brian 97/01/21 19:51:34
Modified: htdocs/manual/mod mod_auth.html
Log:
Cleanups, looks like a placeholder was forgotten. Also, lines really
shouldn't be more than 75 characters long, unless they need to be.
Revision Changes Path
1.5 +50 -18 apache/htdocs/manual/mod/mod_auth.html
Index: mod_auth.html
===================================================================
RCS file: /export/home/cvs/apache/htdocs/manual/mod/mod_auth.html,v
retrieving revision 1.4
retrieving revision 1.5
diff -C3 -r1.4 -r1.5
*** mod_auth.html 1996/12/24 19:08:23 1.4
--- mod_auth.html 1997/01/22 03:51:32 1.5
***************
*** 56,70 ****
<strong>Status:</strong> Base<br>
<strong>Module:</strong> mod_auth<p>
! The AuthUserFile directive sets the name of a textual file containing the
list
! of users and passwords for user authentication. <em>Filename</em> is the
! absolute path to the user file.<p>
! Each line of the user file file contains a username followed by a colon,
! followed by the crypt() encrypted password. The behavior of multiple
! occurrences of the same user is undefined.<p>
! Note that searching user groups files is inefficient;
! <A HREF="mod_auth_dbm.html#authdbmuserfile">AuthDBMUserFile</A> should
! be used instead.<p>
Security: make sure that the AuthUserFile is stored outside the
document tree of the web-server; do <em>not</em> put it in the directory
that
--- 56,70 ----
<strong>Status:</strong> Base<br>
<strong>Module:</strong> mod_auth<p>
! The AuthUserFile directive sets the name of a textual file containing
! the list of users and passwords for user
! authentication. <em>Filename</em> is the absolute path to the user
! file.<p> Each line of the user file file contains a username followed
! by a colon, followed by the crypt() encrypted password. The behavior
! of multiple occurrences of the same user is undefined.<p> Note that
! searching user groups files is inefficient; <A
! HREF="mod_auth_dbm.html#authdbmuserfile">AuthDBMUserFile</A> should be
! used instead.<p>
Security: make sure that the AuthUserFile is stored outside the
document tree of the web-server; do <em>not</em> put it in the directory
that
***************
*** 82,100 ****
<strong>Status:</strong> Base<br>
<strong>Module:</strong> mod_auth<p>
! Setting the AuthAuthoritative directive explicitly to <b>'off'</b> allows
for both authentification and authorization to be passed on to lower level
modules (as defined in the <code>Configuration</code> and
<code>modules.c</code> file if there is <b>no userID</b> or <b>rule</b>
matching the supplied userID. If there is a userID and/or rule specified; the
usual password and access checks will be applied and a failure will give an
Authorization Required reply.
<p>
! So if a userID appears in the database of more than one module; or if a
valid require directive applies to more than one module; then the first module
will verify the credentials; and no access is passed on; regardless of the
AuthAuthoritative setting.
<p>
! A common use for this is in conjection with one of the database modules;
such
! as <a href="mod_auth_anon.c"><code>mod_auth_db.c</code></a>, <a
href="mod_auth_anon.c"><code>mod_auth_dbm.c</code></a>,
! <a href="mod_auth_anon.c"><code>mod_auth_msql.c</code></a> and <a
href="mod_auth_anon.c"><code>mod_auth_anon.c</code></a>. These modules supply
the bulk of the user credential checking; but a few (administrator) related
accesses fall through to a lower level with a well protected AuthUserFile.
<p>
! <b>Default:</b> By default; control is not passed on; and an unkown userID
or rule will result in an Authorization Required reply. Not setting it thus
keeps the system secure; and forces an NSCA compliant behaviour.
<p>
! Security: Do consider the implications of allowing a user to allow
fall-through in his .htaccess file; and verify that this is really what you
want; Generally it is easier to just secure a single .htpasswd file, than it is
to secure a database such as mSQL. Make sure that the AuthUserFile is stored
outside the
! document tree of the web-server; do <em>not</em> put it in the directory
that
! it protects. Otherwise, clients will be able to download the AuthUserFile.
<p>
See also <A HREF="core.html#authname">AuthName</A>,
<A HREF="core.html#authtype">AuthType</A> and
--- 82,132 ----
<strong>Status:</strong> Base<br>
<strong>Module:</strong> mod_auth<p>
! Setting the AuthAuthoritative directive explicitly to <b>'off'</b>
! allows for both authentification and authorization to be passed on to
! lower level modules (as defined in the <code>Configuration</code> and
! <code>modules.c</code> file if there is <b>no userID</b> or
! <b>rule</b> matching the supplied userID. If there is a userID and/or
! rule specified; the usual password and access checks will be applied
! and a failure will give an Authorization Required reply.
!
<p>
!
! So if a userID appears in the database of more than one module; or if
! a valid require directive applies to more than one module; then the
! first module will verify the credentials; and no access is passed on;
! regardless of the AuthAuthoritative setting.
!
<p>
!
! A common use for this is in conjection with one of the database
! modules; such as <a
! href="mod_auth_db.html"><code>mod_auth_db.c</code></a>, <a
! href="mod_auth_dbm.html"><code>mod_auth_dbm.c</code></a>, <a
! href="mod_auth_msql.html"><code>mod_auth_msql.c</code></a> and <a
! href="mod_auth_anon.html"><code>mod_auth_anon.c</code></a>. These modules
! supply the bulk of the user credential checking; but a few
! (administrator) related accesses fall through to a lower level with a
! well protected AuthUserFile.
!
<p>
!
! <b>Default:</b> By default; control is not passed on; and an unkown
! userID or rule will result in an Authorization Required reply. Not
! setting it thus keeps the system secure; and forces an NSCA compliant
! behaviour.
!
<p>
!
! Security: Do consider the implications of allowing a user to allow
! fall-through in his .htaccess file; and verify that this is really
! what you want; Generally it is easier to just secure a single
! .htpasswd file, than it is to secure a database such as mSQL. Make
! sure that the AuthUserFile is stored outside the document tree of the
! web-server; do <em>not</em> put it in the directory that it
! protects. Otherwise, clients will be able to download the
! AuthUserFile.
!
<p>
See also <A HREF="core.html#authname">AuthName</A>,
<A HREF="core.html#authtype">AuthType</A> and
