diff options
author | Justin Erenkrantz <jerenkrantz@apache.org> | 2002-09-20 05:15:23 +0000 |
---|---|---|
committer | Justin Erenkrantz <jerenkrantz@apache.org> | 2002-09-20 05:15:23 +0000 |
commit | 5249b897ce78de842fa0780b80dfb17475eea886 (patch) | |
tree | cc71267b00b75ad62f152da24db4a7f5bd786965 /docs/manual/mod/mod_authn_file.xml | |
parent | fad5622a738dd475cc01900408b88f36d60f8f73 (diff) | |
download | httpd-5249b897ce78de842fa0780b80dfb17475eea886.tar.gz |
Remove mention of AuthDBMAuthoritative and AuthUserFileAuthoritative
directives.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96923 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'docs/manual/mod/mod_authn_file.xml')
-rw-r--r-- | docs/manual/mod/mod_authn_file.xml | 52 |
1 files changed, 0 insertions, 52 deletions
diff --git a/docs/manual/mod/mod_authn_file.xml b/docs/manual/mod/mod_authn_file.xml index fe4ed95396..d3b534ea8c 100644 --- a/docs/manual/mod/mod_authn_file.xml +++ b/docs/manual/mod/mod_authn_file.xml @@ -84,56 +84,4 @@ passwords for authentication</description> </usage> </directivesynopsis> -<directivesynopsis> -<name>AuthUserFileAuthoritative</name> -<description>Sets whether authorization and authentication are -passed to lower level modules</description> -<syntax>AuthUserFileAuthoritative on|off</syntax> -<default>AuthUserFileAuthoritative on</default> -<contextlist> - <context>directory</context> - <context>.htaccess</context> -</contextlist> -<override>AuthConfig</override> - -<usage> - <note>This information has not been updated for Apache 2.0, which - uses a different system for module ordering.</note> - - <p>Setting the <directive>AuthAuthoritative</directive> directive - explicitly to <strong>'off'</strong> allows for both - authentication and authorization to be passed on to lower level - modules (as defined in the <code>Configuration</code> and - <code>modules.c</code> files) if there is <strong>no - userID</strong> or <strong>rule</strong> matching the supplied - userID. If there is a userID and/or rule specified; the usual - password and access checks will be applied and a failure will give - an Authorization Required reply.</p> - - <p>So if a userID appears in the database of more than one module; - or if a valid <directive module="core">Require</directive> - directive applies to more than one module; then the first module - will verify the credentials; and no access is passed on; - regardless of the AuthAuthoritative setting.</p> - - <p>By default; control is not passed on; and an unknown userID or - rule will result in an Authorization Required reply. Not setting - it thus keeps the system secure; and forces an NCSA compliant - behaviour.</p> - - <note><title>Security</title> Do consider the implications of - allowing a user to allow fall-through in his .htaccess file; and - verify that this is really what you want; Generally it is easier - to just secure a single .htpasswd file, than it is to secure a - database such as mSQL. Make sure that the <directive - module="mod_authn_file">AuthUserFile</directive> and the <directive - module="mod_authz_groupfile">AuthGroupFile</directive> are stored outside - the document tree of the web-server; do <em>not</em> put them in the - directory that they protect. Otherwise, clients will be able to - download the <directive module="mod_authn_file">AuthUserFile</directive> - and the <directive module="mod_authz_groupfile">AuthGroupFile</directive>. - </note> -</usage> -</directivesynopsis> - </modulesynopsis> |