diff options
Diffstat (limited to 'docs/manual/mod/mod_auth_db.html')
| -rw-r--r-- | docs/manual/mod/mod_auth_db.html | 250 |
1 files changed, 0 insertions, 250 deletions
diff --git a/docs/manual/mod/mod_auth_db.html b/docs/manual/mod/mod_auth_db.html deleted file mode 100644 index 4d57738dcd..0000000000 --- a/docs/manual/mod/mod_auth_db.html +++ /dev/null @@ -1,250 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> -<HTML> -<HEAD> -<TITLE>Apache module mod_auth_db</TITLE> -</HEAD> - -<!-- Background white, links blue (unvisited), navy (visited), red (active) --> -<BODY - BGCOLOR="#FFFFFF" - TEXT="#000000" - LINK="#0000FF" - VLINK="#000080" - ALINK="#FF0000" -> -<!--#include virtual="header.html" --> -<H1 ALIGN="CENTER">Module mod_auth_db</H1> - -<p>This module provides for user authentication using Berkeley DB -files. </p> - -<P><A -HREF="module-dict.html#Status" -REL="Help" -><STRONG>Status:</STRONG></A> Extension -<BR> -<A -HREF="module-dict.html#SourceFile" -REL="Help" -><STRONG>Source File:</STRONG></A> mod_auth_db.c -<BR> -<A -HREF="module-dict.html#ModuleIdentifier" -REL="Help" -><STRONG>Module Identifier:</STRONG></A> db_auth_module -</P> - -<h2>Summary</h2> - -<p>This module provides an alternative to <A -HREF="mod_auth_dbm.html">DBM</A> files for those systems which support -DB and not DBM. It is only available in Apache 1.1 and later.</p> - -<p>On some BSD systems (<EM>e.g.</EM>, FreeBSD and NetBSD) dbm is -automatically mapped to Berkeley DB. You can use either <A -HREF="mod_auth_dbm.html">mod_auth_dbm</A> or mod_auth_db. The latter -makes it more obvious that it's Berkeley DB. On other platforms where -you want to use the DB library you usually have to install it -first. See <A -HREF="http://www.sleepycat.com/">http://www.sleepycat.com/</A> for the -distribution. The interface this module uses is the one from DB -version 1.85 and 1.86, but DB version 2.x can also be used when -compatibility mode is enabled.</p> - -<h2>Directives</h2> - -<UL> -<LI><A HREF="#authdbgroupfile">AuthDBGroupFile</A> -<LI><A HREF="#authdbuserfile">AuthDBUserFile</A> -<LI><A HREF="#authdbauthoritative">AuthDBAuthoritative</A> -</UL> - -<p>See also: <a href="core.html#satisfy">satisfy</a> and -<a href="core.html#require">require</a>.</p> - -<HR> - - -<H2><A NAME="authdbgroupfile">AuthDBGroupFile directive</A></H2> -<!--%plaintext <?INDEX {\tt AuthDBGroupFile} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> AuthDBGroupFile <EM>filename</EM><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> directory, .htaccess<BR> -<A - HREF="directive-dict.html#Override" - REL="Help" -><STRONG>Override:</STRONG></A> AuthConfig<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> Extension<BR> -<A - HREF="directive-dict.html#Module" - REL="Help" -><STRONG>Module:</STRONG></A> mod_auth_db<P> - -The AuthDBGroupFile directive sets the name of a DB file containing the list -of user groups for user authentication. <EM>Filename</EM> is the absolute path -to the group file.<P> - -The group file is keyed on the username. The value for a user is a -comma-separated list of the groups to which the users belongs. There must -be no whitespace within the value, and it must never contain any colons.<P> - -Security: make sure that the AuthDBGroupFile is stored outside the -document tree of the web-server; do <EM>not</EM> put it in the directory that -it protects. Otherwise, clients will be able to download the -AuthDBGroupFile unless otherwise protected.<P> - -Combining Group and Password DB files: In some cases it is easier to -manage a single database which contains both the password and group -details for each user. This simplifies any support programs that need -to be written: they now only have to deal with writing to and locking -a single DBM file. This can be accomplished by first setting the group -and password files to point to the same DB file:<P> - -<BLOCKQUOTE><CODE> -AuthDBGroupFile /www/userbase<BR> -AuthDBUserFile /www/userbase -</CODE></BLOCKQUOTE> - -The key for the single DB record is the username. The value consists of <P> - -<BLOCKQUOTE><CODE> -Unix Crypt-ed Password : List of Groups [ : (ignored) ] -</CODE></BLOCKQUOTE> - -The password section contains the Unix crypt() password as before. This is -followed by a colon and the comma separated list of groups. Other data may -optionally be left in the DB file after another colon; it is ignored by the -authentication module. <P> - -See also <A HREF="core.html#authname">AuthName</A>, -<A HREF="core.html#authtype">AuthType</A> and -<A HREF="#authdbuserfile">AuthDBUserFile</A>.<P><HR> - -<H2><A NAME="authdbuserfile">AuthDBUserFile</A> directive</H2> -<!--%plaintext <?INDEX {\tt AuthDBUserFile} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> AuthDBUserFile <EM>filename</EM><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> directory, .htaccess<BR> -<A - HREF="directive-dict.html#Override" - REL="Help" -><STRONG>Override:</STRONG></A> AuthConfig<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> Extension<BR> -<A - HREF="directive-dict.html#Module" - REL="Help" -><STRONG>Module:</STRONG></A> mod_auth_db<P> - -The AuthDBUserFile directive sets the name of a DB file containing the list -of users and passwords for user authentication. <EM>Filename</EM> is the -absolute path to the user file.<P> - -The user file is keyed on the username. The value for a user is the -crypt() encrypted password, optionally followed by a colon and -arbitrary data. The colon and the data following it will be ignored -by the server.<P> - -Security: make sure that the AuthDBUserFile is stored outside the -document tree of the web-server; do <EM>not</EM> put it in the directory that -it protects. Otherwise, clients will be able to download the -AuthDBUserFile.<P> - -Important compatibility note: The implementation of "dbmopen" in the -apache modules reads the string length of the hashed values from the -DB data structures, rather than relying upon the string being -NULL-appended. Some applications, such as the Netscape web server, -rely upon the string being NULL-appended, so if you are having trouble -using DB files interchangeably between applications this may be a -part of the problem. <P> - -<p>A perl script called -href="../programs/dbmmanage.html">dbmmanage</a> is included with -Apache. This program can be used to create and update DB format -password files for use with this module.</p> - -See also <A HREF="core.html#authname">AuthName</A>, -<A HREF="core.html#authtype">AuthType</A> and -<A HREF="#authdbgroupfile">AuthDBGroupFile</A>.<P> -<HR> -<H2><A NAME="authdbauthoritative">AuthDBAuthoritative</A> directive</H2> -<!--%plaintext <?INDEX {\tt AuthDBAuthoritative} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> AuthDBAuthoritative on|off<BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>AuthDBAuthoritative on</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> directory, .htaccess<BR> -<A - HREF="directive-dict.html#Override" - REL="Help" -><STRONG>Override:</STRONG></A> AuthConfig<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> Base<BR> -<A - HREF="directive-dict.html#Module" - REL="Help" -><STRONG>Module:</STRONG></A> mod_auth<P> - -Setting the AuthDBAuthoritative directive explicitly to <STRONG>'off'</STRONG> -allows for both authentication and authorization to be passed on -to lower level modules (as defined in the <CODE>Configuration</CODE> -and <CODE>modules.c</CODE> file if there is <STRONG>no userID</STRONG> or -<STRONG>rule</STRONG> matching the supplied userID. If there is a userID -and/or rule specified; the usual password and access checks will -be applied and a failure will give an Authorization Required reply. -<P> -So if a userID appears in the database of more than one module; or -if a valid <CODE>Require</CODE> directive applies to more than one module; then -the first module will verify the credentials; and no access is -passed on; regardless of the AuthAuthoritative setting. <P> - -A common use for this is in conjunction with one of the basic auth -modules; such as <A HREF="mod_auth.html"><CODE>mod_auth.c</CODE></A>. -Whereas this DB module supplies the bulk of the user credential -checking; a few (administrator) related accesses fall through to -a lower level with a well protected .htpasswd file. <P> - - -By default, control is not passed on and an unknown -userID or rule will result in an Authorization Required reply. Not -setting it thus keeps the system secure and forces an NCSA compliant -behaviour. <P> -Security: Do consider the implications of allowing a user to allow -fall-through in his .htaccess file; and verify that this is really -what you want; Generally it is easier to just secure a single -.htpasswd file, than it is to secure a database which might have -more access interfaces. - -<P> -See also <A HREF="core.html#authname">AuthName</A>, -<A HREF="core.html#authtype">AuthType</A> and -<A HREF="#authdbgroupfile">AuthDBGroupFile</A>.<P> - -<!--#include virtual="footer.html" --> -</BODY> -</HTML> - |