Remove mention of AuthDBMAuthoritative and AuthUserFileAuthoritative

directives.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96923 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 0 insertions, 52 deletions

diff --git a/docs/manual/mod/mod_authn_file.xml b/docs/manual/mod/mod_authn_file.xml
index fe4ed95396..d3b534ea8c 100644
--- a/docs/manual/mod/mod_authn_file.xml
+++ b/docs/manual/mod/mod_authn_file.xml
@@ -84,56 +84,4 @@ passwords for authentication</description>
 </usage>
 </directivesynopsis>
 
-<directivesynopsis>
-<name>AuthUserFileAuthoritative</name>
-<description>Sets whether authorization and authentication are
-passed to lower level modules</description>
-<syntax>AuthUserFileAuthoritative on|off</syntax>
-<default>AuthUserFileAuthoritative on</default>
-<contextlist>
-  <context>directory</context>
-  <context>.htaccess</context>
-</contextlist>
-<override>AuthConfig</override>
-
-<usage>
-    <note>This information has not been updated for Apache 2.0, which
-    uses a different system for module ordering.</note>
-
-    <p>Setting the <directive>AuthAuthoritative</directive> directive
-    explicitly to <strong>'off'</strong> allows for both
-    authentication and authorization to be passed on to lower level
-    modules (as defined in the <code>Configuration</code> and
-    <code>modules.c</code> files) if there is <strong>no
-    userID</strong> or <strong>rule</strong> matching the supplied
-    userID. If there is a userID and/or rule specified; the usual
-    password and access checks will be applied and a failure will give
-    an Authorization Required reply.</p>
-
-    <p>So if a userID appears in the database of more than one module;
-    or if a valid <directive module="core">Require</directive>
-    directive applies to more than one module; then the first module
-    will verify the credentials; and no access is passed on;
-    regardless of the AuthAuthoritative setting.</p>
-
-    <p>By default; control is not passed on; and an unknown userID or
-    rule will result in an Authorization Required reply. Not setting
-    it thus keeps the system secure; and forces an NCSA compliant
-    behaviour.</p>
-
-    <note><title>Security</title> Do consider the implications of
-    allowing a user to allow fall-through in his .htaccess file; and
-    verify that this is really what you want; Generally it is easier
-    to just secure a single .htpasswd file, than it is to secure a
-    database such as mSQL. Make sure that the <directive
-    module="mod_authn_file">AuthUserFile</directive> and the <directive
-    module="mod_authz_groupfile">AuthGroupFile</directive> are stored outside
-    the document tree of the web-server; do <em>not</em> put them in the
-    directory that they protect. Otherwise, clients will be able to
-    download the <directive module="mod_authn_file">AuthUserFile</directive>
-    and the <directive module="mod_authz_groupfile">AuthGroupFile</directive>.
-    </note>
-</usage>
-</directivesynopsis>
-
 </modulesynopsis>