz <jerenkrantz@apache.org> | 2002-09-14 00:09:22 +0000 |
---|---|---|
committer | Justin Erenkrantz <jerenkrantz@apache.org> | 2002-09-14 00:09:22 +0000 |
commit | 15e970a0c79be5bc2e97bf99a1de0deb10498be1 (patch) | |
tree | 8dbe8fbf63d7c19109bdbc23559796184bc7be6d /docs/manual/mod/mod_authn_file.xml | |
parent | 128ea1d05d8ce6e886e4635a3635e607a4aef618 (diff) | |
download | httpd-15e970a0c79be5bc2e97bf99a1de0deb10498be1.tar.gz |
Add documentation (rough, but something) for new aaa modules.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96799 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'docs/manual/mod/mod_authn_file.xml')
-rw-r--r-- | docs/manual/mod/mod_authn_file.xml | 139 |
1 files changed, 139 insertions, 0 deletions
diff --git a/docs/manual/mod/mod_authn_file.xml b/docs/manual/mod/mod_authn_file.xml new file mode 100644 index 0000000000..fe4ed95396 --- /dev/null +++ b/docs/manual/mod/mod_authn_file.xml @@ -0,0 +1,139 @@ +<?xml version="1.0"?> +<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> +<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?> +<modulesynopsis> + +<name>mod_authn_file</name> +<description>User authentication using text files</description> +<status>Base</status> +<sourcefile>mod_authn_file.c</sourcefile> +<identifier>authn_file_module</identifier> +<compatibility>Available in Apache 2.0.42 and later</compatibility> + +<summary> + + <p>This module provides authentication front-ends such as + <module>mod_auth_digest</module> and <module>mod_auth_basic</module> + to authenticate users by looking up users in plain text password files. + Similar functionality is provided by <module>mod_authn_dbm</module>.</p> + + <p>When using <module>mod_auth_basic</module> or + <module>mod_auth_digest</module>, this module is invoked via the + <directive module="mod_auth_basic">AuthBasicProvider</directive> or + <directive module="mod_auth_digest">AuthDigestProvider</directive> + with the 'file' value.</p> + +</summary> +<seealso><directive module="core">AuthName</directive></seealso> +<seealso><directive module="core">AuthType</directive></seealso> +<seealso> + <directive module="mod_auth_basic">AuthBasicProvider</directive> +</seealso> +<seealso> + <directive module="mod_auth_digest">AuthDigestProvider</directive> +</seealso> + +<directivesynopsis> +<name>AuthUserFile</name> +<description>Sets the name of a text file containing the list of users and +passwords for authentication</description> +<syntax>AuthUserFile <em>file-path</em></syntax> +<contextlist> + <context>directory</context> + <context>.htaccess</context> +</contextlist> +<override>AuthConfig</override> + +<usage> + <p>The <directive>AuthUserFile</directive> directive sets the name + of a textual file containing the list of users and passwords for + user authentication. <em>File-path</em> is the path to the user + file. If it is not absolute (<em>i.e.</em>, if it doesn't begin + with a slash), it is treated as relative to the <directive + module="core">ServerRoot</directive>.</p> + + <p>Each line of the user file contains a username followed by + a colon, followed by the <code>crypt()</code> encrypted + password. The behavior of multiple occurrences of the same user is + undefined.</p> + + <p>The utility <a href="../programs/htpasswd.html">htpasswd</a> + which is installed as part of the binary distribution, or which + can be found in <code>src/support</code>, is used to maintain + this password file. See the <code>man</code> page for more + details. In short:</p> + + <p>Create a password file 'Filename' with 'username' as the + initial ID. It will prompt for the password:</p> + <example>htpasswd -c Filename username</example> + + <p>Add or modify 'username2' in the password file 'Filename':</p> + <example>htpasswd Filename username2</example> + + <p>Note that searching large text files is <em>very</em> + inefficient; <directive + module="mod_authn_dbm">AuthDBMUserFile</directive> should be used + instead.</p> + + <note><title>Security</title> + <p>Make sure that the <directive>AuthUserFile</directive> is + stored outside the document tree of the web-server; do <em>not</em> + put it in the directory that it protects. Otherwise, clients will + be able to download the <directive>AuthUserFile</directive>.</p> + </note> +</usage> +</directivesynopsis> + +<directivesynopsis> +<name>AuthUserFileAuthoritative</name> +<description>Sets whether authorization and authentication are +passed to lower level modules</description> +<syntax>AuthUserFileAuthoritative on|off</syntax> +<default>AuthUserFileAuthoritative on</default> +<contextlist> + <context>directory</context> + <context>.htaccess</context> +</contextlist> +<override>AuthConfig</override> + +<usage> + <note>This information has not been updated for Apache 2.0, which + uses a different system for module ordering.</note> + + <p>Setting the <directive>AuthAuthoritative</directive> directive + explicitly to <strong>'off'</strong> allows for both + authentication and authorization to be passed on to lower level + modules (as defined in the <code>Configuration</code> and + <code>modules.c</code> files) if there is <strong>no + userID</strong> or <strong>rule</strong> matching the supplied + userID. If there is a userID and/or rule specified; the usual + password and access checks will be applied and a failure will give + an Authorization Required reply.</p> + + <p>So if a userID appears in the database of more than one module; + or if a valid <directive module="core">Require</directive> + directive applies to more than one module; then the first module + will verify the credentials; and no access is passed on; + regardless of the AuthAuthoritative setting.</p> + + <p>By default; control is not passed on; and an unknown userID or + rule will result in an Authorization Required reply. Not setting + it thus keeps the system secure; and forces an NCSA compliant + behaviour.</p> + + <note><title>Security</title> Do consider the implications of + allowing a user to allow fall-through in his .htaccess file; and + verify that this is really what you want; Generally it is easier + to just secure a single .htpasswd file, than it is to secure a + database such as mSQL. Make sure that the <directive + module="mod_authn_file">AuthUserFile</directive> and the <directive + module="mod_authz_groupfile">AuthGroupFile</directive> are stored outside + the document tree of the web-server; do <em>not</em> put them in the + directory that they protect. Otherwise, clients will be able to + download the <directive module="mod_authn_file">AuthUserFile</directive> + and the <directive module="mod_authz_groupfile">AuthGroupFile</directive>. + </note> +</usage> +</directivesynopsis> + +</modulesynopsis> |