Apache HTTP Server Version 2.0
Apache HTTP Server Version 2.0
| Description: + | Basic authentication |
|---|---|
| Status: + | Base |
| Module Identifier: + | auth_basic_module |
| Source File: + | mod_auth_basic.c |
| Compatibility: + | Available in Apache 2.0.42 and later |
This module allows the use of HTTP Basic Authentication to
+ restrict access by looking up users in the given providers.
+ HTTP Digest Authentication is provided by
+ mod_auth_digest.
| Description: + | Sets whether authorization and authentication are +passed to lower level modules |
|---|---|
| Syntax: + | AuthBasicAuthoritative on|off |
| Default: + | AuthBasicAuthoritative on |
| Context: + | directory, .htaccess |
| Override: + | AuthConfig |
| Status: + | Base |
| Module: + | mod_auth_basic |
Setting the AuthBasicAuthoritative directive
+ explicitly to 'off' allows for both
+ authentication and authorization to be passed on to lower level
+ modules (as defined in the Configuration and
+ modules.c files) if there is no
+ userID or rule matching the supplied
+ userID. If there is a userID and/or rule specified; the usual
+ password and access checks will be applied and a failure will give
+ an Authorization Required reply.
So if a userID appears in the database of more than one module;
+ or if a valid Require
+ directive applies to more than one module; then the first module
+ will verify the credentials; and no access is passed on;
+ regardless of the AuthAuthoritative setting.
By default; control is not passed on; and an unknown userID or + rule will result in an Authorization Required reply. Not setting + it thus keeps the system secure; and forces an NCSA compliant + behaviour.
+ +| Description: + | Sets the authentication provider(s) for this location |
|---|---|
| Syntax: + | AuthBasicProvider provider-name |
| Context: + | directory, location, .htaccess |
| Override: + | AuthConfig |
| Status: + | Base |
| Module: + | mod_auth_basic |
The AuthBasicProvider directive sets
+ which provider is used to authenticate the users for this location.
See mod_authn_dbm, mod_authn_file
+ for providers.
This module allows the use of HTTP Basic Authentication to
+ restrict access by looking up users in the given providers.
+ HTTP Digest Authentication is provided by
+
The
See
Setting the Configuration and
+ modules.c files) if there is no
+ userID or rule matching the supplied
+ userID. If there is a userID and/or rule specified; the usual
+ password and access checks will be applied and a failure will give
+ an Authorization Required reply.
So if a userID appears in the database of more than one module;
+ or if a valid
By default; control is not passed on; and an unknown userID or + rule will result in an Authorization Required reply. Not setting + it thus keeps the system secure; and forces an NCSA compliant + behaviour.
+ +Apache HTTP Server Version 2.0
| Description: + | User authentication using DBM files |
|---|---|
| Status: + | Extension |
| Module Identifier: + | authn_dbm_module |
| Source File: + | mod_authn_dbm.c |
| Compatibility: + | Available in Apache 2.0.42 and later |
This module provides authentication front-ends such as
+ mod_auth_digest and mod_auth_basic
+ to authenticate users by looking up users in plain text password files.
+ Similar functionality is provided by mod_authn_file.
When using mod_auth_basic or
+ mod_auth_digest, this module is invoked via the
+ AuthBasicProvider or
+ AuthDigestProvider
+ with the 'dbm' value.
| Description: + | Sets whether authentication and authorization will be +passwed on to lower level modules |
|---|---|
| Syntax: + | AuthDBMAuthoritative on|off |
| Default: + | AuthDBMAuthoritative on |
| Context: + | directory, .htaccess |
| Override: + | AuthConfig |
| Status: + | Extension |
| Module: + | mod_authn_dbm |
Setting the AuthDBMAuthoritative
+ directive explicitly to 'off' allows for both
+ authentication and authorization to be passed on to lower level
+ modules (as defined in the Configuration and
+ modules.c file if there is no userID
+ or rule matching the supplied userID. If there is
+ a userID and/or rule specified; the usual password and access
+ checks will be applied and a failure will give an Authorization
+ Required reply.
So if a userID appears in the database of more than one module;
+ or if a valid Require
+ directive applies to more than one module; then the first module
+ will verify the credentials; and no access is passed on;
+ regardless of the AuthAuthoritative setting.
A common use for this is in conjunction with one of the
+ auth providers; such as mod_authn_file. Whereas this
+ DBM module supplies the bulk of the user credential checking; a
+ few (administrator) related accesses fall through to a lower
+ level with a well protected .htpasswd file.
By default, control is not passed on and an unknown userID + or rule will result in an Authorization Required reply. Not + setting it thus keeps the system secure and forces an NCSA + compliant behaviour.
+ +Security: Do consider the implications of allowing a user to + allow fall-through in his .htaccess file; and verify that this + is really what you want; Generally it is easier to just secure + a single .htpasswd file, than it is to secure a database which + might have more access interfaces.
+| Description: + | Sets the type of database file that is used to +store passwords |
|---|---|
| Syntax: + | AuthDBMType default|SDBM|GDBM|NDBM|DB |
| Default: + | AuthDBMType default |
| Context: + | directory, .htaccess |
| Override: + | AuthConfig |
| Status: + | Extension |
| Module: + | mod_authn_dbm |
| Compatibility: + | Available in version 2.0.30 and later. |
Sets the type of database file that is used to store the passwords. +The default database type is determined at compile time. The +availability of other types of database files also depends on +compile-time settings.
+ +It is crucial that whatever program you use to create your password +files is configured to use the same type of database.
+| Description: + | Sets the name of a database file containing the list of users and +passwords for authentication |
|---|---|
| Syntax: + | AuthDBMUserFile file-path |
| Context: + | directory, .htaccess |
| Override: + | AuthConfig |
| Status: + | Extension |
| Module: + | mod_authn_dbm |
The AuthDBMUserFile directive sets the
+ name of a DBM file containing the list of users and passwords for
+ user authentication. File-path is the absolute path to
+ the user file.
The user file is keyed on the username. The value for a user is
+ the crypt() encrypted password, optionally followed
+ by a colon and arbitrary data. The colon and the data following it
+ will be ignored by the server.
Security: make sure that the
+ AuthDBMUserFile is stored outside the
+ document tree of the web-server; do not put it in the
+ directory that it protects. Otherwise, clients will be able to
+ download the AuthDBMUserFile.
Important compatibility note: The implementation of + "dbmopen" in the apache modules reads the string length of the + hashed values from the DBM data structures, rather than relying + upon the string being NULL-appended. Some applications, such as + the Netscape web server, rely upon the string being + NULL-appended, so if you are having trouble using DBM files + interchangeably between applications this may be a part of the + problem.
+ +A perl script called + dbmmanage is included with + Apache. This program can be used to create and update DBM + format password files for use with this module.
+This module provides authentication front-ends such as
+
When using
The
The user file is keyed on the username. The value for a user is
+ the crypt() encrypted password, optionally followed
+ by a colon and arbitrary data. The colon and the data following it
+ will be ignored by the server.
Security: make sure that the
+
Important compatibility note: The implementation of + "dbmopen" in the apache modules reads the string length of the + hashed values from the DBM data structures, rather than relying + upon the string being NULL-appended. Some applications, such as + the Netscape web server, rely upon the string being + NULL-appended, so if you are having trouble using DBM files + interchangeably between applications this may be a part of the + problem.
+ +A perl script called + dbmmanage is included with + Apache. This program can be used to create and update DBM + format password files for use with this module.
+Sets the type of database file that is used to store the passwords. +The default database type is determined at compile time. The +availability of other types of database files also depends on +compile-time settings.
+ +It is crucial that whatever program you use to create your password +files is configured to use the same type of database.
+Setting the Configuration and
+ modules.c file if there is no userID
+ or rule matching the supplied userID. If there is
+ a userID and/or rule specified; the usual password and access
+ checks will be applied and a failure will give an Authorization
+ Required reply.
So if a userID appears in the database of more than one module;
+ or if a valid
A common use for this is in conjunction with one of the
+ auth providers; such as
By default, control is not passed on and an unknown userID + or rule will result in an Authorization Required reply. Not + setting it thus keeps the system secure and forces an NCSA + compliant behaviour.
+ +Security: Do consider the implications of allowing a user to + allow fall-through in his .htaccess file; and verify that this + is really what you want; Generally it is easier to just secure + a single .htpasswd file, than it is to secure a database which + might have more access interfaces.
+Apache HTTP Server Version 2.0
| Description: + | User authentication using text files |
|---|---|
| Status: + | Base |
| Module Identifier: + | authn_file_module |
| Source File: + | mod_authn_file.c |
| Compatibility: + | Available in Apache 2.0.42 and later |
This module provides authentication front-ends such as
+ mod_auth_digest and mod_auth_basic
+ to authenticate users by looking up users in plain text password files.
+ Similar functionality is provided by mod_authn_dbm.
When using mod_auth_basic or
+ mod_auth_digest, this module is invoked via the
+ AuthBasicProvider or
+ AuthDigestProvider
+ with the 'file' value.
| Description: + | Sets the name of a text file containing the list of users and +passwords for authentication |
|---|---|
| Syntax: + | AuthUserFile file-path |
| Context: + | directory, .htaccess |
| Override: + | AuthConfig |
| Status: + | Base |
| Module: + | mod_authn_file |
The AuthUserFile directive sets the name
+ of a textual file containing the list of users and passwords for
+ user authentication. File-path is the path to the user
+ file. If it is not absolute (i.e., if it doesn't begin
+ with a slash), it is treated as relative to the ServerRoot.
Each line of the user file contains a username followed by
+ a colon, followed by the crypt() encrypted
+ password. The behavior of multiple occurrences of the same user is
+ undefined.
The utility htpasswd
+ which is installed as part of the binary distribution, or which
+ can be found in src/support, is used to maintain
+ this password file. See the man page for more
+ details. In short:
Create a password file 'Filename' with 'username' as the + initial ID. It will prompt for the password:
+htpasswd -c Filename username
Add or modify 'username2' in the password file 'Filename':
+htpasswd Filename username2
Note that searching large text files is very
+ inefficient; AuthDBMUserFile should be used
+ instead.
Make sure that the AuthUserFile is
+ stored outside the document tree of the web-server; do not
+ put it in the directory that it protects. Otherwise, clients will
+ be able to download the AuthUserFile.
| Description: + | Sets whether authorization and authentication are +passed to lower level modules |
|---|---|
| Syntax: + | AuthUserFileAuthoritative on|off |
| Default: + | AuthUserFileAuthoritative on |
| Context: + | directory, .htaccess |
| Override: + | AuthConfig |
| Status: + | Base |
| Module: + | mod_authn_file |
Setting the AuthAuthoritative directive
+ explicitly to 'off' allows for both
+ authentication and authorization to be passed on to lower level
+ modules (as defined in the Configuration and
+ modules.c files) if there is no
+ userID or rule matching the supplied
+ userID. If there is a userID and/or rule specified; the usual
+ password and access checks will be applied and a failure will give
+ an Authorization Required reply.
So if a userID appears in the database of more than one module;
+ or if a valid Require
+ directive applies to more than one module; then the first module
+ will verify the credentials; and no access is passed on;
+ regardless of the AuthAuthoritative setting.
By default; control is not passed on; and an unknown userID or + rule will result in an Authorization Required reply. Not setting + it thus keeps the system secure; and forces an NCSA compliant + behaviour.
+ +
AuthUserFile and the AuthGroupFile are stored outside
+ the document tree of the web-server; do not put them in the
+ directory that they protect. Otherwise, clients will be able to
+ download the AuthUserFile
+ and the AuthGroupFile.
+ This module provides authentication front-ends such as
+
When using
The
Each line of the user file contains a username followed by
+ a colon, followed by the crypt() encrypted
+ password. The behavior of multiple occurrences of the same user is
+ undefined.
The utility htpasswd
+ which is installed as part of the binary distribution, or which
+ can be found in src/support, is used to maintain
+ this password file. See the man page for more
+ details. In short:
Create a password file 'Filename' with 'username' as the + initial ID. It will prompt for the password:
+Add or modify 'username2' in the password file 'Filename':
+Note that searching large text files is very
+ inefficient;
Make sure that the
Setting the Configuration and
+ modules.c files) if there is no
+ userID or rule matching the supplied
+ userID. If there is a userID and/or rule specified; the usual
+ password and access checks will be applied and a failure will give
+ an Authorization Required reply.
So if a userID appears in the database of more than one module;
+ or if a valid
By default; control is not passed on; and an unknown userID or + rule will result in an Authorization Required reply. Not setting + it thus keeps the system secure; and forces an NCSA compliant + behaviour.
+ +Apache HTTP Server Version 2.0
| Description: + | Group authorization using DBM files |
|---|---|
| Status: + | Extension |
| Module Identifier: + | authz_dbm_module |
| Source File: + | mod_authz_dbm.c |
| Compatibility: + | Available in Apache 2.0.42 and later |
This module provides authorization capabilities so that
+ authenticated users can be allowed or denied access to portions
+ of the web site by group membership. Similar functionality is
+ provided by mod_authz_groupfile.
| Description: + | Sets the name of the database file containing the list +of user groups for authentication |
|---|---|
| Syntax: + | AuthDBMGroupFile file-path |
| Context: + | directory, .htaccess |
| Override: + | AuthConfig |
| Status: + | Extension |
| Module: + | mod_authz_dbm |
The AuthDBMGroupFile directive sets the
+ name of a DBM file containing the list of user groups for user
+ authentication. File-path is the absolute path to the
+ group file.
The group file is keyed on the username. The value for a + user is a comma-separated list of the groups to which the users + belongs. There must be no whitespace within the value, and it + must never contain any colons.
+ +Security: make sure that the
+ AuthDBMGroupFile is stored outside the
+ document tree of the web-server; do not put it in the
+ directory that it protects. Otherwise, clients will be able to
+ download the AuthDBMGroupFile unless
+ otherwise protected.
Combining Group and Password DBM files: In some cases it is + easier to manage a single database which contains both the + password and group details for each user. This simplifies any + support programs that need to be written: they now only have to + deal with writing to and locking a single DBM file. This can be + accomplished by first setting the group and password files to + point to the same DBM:
+ +
+AuthDBMGroupFile /www/userbase
+AuthDBMUserFile /www/userbase
+
The key for the single DBM is the username. The value consists + of
+ +Unix Crypt-ed Password : List of Groups [ : (ignored)
+ ]
The password section contains the Unix crypt()
+ password as before. This is followed by a colon and the comma
+ separated list of groups. Other data may optionally be left in the
+ DBM file after another colon; it is ignored by the authentication
+ module. This is what www.telescope.org uses for its combined
+ password and group database.
| Description: + | Sets whether authorization will be passed on to lower level modules |
|---|---|
| Syntax: + | AuthzDBMAuthoritative on|off |
| Default: + | AuthzDBMAuthoritative on |
| Context: + | directory, .htaccess |
| Override: + | AuthConfig |
| Status: + | Extension |
| Module: + | mod_authz_dbm |
Setting the AuthzDBMAuthoritative
+ directive explicitly to 'off' allows for both
+ authentication and authorization to be passed on to lower level
+ modules (as defined in the Configuration and
+ modules.c file if there is no userID
+ or rule matching the supplied userID. If there is
+ a userID and/or rule specified; the usual password and access
+ checks will be applied and a failure will give an Authorization
+ Required reply.
So if a userID appears in the database of more than one module;
+ or if a valid Require
+ directive applies to more than one module; then the first module
+ will verify the credentials; and no access is passed on;
+ regardless of the AuthAuthoritative setting.
A common use for this is in conjunction with one of the
+ auth providers; such as mod_authn_file. Whereas this
+ DBM module supplies the bulk of the user credential checking; a
+ few (administrator) related accesses fall through to a lower
+ level with a well protected .htpasswd file.
By default, control is not passed on and an unknown userID + or rule will result in an Authorization Required reply. Not + setting it thus keeps the system secure and forces an NCSA + compliant behaviour.
+ +Security: Do consider the implications of allowing a user to + allow fall-through in his .htaccess file; and verify that this + is really what you want; Generally it is easier to just secure + a single .htpasswd file, than it is to secure a database which + might have more access interfaces.
+| Description: + | Sets the type of database file that is used to +store passwords |
|---|---|
| Syntax: + | AuthzDBMType default|SDBM|GDBM|NDBM|DB |
| Default: + | AuthzDBMType default |
| Context: + | directory, .htaccess |
| Override: + | AuthConfig |
| Status: + | Extension |
| Module: + | mod_authz_dbm |
| Compatibility: + | Available in version 2.0.30 and later. |
Sets the type of database file that is used to store the passwords. +The default database type is determined at compile time. The +availability of other types of database files also depends on +compile-time settings.
+ +It is crucial that whatever program you use to create your password +files is configured to use the same type of database.
+This module provides authorization capabilities so that
+ authenticated users can be allowed or denied access to portions
+ of the web site by group membership. Similar functionality is
+ provided by
The
The group file is keyed on the username. The value for a + user is a comma-separated list of the groups to which the users + belongs. There must be no whitespace within the value, and it + must never contain any colons.
+ +Security: make sure that the
+
Combining Group and Password DBM files: In some cases it is + easier to manage a single database which contains both the + password and group details for each user. This simplifies any + support programs that need to be written: they now only have to + deal with writing to and locking a single DBM file. This can be + accomplished by first setting the group and password files to + point to the same DBM:
+ +The key for the single DBM is the username. The value consists + of
+ +The password section contains the Unix crypt()
+ password as before. This is followed by a colon and the comma
+ separated list of groups. Other data may optionally be left in the
+ DBM file after another colon; it is ignored by the authentication
+ module. This is what www.telescope.org uses for its combined
+ password and group database.
Sets the type of database file that is used to store the passwords. +The default database type is determined at compile time. The +availability of other types of database files also depends on +compile-time settings.
+ +It is crucial that whatever program you use to create your password +files is configured to use the same type of database.
+Setting the Configuration and
+ modules.c file if there is no userID
+ or rule matching the supplied userID. If there is
+ a userID and/or rule specified; the usual password and access
+ checks will be applied and a failure will give an Authorization
+ Required reply.
So if a userID appears in the database of more than one module;
+ or if a valid
A common use for this is in conjunction with one of the
+ auth providers; such as
By default, control is not passed on and an unknown userID + or rule will result in an Authorization Required reply. Not + setting it thus keeps the system secure and forces an NCSA + compliant behaviour.
+ +Security: Do consider the implications of allowing a user to + allow fall-through in his .htaccess file; and verify that this + is really what you want; Generally it is easier to just secure + a single .htpasswd file, than it is to secure a database which + might have more access interfaces.
+Apache HTTP Server Version 2.0
| Description: + | Group authorization using plaintext files |
|---|---|
| Status: + | Extension |
| Module Identifier: + | authz_groupfile_module |
| Source File: + | mod_authz_groupfile.c |
| Compatibility: + | Available in Apache 2.0.42 and later |
This module provides authorization capabilities so that
+ authenticated users can be allowed or denied access to portions
+ of the web site by group membership. Similar functionality is
+ provided by mod_authz_dbm.
| Description: + | Sets the name of a text file containing the list +of user groups for authentication |
|---|---|
| Syntax: + | AuthGroupFile file-path |
| Context: + | directory, .htaccess |
| Override: + | AuthConfig |
| Status: + | Extension |
| Module: + | mod_authz_groupfile |
The AuthGroupFile directive sets the
+ name of a textual file containing the list of user groups for user
+ authentication. File-path is the path to the group
+ file. If it is not absolute (i.e., if it doesn't begin
+ with a slash), it is treated as relative to the ServerRoot.
Each line of the group file contains a groupname followed by a + colon, followed by the member usernames separated by spaces. + Example:
+ +mygroup: bob joe anne
Note that searching large text files is very
+ inefficient; AuthDBMGroupFile should be used
+ instead.
Make sure that the AuthGroupFile is
+ stored outside the document tree of the web-server; do not
+ put it in the directory that it protects. Otherwise, clients will
+ be able to download the AuthGroupFile.
| Description: + | Sets whether authorization will be passed on to lower level modules |
|---|---|
| Syntax: + | AuthzGroupFileAuthoritative on|off |
| Default: + | AuthzGroupFileAuthoritative on |
| Context: + | directory, .htaccess |
| Override: + | AuthConfig |
| Status: + | Extension |
| Module: + | mod_authz_groupfile |
Setting the AuthzGroupFileAuthoritative
+ directive explicitly to 'off' allows for
+ authorization to be passed on to lower level modules (as defined in
+ the Configuration and modules.c file if
+ there is no userID or rule matching
+ the supplied userID. If there is a userID and/or rule specified; the
+ usual password and access checks will be applied and a failure will
+ give an Authorization Required reply.
So if a valid Require
+ directive applies to more than one module; then the first module
+ will verify the credentials; and no access is passed on;
+ regardless of the AuthzGroupFileAuthoritative
+ setting.
By default, control is not passed on and an unknown userID + or rule will result in an Authorization Required reply. Not + setting it thus keeps the system secure and forces an NCSA + compliant behaviour.
+ +Security: Do consider the implications of allowing a user to + allow fall-through in his .htaccess file; and verify that this + is really what you want; Generally it is easier to just secure + a single .htpasswd file, than it is to secure a database which + might have more access interfaces.
+This module provides authorization capabilities so that
+ authenticated users can be allowed or denied access to portions
+ of the web site by group membership. Similar functionality is
+ provided by
The
Each line of the group file contains a groupname followed by a + colon, followed by the member usernames separated by spaces. + Example:
+ +Note that searching large text files is very
+ inefficient;
Make sure that the
Setting the Configuration and modules.c file if
+ there is no userID or rule matching
+ the supplied userID. If there is a userID and/or rule specified; the
+ usual password and access checks will be applied and a failure will
+ give an Authorization Required reply.
So if a valid
By default, control is not passed on and an unknown userID + or rule will result in an Authorization Required reply. Not + setting it thus keeps the system secure and forces an NCSA + compliant behaviour.
+ +Security: Do consider the implications of allowing a user to + allow fall-through in his .htaccess file; and verify that this + is really what you want; Generally it is easier to just secure + a single .htpasswd file, than it is to secure a database which + might have more access interfaces.
+