www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-05 16:55:50 +03:00
Code Activity

- removed obs_* files

Browse Source 
- keep sitemap in sync
- Note: mod_auth_digest is currently exactly the same as in 2.0
  (no changes were made due to the aaa-rewrite)
- modified the example in mod_info (was a bad one ;-)
- forward port (i.e copy) of rotatelogs.html, so we shouldn't forget the
  recent changes
- fixed xslt/css for module index page
-> update transformation


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97752 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
André Malo
2002-12-02 21:58:35 +00:00
parent a028fa1494
commit 4bcc28e478
25 changed files with 143 additions and 2424 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/manual/env.xml
View File

@@ -398,7 +398,3 @@ SetEnvIf Referer "^$" local_referal
</section>
</section>
</manualpage>

15
docs/manual/mod/index.html.en
View File

@@ -4,14 +4,14 @@
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
This file is generated from xml source: DO NOT EDIT
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
--><title>Module Index - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body id="module-index"><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs-project/">Documentation</a> &gt; <a href="../">Version 2.0</a></div><div id="page-content"><div id="preamble"><h1>Module Index</h1>
--><title>Module Index - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body id="module-index"><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs-project/">Documentation</a> &gt; <a href="../">Version 2.0</a></div><div id="preamble"><h1>Module Index</h1>
<p>
Below is a list of all of the modules that come as part of
the Apache distribution. See also the complete
alphabetical list of <a href="directives.html">all Apache
directives</a>.
</p>
</div><div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#core">Core Features and Multi-Processing Modules</a></li><li><img alt="" src="../images/down.gif" /> <a href="#other">Other Modules</a></li><li><img alt="" src="../images/down.gif" /> <a href="#obsolete">Obsolete Modules</a></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a id="core" name="core">Core Features and Multi-Processing Modules</a></h2><dl><dt><a href="core.html">core</a></dt><dd>Core Apache HTTP Server features that are always
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a id="core" name="core">Core Features and Multi-Processing Modules</a></h2><dl><dt><a href="core.html">core</a></dt><dd>Core Apache HTTP Server features that are always
available</dd>
<dt><a href="mpm_common.html">mpm_common</a></dt><dd>A collection of directives that are implemented by
more than one multi-processing module (MPM)</dd>
@@ -114,13 +114,4 @@ identifier for each request</dd>
</dd>
<dt><a href="mod_vhost_alias.html">mod_vhost_alias</a></dt><dd>Provides for dynamically configured mass virtual
hosting</dd>
</dl></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a id="obsolete" name="obsolete">Obsolete Modules</a></h2><dl><dt><a href="obs_mod_access.html">mod_access</a></dt><dd><em>(replaced by <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code> since 2.0.44)</em><br />Provides access control based on client hostname, IP
address, or other characteristics of the client request.</dd>
<dt><a href="obs_mod_auth.html">mod_auth</a></dt><dd><em>(obsolete since 2.0.44)</em><br />User authentication using text files</dd>
<dt><a href="obs_mod_auth_anon.html">mod_auth_anon</a></dt><dd><em>(replaced by <code class="module"><a href="../mod/mod_authn_anon.html">mod_authn_anon</a></code> since 2.0.44)</em><br />Allows "anonymous" user access to authenticated
areas</dd>
<dt><a href="obs_mod_auth_dbm.html">mod_auth_dbm</a></dt><dd><em>(obsolete since 2.0.44)</em><br />Provides for user authentication using DBM
files</dd>
<dt><a href="obs_mod_auth_digest.html">mod_auth_digest</a></dt><dd><em>(obsolete since 2.0.44)</em><br />User authentication using MD5
Digest Authentication.</dd>
</dl></div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
</dl></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>

75
docs/manual/mod/mod_auth_digest.html.en
View File

@@ -21,7 +21,7 @@
<li><img alt="" src="../images/down.gif" /> <a href="#authdigestnonceformat">AuthDigestNonceFormat</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authdigestnoncelifetime">AuthDigestNonceLifetime</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authdigestqop">AuthDigestQop</a></li>
</ul><h3>Topics</h3><ul id="topics"><li><img alt="" src="../images/down.gif" /> Using Digest Authentication</li></ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2>Using Digest Authentication</h2>
</ul><h3>Topics</h3><ul id="topics"><li><img alt="" src="../images/down.gif" /> <a href="#using">Using Digest Authentication</a></li></ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="using" id="using">Using Digest Authentication</a></h2>
<p>Using MD5 Digest authentication is very simple. Simply set
up authentication normally, using "AuthType Digest" and
@@ -30,18 +30,20 @@
"AuthDigestGroupFile". Then add a "AuthDigestDomain" directive
containing at least the root URI(s) for this protection space.
Example:</p>
<div class="example"><p><code>
&lt;Location /private/&gt;<br />
AuthType Digest<br />
AuthName "private area"<br />
AuthDigestDomain /private/ http://mirror.my.dom/private2/<br />
AuthDigestFile /web/auth/.digest_pw<br />
Require valid-user<br />
&lt;/Location&gt;
</code></p></div>
<div class="note"><h3>Note</h3>
<div class="example"><p><code>
&lt;Location /private/&gt;<br />
<span class="indent">
AuthType Digest<br />
AuthName "private area"<br />
AuthDigestDomain /private/ http://mirror.my.dom/private2/<br />
AuthDigestFile /web/auth/.digest_pw<br />
Require valid-user<br />
</span>
&lt;/Location&gt;
</code></p></div>
<div class="note"><h3>Note</h3>
<p>Digest authentication provides a more secure password system
than Basic authentication, but only works with supporting
browsers. As of July 2002, the major browsers that support digest
@@ -49,8 +51,7 @@
Explorer</a> (fails when used with a query string), <a href="http://www.w3.org/Amaya/">Amaya</a> and <a href="http://www.mozilla.org">Mozilla</a>. Since digest
authentication is not as widely implemented as basic
authentication, you should use it only in controlled settings.</p>
</div>
</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestAlgorithm" id="AuthDigestAlgorithm">AuthDigestAlgorithm</a> <a name="authdigestalgorithm" id="authdigestalgorithm">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Selects the algorithm used to calculate the challenge and
response hases in digest authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
@@ -64,13 +65,14 @@ response hases in digest authentication</td></tr><tr><th><a href="directive-dict
selects the algorithm used to calculate the challenge and response
hashes.</p>
<p><strong><em>MD5-sess</em> is not correctly implemented
yet</strong>.
</p>
<div class="note">
<code>MD5-sess</code> is not correctly implemented yet.
</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestDomain" id="AuthDigestDomain">AuthDigestDomain</a> <a name="authdigestdomain" id="authdigestdomain">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>URIs that are in the same protection space for digest
authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code>AuthDigestDomain <em>URI</em> [<em>URI</em>] ...</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td><code>AuthDigestDomain <var>URI</var> [<var>URI</var>] ...</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Experimental</td></tr><tr><th><a href="directive-dict.html#Module">Module:
@@ -98,14 +100,14 @@ authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestFile" id="AuthDigestFile">AuthDigestFile</a> <a name="authdigestfile" id="authdigestfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Location of the text file containing the list
of users and encoded passwords for digest authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code>AuthDigestFile <em>file-path</em></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td><code>AuthDigestFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Experimental</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_auth_digest</td></tr></table>
<p>The <code class="directive">AuthDigestFile</code> directive sets the
name of a textual file containing the list of users and encoded
passwords for digest authentication. <em>File-path</em> is the
passwords for digest authentication. <var>File-path</var> is the
absolute path to the user file.</p>
<p>The digest file uses a special format. Files in this format
@@ -114,21 +116,21 @@ of users and encoded passwords for digest authentication</td></tr><tr><th><a hre
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestGroupFile" id="AuthDigestGroupFile">AuthDigestGroupFile</a> <a name="authdigestgroupfile" id="authdigestgroupfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Name of the text file containing the list of groups
for digest authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code>AuthDigestGroupFile <em>file-path</em></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td><code>AuthDigestGroupFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Experimental</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_auth_digest</td></tr></table>
<p>The <code class="directive">AuthDigestGroupFile</code> directive sets
the name of a textual file containing the list of groups and their
members (user names). <em>File-path</em> is the absolute path to
members (user names). <var>File-path</var> is the absolute path to
the group file.</p>
<p>Each line of the group file contains a groupname followed by
a colon, followed by the member usernames separated by spaces.
Example:</p>
<div class="example"><p><code>mygroup: bob joe anne</code></p></div>
<div class="example"><p><code>mygroup: bob joe anne</code></p></div>
<p>Note that searching large text files is <em>very</em>
inefficient.</p>
@@ -145,11 +147,13 @@ server</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td>server config</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Experimental</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_auth_digest</td></tr></table>
<p><strong>Not implemented yet.</strong>
</p>
<div class="note">
Not implemented yet.
</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestNonceFormat" id="AuthDigestNonceFormat">AuthDigestNonceFormat</a> <a name="authdigestnonceformat" id="authdigestnonceformat">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Determines how the nonce is generated</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code>AuthDigestNonceFormat <em>format</em></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td><code>AuthDigestNonceFormat <var>format</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Experimental</td></tr><tr><th><a href="directive-dict.html#Module">Module:
@@ -158,7 +162,7 @@ server</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestNonceLifetime" id="AuthDigestNonceLifetime">AuthDigestNonceLifetime</a> <a name="authdigestnoncelifetime" id="authdigestnoncelifetime">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>How long the server nonce is valid</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code>AuthDigestNonceLifetime <em>seconds</em></code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
</a></th><td><code>AuthDigestNonceLifetime <var>seconds</var></code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
</a></th><td><code>AuthDigestNonceLifetime 300</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
@@ -167,10 +171,10 @@ server</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
<p>The <code class="directive">AuthDigestNonceLifetime</code> directive
controls how long the server nonce is valid. When the client
contacts the server using an expired nonce the server will send
back a 401 with <code>stale=true</code>. If <em>seconds</em> is
back a 401 with <code>stale=true</code>. If <var>seconds</var> is
greater than 0 then it specifies the amount of time for which the
nonce is valid; this should probably never be set to less than 10
seconds. If <em>seconds</em> is less than 0 then the nonce never
seconds. If <var>seconds</var> is less than 0 then the nonce never
expires.
</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestQop" id="AuthDigestQop">AuthDigestQop</a> <a name="authdigestqop" id="authdigestqop">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
@@ -183,16 +187,17 @@ authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td>Experimental</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_auth_digest</td></tr></table>
<p>The <code class="directive">AuthDigestQop</code> directive determines
the quality-of-protection to use. <em>auth</em> will only do
authentication (username/password); <em>auth-int</em> is
the quality-of-protection to use. <code>auth</code> will only do
authentication (username/password); <code>auth-int</code> is
authentication plus integrity checking (an MD5 hash of the entity
is also computed and checked); <em>none</em> will cause the module
is also computed and checked); <code>none</code> will cause the module
to use the old RFC-2069 digest algorithm (which does not include
integrity checking). Both <em>auth</em> and <em>auth-int</em> may
integrity checking). Both <code>auth</code> and <code>auth-int</code> may
be specified, in which the case the browser will choose which of
these to use. <em>none</em> should only be used if the browser for
these to use. <code>none</code> should only be used if the browser for
some reason does not like the challenge it receives otherwise.</p>
<p><strong><em>auth-int</em> is not implemented
yet</strong>.</p>
<div class="note">
<code>auth-int</code> is not implemented yet.
</div>
</div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>

85
docs/manual/mod/mod_auth_digest.xml
View File

@@ -2,6 +2,7 @@
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
<modulesynopsis>
<name>mod_auth_digest</name>
<description>User authentication using MD5
Digest Authentication.</description>
@@ -20,7 +21,7 @@
<seealso><directive module="core">Require</directive></seealso>
<seealso><directive module="core">Satisfy</directive></seealso>
<section><title>Using Digest Authentication</title>
<section id="using"><title>Using Digest Authentication</title>
<p>Using MD5 Digest authentication is very simple. Simply set
up authentication normally, using "AuthType Digest" and
@@ -29,18 +30,20 @@
"AuthDigestGroupFile". Then add a "AuthDigestDomain" directive
containing at least the root URI(s) for this protection space.
Example:</p>
<example>
&lt;Location /private/&gt;<br />
AuthType Digest<br />
AuthName "private area"<br />
AuthDigestDomain /private/ http://mirror.my.dom/private2/<br />
AuthDigestFile /web/auth/.digest_pw<br />
Require valid-user<br />
&lt;/Location&gt;
</example>
<note><title>Note</title>
<example>
&lt;Location /private/&gt;<br />
<indent>
AuthType Digest<br />
AuthName "private area"<br />
AuthDigestDomain /private/ http://mirror.my.dom/private2/<br />
AuthDigestFile /web/auth/.digest_pw<br />
Require valid-user<br />
</indent>
&lt;/Location&gt;
</example>
<note><title>Note</title>
<p>Digest authentication provides a more secure password system
than Basic authentication, but only works with supporting
browsers. As of July 2002, the major browsers that support digest
@@ -51,15 +54,14 @@
href="http://www.mozilla.org">Mozilla</a>. Since digest
authentication is not as widely implemented as basic
authentication, you should use it only in controlled settings.</p>
</note>
</note>
</section>
<directivesynopsis>
<name>AuthDigestFile</name>
<description>Location of the text file containing the list
of users and encoded passwords for digest authentication</description>
<syntax>AuthDigestFile <em>file-path</em></syntax>
<syntax>AuthDigestFile <var>file-path</var></syntax>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
@@ -67,7 +69,7 @@ of users and encoded passwords for digest authentication</description>
<usage>
<p>The <directive>AuthDigestFile</directive> directive sets the
name of a textual file containing the list of users and encoded
passwords for digest authentication. <em>File-path</em> is the
passwords for digest authentication. <var>File-path</var> is the
absolute path to the user file.</p>
<p>The digest file uses a special format. Files in this format
@@ -81,7 +83,7 @@ of users and encoded passwords for digest authentication</description>
<name>AuthDigestGroupFile</name>
<description>Name of the text file containing the list of groups
for digest authentication</description>
<syntax>AuthDigestGroupFile <em>file-path</em></syntax>
<syntax>AuthDigestGroupFile <var>file-path</var></syntax>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
@@ -89,14 +91,14 @@ for digest authentication</description>
<usage>
<p>The <directive>AuthDigestGroupFile</directive> directive sets
the name of a textual file containing the list of groups and their
members (user names). <em>File-path</em> is the absolute path to
members (user names). <var>File-path</var> is the absolute path to
the group file.</p>
<p>Each line of the group file contains a groupname followed by
a colon, followed by the member usernames separated by spaces.
Example:</p>
<example>mygroup: bob joe anne</example>
<example>mygroup: bob joe anne</example>
<p>Note that searching large text files is <em>very</em>
inefficient.</p>
@@ -120,25 +122,26 @@ authentication</description>
<usage>
<p>The <directive>AuthDigestQop</directive> directive determines
the quality-of-protection to use. <em>auth</em> will only do
authentication (username/password); <em>auth-int</em> is
the quality-of-protection to use. <code>auth</code> will only do
authentication (username/password); <code>auth-int</code> is
authentication plus integrity checking (an MD5 hash of the entity
is also computed and checked); <em>none</em> will cause the module
is also computed and checked); <code>none</code> will cause the module
to use the old RFC-2069 digest algorithm (which does not include
integrity checking). Both <em>auth</em> and <em>auth-int</em> may
integrity checking). Both <code>auth</code> and <code>auth-int</code> may
be specified, in which the case the browser will choose which of
these to use. <em>none</em> should only be used if the browser for
these to use. <code>none</code> should only be used if the browser for
some reason does not like the challenge it receives otherwise.</p>
<p><strong><em>auth-int</em> is not implemented
yet</strong>.</p>
<note>
<code>auth-int</code> is not implemented yet.
</note>
</usage>
</directivesynopsis>
<directivesynopsis>
<name>AuthDigestNonceLifetime</name>
<description>How long the server nonce is valid</description>
<syntax>AuthDigestNonceLifetime <em>seconds</em></syntax>
<syntax>AuthDigestNonceLifetime <var>seconds</var></syntax>
<default>AuthDigestNonceLifetime 300</default>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
@@ -148,11 +151,11 @@ authentication</description>
<p>The <directive>AuthDigestNonceLifetime</directive> directive
controls how long the server nonce is valid. When the client
contacts the server using an expired nonce the server will send
back a 401 with <code>stale=true</code>. If <em>seconds</em> is
back a 401 with <code>stale=true</code>. If <var>seconds</var> is
greater than 0 then it specifies the amount of time for which the
nonce is valid; this should probably never be set to less than 10
seconds. If <em>seconds</em> is less than 0 then the nonce never
expires. <!-- Not implemented yet If <EM>seconds</EM> is 0 then
seconds. If <var>seconds</var> is less than 0 then the nonce never
expires. <!-- Not implemented yet If <var>seconds</var> is 0 then
the nonce may be used exactly once by the client. Note that while
one-time-nonces provide higher security against replay attacks,
they also have significant performance implications, as the
@@ -172,7 +175,7 @@ authentication</description>
<directivesynopsis>
<name>AuthDigestNonceFormat</name>
<description>Determines how the nonce is generated</description>
<syntax>AuthDigestNonceFormat <em>format</em></syntax>
<syntax>AuthDigestNonceFormat <var>format</var></syntax>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
@@ -195,7 +198,10 @@ server</description>
<contextlist><context>server config</context></contextlist>
<usage>
<p><strong>Not implemented yet.</strong> <!--
<note>
Not implemented yet.
</note>
<!--
<P>The AuthDigestNcCheck directive enables or disables the checking of the
nonce-count sent by the server.
@@ -206,8 +212,7 @@ server</description>
a critical section. If the server is handling a large number of
requests which contain the Authorization header then this may noticeably
impact performance.
-->
</p>
-->
</usage>
</directivesynopsis>
@@ -226,12 +231,13 @@ response hases in digest authentication</description>
selects the algorithm used to calculate the challenge and response
hashes.</p>
<p><strong><em>MD5-sess</em> is not correctly implemented
yet</strong>. <!--
<note>
<code>MD5-sess</code> is not correctly implemented yet.
</note>
<!--
<P>To use <EM>MD5-sess</EM> you must first code up the
<VAR>get_userpw_hash()</VAR> function in <VAR>mod_auth_digest.c</VAR> .
-->
</p>
-->
</usage>
</directivesynopsis>
@@ -239,7 +245,7 @@ response hases in digest authentication</description>
<name>AuthDigestDomain</name>
<description>URIs that are in the same protection space for digest
authentication</description>
<syntax>AuthDigestDomain <em>URI</em> [<em>URI</em>] ...</syntax>
<syntax>AuthDigestDomain <var>URI</var> [<var>URI</var>] ...</syntax>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
@@ -269,6 +275,3 @@ authentication</description>
</directivesynopsis>
</modulesynopsis>

6
docs/manual/mod/mod_info.html.en
View File

@@ -69,10 +69,10 @@ information displayed by the server-info handler</td></tr><tr><th><a href="direc
the module <var>module-name</var>. Example:</p>
<div class="example"><p><code>
AddModuleInfo mod_authn_file.c 'See &lt;a \<br />
AddModuleInfo mod_deflate.c 'See &lt;a \<br />
<span class="indent">
href="http://www.apache.org/docs-2.0/mod/mod_authn_file.html"&gt;\<br />
http://www.apache.org/docs-2.0/mod/mod_authn_file.html&lt;/a&gt;'
href="http://www.apache.org/docs-2.0/mod/mod_deflate.html"&gt;\<br />
http://www.apache.org/docs-2.0/mod/mod_deflate.html&lt;/a&gt;'
</span>
</code></p></div>
</div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>

6
docs/manual/mod/mod_info.xml
View File

@@ -73,10 +73,10 @@ information displayed by the server-info handler</description>
the module <var>module-name</var>. Example:</p>
<example>
AddModuleInfo mod_authn_file.c 'See &lt;a \<br />
AddModuleInfo mod_deflate.c 'See &lt;a \<br />
<indent>
href="http://www.apache.org/docs-2.0/mod/mod_authn_file.html"&gt;\<br />
http://www.apache.org/docs-2.0/mod/mod_authn_file.html&lt;/a&gt;'
href="http://www.apache.org/docs-2.0/mod/mod_deflate.html"&gt;\<br />
http://www.apache.org/docs-2.0/mod/mod_deflate.html&lt;/a&gt;'
</indent>
</example>
</usage>

9
docs/manual/mod/mod_speling.html.en
View File

@@ -54,7 +54,6 @@ module for Apache 1.1, but was limited to miscapitalizations. As
of Apache 1.3, it is part of the Apache distribution. Prior to Apache
1.3.2, the CheckSpelling directive was only available in the
"server" and "virtual host" contexts.</td></tr></table>
<p>This directive enables or disables the spelling module. When
enabled, keep in mind that</p>
@@ -77,4 +76,12 @@ of Apache 1.3, it is part of the Apache distribution. Prior to Apache
get incorrectly treated as the negotiated file
"<code>/stats.html</code>".</li>
</ul>
<p>mod_speling should not be enabled in <a href="mod_dav.html">DAV</a>
enabled directories, because it will try to "spell fix" newly created
resource names against existing filenames, e.g., when trying to upload
a new document <code>doc43.html</code> it might redirect to an existing
document <code>doc34.html</code>, which is not what was intended.
</p>
</div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>

4
docs/manual/mod/mod_speling.xml
View File

@@ -65,7 +65,6 @@ of Apache 1.3, it is part of the Apache distribution. Prior to Apache
"server" and "virtual host" contexts.</compatibility>
<usage>
<p>This directive enables or disables the spelling module. When
enabled, keep in mind that</p>
@@ -89,6 +88,7 @@ of Apache 1.3, it is part of the Apache distribution. Prior to Apache
"<code>/stats.html</code>".</li>
</ul>
<!-- XXX: is that really true?! -nd -->
<p>mod_speling should not be enabled in <a href="mod_dav.html">DAV</a>
enabled directories, because it will try to "spell fix" newly created
resource names against existing filenames, e.g., when trying to upload
@@ -96,8 +96,6 @@ of Apache 1.3, it is part of the Apache distribution. Prior to Apache
document <code>doc34.html</code>, which is not what was intended.
</p>
</usage>
</directivesynopsis>
</modulesynopsis>

270
docs/manual/mod/obs_mod_access.html.en
View File

@@ -1,270 +0,0 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
This file is generated from xml source: DO NOT EDIT
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
--><title>mod_access - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs-project/">Documentation</a> &gt; <a href="../">Version 2.0</a> &gt; <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Obsolete Apache Module mod_access</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description:
</a></th><td>Provides access control based on client hostname, IP
address, or other characteristics of the client request.</td></tr><tr><th><a href="module-dict.html#Status">Status:
</a></th><td>Obsolete<em> (replaced by <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code> since 2.0.44)</em><br /></td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module<6C>Identifier:
</a></th><td>access_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source<63>File:
</a></th><td>mod_access.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
</a></th><td>Available only in versions up to 2.0.43</td></tr></table><h3>Summary</h3>
<div class="warning"><h3>This module is obsolete!</h3>
<p>Note, that this module has been marked as obsolete. A bunch
of modules was introduced in Apache version 2.0.44 that
support the new Authentication/Authorization provider mechnism.</p>
<p>If you want to use host based access control, you have to invoke the
<code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code> module now.</p>
<p>This document is kept only for historical reasons and no
longer maintained.</p>
</div>
<p>The directives provided by mod_access are used in <code class="directive"><a href="../mod/core.html#directory">&lt;Directory&gt;</a></code>, <code class="directive"><a href="../mod/core.html#files">&lt;Files&gt;</a></code>, and <code class="directive"><a href="../mod/core.html#location">&lt;Location&gt;</a></code> sections as well as
<code><a href="core.html#accessfilename">.htaccess</a></code>
files to control access to particular parts of the server. Access
can be controlled based on the client hostname, IP address, or
other characteristics of the client request, as captured in <a href="../env.html">environment variables</a>. The <code class="directive"><a href="#allow">Allow</a></code> and <code class="directive"><a href="#deny">Deny</a></code> directives are used to
specify which clients are or are not allowed access to the server,
while the <code class="directive"><a href="#order">Order</a></code>
directive sets the default access state, and configures how the
<code class="directive"><a href="#allow">Allow</a></code> and <code class="directive"><a href="#deny">Deny</a></code> directives interact with each
other.</p>
<p>Both host-based access restrictions and password-based
authentication may be implemented simultaneously. In that case,
the <code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code> directive is used
to determine how the two sets of restrictions interact.</p>
<p>In general, access restriction directives apply to all
access methods (<code>GET</code>, <code>PUT</code>,
<code>POST</code>, etc). This is the desired behavior in most
cases. However, it is possible to restrict some methods, while
leaving other methods unrestricted, by enclosing the directives
in a <code class="directive"><a href="../mod/core.html#limit">&lt;Limit&gt;</a></code> section.</p>
</div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#allow">Allow</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#deny">Deny</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#order">Order</a></li>
</ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Allow" id="Allow">Allow</a> <a name="allow" id="allow">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Controls which hosts can access an area of the
server</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code> Allow from
all|<var>host</var>|env=<var>env-variable</var>
[<var>host</var>|env=<var>env-variable</var>] ...</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>Limit</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_access</td></tr></table>
<p>The <code class="directive">Allow</code> directive affects which hosts can
access an area of the server. Access can be controlled by
hostname, IP Address, IP Address range, or by other
characteristics of the client request captured in environment
variables.</p>
<p>The first argument to this directive is always
<code>from</code>. The subsequent arguments can take three
different forms. If <code>Allow from all</code> is specified, then
all hosts are allowed access, subject to the configuration of the
<code class="directive"><a href="#deny">Deny</a></code> and <code class="directive"><a href="#order">Order</a></code> directives as discussed
below. To allow only particular hosts or groups of hosts to access
the server, the <var>host</var> can be specified in any of the
following formats:</p>
<dl>
<dt>A (partial) domain-name</dt>
<dd>Example: <code>Allow from apache.org</code><br />
Hosts whose names match, or end in, this string are allowed
access. Only complete components are matched, so the above
example will match <code>foo.apache.org</code> but it will
not match <code>fooapache.org</code>. This configuration will
cause the server to perform a reverse DNS lookup on the
client IP address, regardless of the setting of the <code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code>
directive.</dd>
<dt>A full IP address</dt>
<dd>Example: <code>Allow from 10.1.2.3</code><br />
An IP address of a host allowed access</dd>
<dt>A partial IP address</dt>
<dd>Example: <code>Allow from 10.1</code><br />
The first 1 to 3 bytes of an IP address, for subnet
restriction.</dd>
<dt>A network/netmask pair</dt>
<dd>Example: <code>Allow from
10.1.0.0/255.255.0.0</code><br />
A network a.b.c.d, and a netmask w.x.y.z. For more
fine-grained subnet restriction.</dd>
<dt>A network/nnn CIDR specification</dt>
<dd>Example: <code>Allow from 10.1.0.0/16</code><br />
Similar to the previous case, except the netmask consists of
nnn high-order 1 bits.</dd>
</dl>
<p>Note that the last three examples above match exactly the
same set of hosts.</p>
<p>IPv6 addresses and IPv6 subnets can be specified as shown
below:</p>
<div class="example"><p><code>
Allow from fe80::a00:20ff:fea7:ccea<br />
Allow from fe80::a00:20ff:fea7:ccea/10
</code></p></div>
<p>The third format of the arguments to the
<code class="directive">Allow</code> directive allows access to the server
to be controlled based on the existence of an <a href="../env.html">environment variable</a>. When <code>Allow from
env=<var>env-variable</var></code> is specified, then the request is
allowed access if the environment variable <var>env-variable</var>
exists. The server provides the ability to set environment
variables in a flexible way based on characteristics of the client
request using the directives provided by
<code class="module"><a href="../mod/mod_setenvif.html">mod_setenvif</a></code>. Therefore, this directive can be
used to allow access based on such factors as the clients
<code>User-Agent</code> (browser type), <code>Referer</code>, or
other HTTP request header fields.</p>
<div class="example"><h3>Example:</h3><p><code>
SetEnvIf User-Agent ^KnockKnock/2.0 let_me_in<br />
&lt;Directory /docroot&gt;<br />
<span class="indent">
Order Deny,Allow<br />
Deny from all<br />
Allow from env=let_me_in<br />
</span>
&lt;/Directory&gt;
</code></p></div>
<p>In this case, browsers with a user-agent string beginning
with <code>KnockKnock/2.0</code> will be allowed access, and all
others will be denied.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Deny" id="Deny">Deny</a> <a name="deny" id="deny">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Controls which hosts are denied access to the
server</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code> Deny from
all|<var>host</var>|env=<var>env-variable</var>
[<var>host</var>|env=<var>env-variable</var>] ...</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>Limit</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_access</td></tr></table>
<p>This directive allows access to the server to be restricted
based on hostname, IP address, or environment variables. The
arguments for the <code class="directive">Deny</code> directive are
identical to the arguments for the <code class="directive"><a href="#allow">Allow</a></code> directive.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Order" id="Order">Order</a> <a name="order" id="order">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Controls the default access state and the order in which
Allow and Deny are
evaluated.</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code> Order <var>ordering</var></code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
</a></th><td><code>Order Deny,Allow</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>Limit</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_access</td></tr></table>
<p>The <code class="directive">Order</code> directive controls the default
access state and the order in which <code class="directive"><a href="#allow">Allow</a></code> and <code class="directive"><a href="#deny">Deny</a></code> directives are evaluated.
<var>Ordering</var> is one of</p>
<dl>
<dt>Deny,Allow</dt>
<dd>The <code class="directive"><a href="#deny">Deny</a></code> directives
are evaluated before the <code class="directive"><a href="#allow">Allow</a></code> directives. Access is
allowed by default. Any client which does not match a
<code class="directive"><a href="#deny">Deny</a></code> directive or does
match an <code class="directive"><a href="#allow">Allow</a></code>
directive will be allowed access to the server.</dd>
<dt>Allow,Deny</dt>
<dd>The <code class="directive"><a href="#allow">Allow</a></code>
directives are evaluated before the <code class="directive"><a href="#deny">Deny</a></code> directives. Access is denied
by default. Any client which does not match an <code class="directive"><a href="#allow">Allow</a></code> directive or does match a
<code class="directive"><a href="#deny">Deny</a></code> directive will be
denied access to the server.</dd>
<dt>Mutual-failure</dt>
<dd>Only those hosts which appear on the <code class="directive"><a href="#allow">Allow</a></code> list and do not appear on
the <code class="directive"><a href="#deny">Deny</a></code> list are
granted access. This ordering has the same effect as <code>Order
Allow,Deny</code> and is deprecated in favor of that
configuration.</dd>
</dl>
<p>Keywords may only be separated by a comma; no whitespace is
allowed between them. Note that in all cases every <code class="directive"><a href="#allow">Allow</a></code> and <code class="directive"><a href="#deny">Deny</a></code> statement is evaluated.</p>
<p>In the following example, all hosts in the apache.org domain
are allowed access; all other hosts are denied access.</p>
<div class="example"><p><code>
Order Deny,Allow<br />
Deny from all<br />
Allow from apache.org
</code></p></div>
<p>In the next example, all hosts in the apache.org domain are
allowed access, except for the hosts which are in the
foo.apache.org subdomain, who are denied access. All hosts not
in the apache.org domain are denied access because the default
state is to deny access to the server.</p>
<div class="example"><p><code>
Order Allow,Deny<br />
Allow from apache.org<br />
Deny from foo.apache.org
</code></p></div>
<p>On the other hand, if the <code class="directive">Order</code> in the last
example is changed to <code>Deny,Allow</code>, all hosts will
be allowed access. This happens because, regardless of the
actual ordering of the directives in the configuration file,
the <code>Allow from apache.org</code> will be evaluated last
and will override the <code>Deny from foo.apache.org</code>.
All hosts not in the <code>apache.org</code> domain will also
be allowed access because the default state will change to
<var>allow</var>.</p>
<p>The presence of an <code class="directive">Order</code> directive can affect
access to a part of the server even in the absence of accompanying
<code class="directive"><a href="#allow">Allow</a></code> and <code class="directive"><a href="#deny">Deny</a></code> directives because of its effect
on the default access state. For example,</p>
<div class="example"><p><code>
&lt;Directory /www&gt;<br />
<span class="indent">
Order Allow,Deny<br />
</span>
&lt;/Directory&gt;
</code></p></div>
<p>will deny all access to the <code>/www</code> directory
because the default access state will be set to
<var>deny</var>.</p>
<p>The <code class="directive">Order</code> directive controls the order of access
directive processing only within each phase of the server's
configuration processing. This implies, for example, that an
<code class="directive"><a href="#allow">Allow</a></code> or <code class="directive"><a href="#deny">Deny</a></code> directive occurring in a
<code class="directive"><a href="../mod/core.html#location">&lt;Location&gt;</a></code> section will
always be evaluated after an <code class="directive"><a href="#allow">Allow</a></code> or <code class="directive"><a href="#deny">Deny</a></code> directive occurring in a
<code class="directive"><a href="../mod/core.html#directory">&lt;Directory&gt;</a></code> section or
<code>.htaccess</code> file, regardless of the setting of the
<code class="directive">Order</code> directive. For details on the merging
of configuration sections, see the documentation on <a href="../sections.html">How Directory, Location and Files sections
work</a>.</p>
</div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>

325
docs/manual/mod/obs_mod_access.xml
View File

@@ -1,325 +0,0 @@
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
<modulesynopsis>
<name>mod_access</name>
<description>Provides access control based on client hostname, IP
address, or other characteristics of the client request.</description>
<status>Obsolete</status>
<hint>replaced by <module>mod_authz_host</module> since 2.0.44</hint>
<sourcefile>mod_access.c</sourcefile>
<identifier>access_module</identifier>
<compatibility>Available only in versions up to 2.0.43</compatibility>
<summary>
<note type="warning"><title>This module is obsolete!</title>
<p>Note, that this module has been marked as obsolete. A bunch
of modules was introduced in Apache version 2.0.44 that
support the new Authentication/Authorization provider mechnism.</p>
<p>If you want to use host based access control, you have to invoke the
<module>mod_authz_host</module> module now.</p>
<p>This document is kept only for historical reasons and no
longer maintained.</p>
</note>
<p>The directives provided by mod_access are used in <directive
module="core" type="section">Directory</directive>, <directive
module="core" type="section">Files</directive>, and <directive
module="core" type="section">Location</directive> sections as well as
<code><a href="core.html#accessfilename">.htaccess</a></code>
files to control access to particular parts of the server. Access
can be controlled based on the client hostname, IP address, or
other characteristics of the client request, as captured in <a
href="../env.html">environment variables</a>. The <directive
module="mod_access" status="obsolete">Allow</directive> and <directive
module="mod_access" status="obsolete">Deny</directive> directives are used to
specify which clients are or are not allowed access to the server,
while the <directive module="mod_access" status="obsolete">Order</directive>
directive sets the default access state, and configures how the
<directive module="mod_access" status="obsolete">Allow</directive> and <directive
module="mod_access" status="obsolete">Deny</directive> directives interact with each
other.</p>
<p>Both host-based access restrictions and password-based
authentication may be implemented simultaneously. In that case,
the <directive module="core">Satisfy</directive> directive is used
to determine how the two sets of restrictions interact.</p>
<p>In general, access restriction directives apply to all
access methods (<code>GET</code>, <code>PUT</code>,
<code>POST</code>, etc). This is the desired behavior in most
cases. However, it is possible to restrict some methods, while
leaving other methods unrestricted, by enclosing the directives
in a <directive module="core" type="section">Limit</directive> section.</p>
</summary>
<seealso><directive module="core">Satisfy</directive></seealso>
<seealso><directive module="core">Require</directive></seealso>
<directivesynopsis>
<name>Allow</name>
<description>Controls which hosts can access an area of the
server</description>
<syntax> Allow from
all|<var>host</var>|env=<var>env-variable</var>
[<var>host</var>|env=<var>env-variable</var>] ...</syntax>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>Limit</override>
<usage>
<p>The <directive>Allow</directive> directive affects which hosts can
access an area of the server. Access can be controlled by
hostname, IP Address, IP Address range, or by other
characteristics of the client request captured in environment
variables.</p>
<p>The first argument to this directive is always
<code>from</code>. The subsequent arguments can take three
different forms. If <code>Allow from all</code> is specified, then
all hosts are allowed access, subject to the configuration of the
<directive module="mod_access" status="obsolete">Deny</directive> and <directive
module="mod_access" status="obsolete">Order</directive> directives as discussed
below. To allow only particular hosts or groups of hosts to access
the server, the <var>host</var> can be specified in any of the
following formats:</p>
<dl>
<dt>A (partial) domain-name</dt>
<dd>Example: <code>Allow from apache.org</code><br />
Hosts whose names match, or end in, this string are allowed
access. Only complete components are matched, so the above
example will match <code>foo.apache.org</code> but it will
not match <code>fooapache.org</code>. This configuration will
cause the server to perform a reverse DNS lookup on the
client IP address, regardless of the setting of the <directive
module="core">HostnameLookups</directive>
directive.</dd>
<dt>A full IP address</dt>
<dd>Example: <code>Allow from 10.1.2.3</code><br />
An IP address of a host allowed access</dd>
<dt>A partial IP address</dt>
<dd>Example: <code>Allow from 10.1</code><br />
The first 1 to 3 bytes of an IP address, for subnet
restriction.</dd>
<dt>A network/netmask pair</dt>
<dd>Example: <code>Allow from
10.1.0.0/255.255.0.0</code><br />
A network a.b.c.d, and a netmask w.x.y.z. For more
fine-grained subnet restriction.</dd>
<dt>A network/nnn CIDR specification</dt>
<dd>Example: <code>Allow from 10.1.0.0/16</code><br />
Similar to the previous case, except the netmask consists of
nnn high-order 1 bits.</dd>
</dl>
<p>Note that the last three examples above match exactly the
same set of hosts.</p>
<p>IPv6 addresses and IPv6 subnets can be specified as shown
below:</p>
<example>
Allow from fe80::a00:20ff:fea7:ccea<br />
Allow from fe80::a00:20ff:fea7:ccea/10
</example>
<p>The third format of the arguments to the
<directive>Allow</directive> directive allows access to the server
to be controlled based on the existence of an <a
href="../env.html">environment variable</a>. When <code>Allow from
env=<var>env-variable</var></code> is specified, then the request is
allowed access if the environment variable <var>env-variable</var>
exists. The server provides the ability to set environment
variables in a flexible way based on characteristics of the client
request using the directives provided by
<module>mod_setenvif</module>. Therefore, this directive can be
used to allow access based on such factors as the clients
<code>User-Agent</code> (browser type), <code>Referer</code>, or
other HTTP request header fields.</p>
<example><title>Example:</title>
SetEnvIf User-Agent ^KnockKnock/2.0 let_me_in<br />
&lt;Directory /docroot&gt;<br />
<indent>
Order Deny,Allow<br />
Deny from all<br />
Allow from env=let_me_in<br />
</indent>
&lt;/Directory&gt;
</example>
<p>In this case, browsers with a user-agent string beginning
with <code>KnockKnock/2.0</code> will be allowed access, and all
others will be denied.</p>
</usage>
</directivesynopsis>
<directivesynopsis>
<name>Deny</name>
<description>Controls which hosts are denied access to the
server</description>
<syntax> Deny from
all|<var>host</var>|env=<var>env-variable</var>
[<var>host</var>|env=<var>env-variable</var>] ...</syntax>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>Limit</override>
<usage>
<p>This directive allows access to the server to be restricted
based on hostname, IP address, or environment variables. The
arguments for the <directive>Deny</directive> directive are
identical to the arguments for the <directive
module="mod_access" status="obsolete">Allow</directive> directive.</p>
</usage>
</directivesynopsis>
<directivesynopsis>
<name>Order</name>
<description>Controls the default access state and the order in which
<directive>Allow</directive> and <directive>Deny</directive> are
evaluated.</description>
<syntax> Order <var>ordering</var></syntax>
<default>Order Deny,Allow</default>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>Limit</override>
<usage>
<p>The <directive>Order</directive> directive controls the default
access state and the order in which <directive
module="mod_access" status="obsolete">Allow</directive> and <directive
module="mod_access" status="obsolete">Deny</directive> directives are evaluated.
<var>Ordering</var> is one of</p>
<dl>
<dt>Deny,Allow</dt>
<dd>The <directive module="mod_access" status="obsolete">Deny</directive> directives
are evaluated before the <directive
module="mod_access" status="obsolete">Allow</directive> directives. Access is
allowed by default. Any client which does not match a
<directive module="mod_access" status="obsolete">Deny</directive> directive or does
match an <directive module="mod_access" status="obsolete">Allow</directive>
directive will be allowed access to the server.</dd>
<dt>Allow,Deny</dt>
<dd>The <directive module="mod_access" status="obsolete">Allow</directive>
directives are evaluated before the <directive
module="mod_access" status="obsolete">Deny</directive> directives. Access is denied
by default. Any client which does not match an <directive
module="mod_access" status="obsolete">Allow</directive> directive or does match a
<directive module="mod_access" status="obsolete">Deny</directive> directive will be
denied access to the server.</dd>
<dt>Mutual-failure</dt>
<dd>Only those hosts which appear on the <directive
module="mod_access" status="obsolete">Allow</directive> list and do not appear on
the <directive module="mod_access" status="obsolete">Deny</directive> list are
granted access. This ordering has the same effect as <code>Order
Allow,Deny</code> and is deprecated in favor of that
configuration.</dd>
</dl>
<p>Keywords may only be separated by a comma; no whitespace is
allowed between them. Note that in all cases every <directive
module="mod_access" status="obsolete">Allow</directive> and <directive
module="mod_access" status="obsolete">Deny</directive> statement is evaluated.</p>
<p>In the following example, all hosts in the apache.org domain
are allowed access; all other hosts are denied access.</p>
<example>
Order Deny,Allow<br />
Deny from all<br />
Allow from apache.org
</example>
<p>In the next example, all hosts in the apache.org domain are
allowed access, except for the hosts which are in the
foo.apache.org subdomain, who are denied access. All hosts not
in the apache.org domain are denied access because the default
state is to deny access to the server.</p>
<example>
Order Allow,Deny<br />
Allow from apache.org<br />
Deny from foo.apache.org
</example>
<p>On the other hand, if the <directive>Order</directive> in the last
example is changed to <code>Deny,Allow</code>, all hosts will
be allowed access. This happens because, regardless of the
actual ordering of the directives in the configuration file,
the <code>Allow from apache.org</code> will be evaluated last
and will override the <code>Deny from foo.apache.org</code>.
All hosts not in the <code>apache.org</code> domain will also
be allowed access because the default state will change to
<var>allow</var>.</p>
<p>The presence of an <directive>Order</directive> directive can affect
access to a part of the server even in the absence of accompanying
<directive module="mod_access" status="obsolete">Allow</directive> and <directive
module="mod_access" status="obsolete">Deny</directive> directives because of its effect
on the default access state. For example,</p>
<example>
&lt;Directory /www&gt;<br />
<indent>
Order Allow,Deny<br />
</indent>
&lt;/Directory&gt;
</example>
<p>will deny all access to the <code>/www</code> directory
because the default access state will be set to
<var>deny</var>.</p>
<p>The <directive>Order</directive> directive controls the order of access
directive processing only within each phase of the server's
configuration processing. This implies, for example, that an
<directive module="mod_access" status="obsolete">Allow</directive> or <directive
module="mod_access" status="obsolete">Deny</directive> directive occurring in a
<directive module="core" type="section">Location</directive> section will
always be evaluated after an <directive
module="mod_access" status="obsolete">Allow</directive> or <directive
module="mod_access" status="obsolete">Deny</directive> directive occurring in a
<directive module="core" type="section">Directory</directive> section or
<code>.htaccess</code> file, regardless of the setting of the
<directive>Order</directive> directive. For details on the merging
of configuration sections, see the documentation on <a
href="../sections.html">How Directory, Location and Files sections
work</a>.</p>
</usage>
</directivesynopsis>
</modulesynopsis>

163
docs/manual/mod/obs_mod_auth.html.en
View File

@@ -1,163 +0,0 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
This file is generated from xml source: DO NOT EDIT
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
--><title>mod_auth - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs-project/">Documentation</a> &gt; <a href="../">Version 2.0</a> &gt; <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Obsolete Apache Module mod_auth</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description:
</a></th><td>User authentication using text files</td></tr><tr><th><a href="module-dict.html#Status">Status:
</a></th><td>Obsolete<em> (obsolete since 2.0.44)</em><br /></td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module<6C>Identifier:
</a></th><td>auth_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source<63>File:
</a></th><td>mod_auth.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
</a></th><td>Available only in versions up to 2.0.43</td></tr></table><h3>Summary</h3>
<div class="warning"><h3>This module is obsolete!</h3>
<p>Note, that this module has been marked as obsolete. A bunch
of modules was introduced in Apache version 2.0.44 that
support the new Authentication/Authorization provider mechnism.</p>
<p>In order to get the ability of HTTP Basic Authentication, you have
to use the <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code> module that implements
the HTTP part. <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code> provides for user
authentication based on plain text files. File based group
authorization is now done by the <code class="module"><a href="../mod/mod_authz_groupfile.html">mod_authz_groupfile</a></code>
module.</p>
<p>This document is kept only for historical reasons and no
longer maintained.</p>
</div>
<p>This module allows the use of HTTP Basic Authentication to
restrict access by looking up users in plain text password and
group files. Similar functionality and greater scalability is
provided by <code class="module"><a href="../mod/obs_mod_auth_dbm.html">mod_auth_dbm</a></code>. HTTP Digest
Authentication is provided by
<code class="module"><a href="../mod/obs_mod_auth_digest.html">mod_auth_digest</a></code>.</p>
</div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authauthoritative">AuthAuthoritative</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authgroupfile">AuthGroupFile</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authuserfile">AuthUserFile</a></li>
</ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthAuthoritative" id="AuthAuthoritative">AuthAuthoritative</a> <a name="authauthoritative" id="authauthoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Sets whether authorization and authentication are
passed to lower level modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code>AuthAuthoritative on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
</a></th><td><code>AuthAuthoritative on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_auth</td></tr></table>
<div class="note">This information has not been updated for Apache 2.0, which
uses a different system for module ordering.</div>
<p>Setting the <code class="directive">AuthAuthoritative</code> directive
explicitly to <strong>'off'</strong> allows for both
authentication and authorization to be passed on to lower level
modules (as defined in the <code>Configuration</code> and
<code>modules.c</code> files) if there is <strong>no
userID</strong> or <strong>rule</strong> matching the supplied
userID. If there is a userID and/or rule specified; the usual
password and access checks will be applied and a failure will give
an Authorization Required reply.</p>
<p>So if a userID appears in the database of more than one module;
or if a valid <code class="directive"><a href="../mod/core.html#require">Require</a></code>
directive applies to more than one module; then the first module
will verify the credentials; and no access is passed on;
regardless of the AuthAuthoritative setting.</p>
<p>A common use for this is in conjunction with one of the
database modules; such as <code class="module"><a href="../mod/obs_mod_auth_dbm.html">mod_auth_dbm</a></code>,
<code>mod_auth_msql</code>, and <code class="module"><a href="../mod/obs_mod_auth_anon.html">mod_auth_anon</a></code>.
These modules supply the bulk of the user credential checking; but
a few (administrator) related accesses fall through to a lower
level with a well protected <code class="directive"><a href="#authuserfile">AuthUserFile</a></code>.</p>
<p>By default; control is not passed on; and an unknown userID or
rule will result in an Authorization Required reply. Not setting
it thus keeps the system secure; and forces an NCSA compliant
behaviour.</p>
<div class="note"><h3>Security</h3> Do consider the implications of
allowing a user to allow fall-through in his .htaccess file; and
verify that this is really what you want; Generally it is easier
to just secure a single .htpasswd file, than it is to secure a
database such as mSQL. Make sure that the <code class="directive"><a href="#authuserfile">AuthUserFile</a></code> and the <code class="directive"><a href="#authgroupfile">AuthGroupFile</a></code> are stored outside the
document tree of the web-server; do <em>not</em> put them in the
directory that they protect. Otherwise, clients will be able to
download the <code class="directive"><a href="#authuserfile">AuthUserFile</a></code>
and the <code class="directive"><a href="#authgroupfile">AuthGroupFile</a></code>.
</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthGroupFile" id="AuthGroupFile">AuthGroupFile</a> <a name="authgroupfile" id="authgroupfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Sets the name of a text file containing the list
of user groups for authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code>AuthGroupFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_auth</td></tr></table>
<p>The <code class="directive">AuthGroupFile</code> directive sets the
name of a textual file containing the list of user groups for user
authentication. <var>File-path</var> is the path to the group
file. If it is not absolute (<em>i.e.</em>, if it doesn't begin
with a slash), it is treated as relative to the <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.</p>
<p>Each line of the group file contains a groupname followed by a
colon, followed by the member usernames separated by spaces.
Example:</p>
<div class="example"><p><code>mygroup: bob joe anne</code></p></div>
<p>Note that searching large text files is <em>very</em>
inefficient; <code class="directive"><a href="../mod/obs_mod_auth_dbm.html#authdbmgroupfile">AuthDBMGroupFile</a></code> should be used
instead.</p>
<div class="note"><h3>Security</h3>
<p>Make sure that the <code class="directive">AuthGroupFile</code> is
stored outside the document tree of the web-server; do <em>not</em>
put it in the directory that it protects. Otherwise, clients will
be able to download the <code class="directive">AuthGroupFile</code>.</p>
</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthUserFile" id="AuthUserFile">AuthUserFile</a> <a name="authuserfile" id="authuserfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Sets the name of a text file containing the list of users and
passwords for authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code>AuthUserFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_auth</td></tr></table>
<p>The <code class="directive">AuthUserFile</code> directive sets the name
of a textual file containing the list of users and passwords for
user authentication. <var>File-path</var> is the path to the user
file. If it is not absolute (<em>i.e.</em>, if it doesn't begin
with a slash), it is treated as relative to the <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.</p>
<p>Each line of the user file contains a username followed by
a colon, followed by the <code>crypt()</code> encrypted
password. The behavior of multiple occurrences of the same user is
undefined.</p>
<p>The utility <a href="../programs/htpasswd.html">htpasswd</a>
which is installed as part of the binary distribution, or which
can be found in <code>src/support</code>, is used to maintain
this password file. See the <code>man</code> page for more
details. In short:</p>
<p>Create a password file 'Filename' with 'username' as the
initial ID. It will prompt for the password:</p>
<div class="example"><p><code>htpasswd -c Filename username</code></p></div>
<p>Add or modify 'username2' in the password file 'Filename':</p>
<div class="example"><p><code>htpasswd Filename username2</code></p></div>
<p>Note that searching large text files is <em>very</em>
inefficient; <code class="directive"><a href="../mod/obs_mod_auth_dbm.html#authdbmuserfile">AuthDBMUserFile</a></code> should be used
instead.</p>
<div class="note"><h3>Security</h3>
<p>Make sure that the <code class="directive">AuthUserFile</code> is
stored outside the document tree of the web-server; do <em>not</em>
put it in the directory that it protects. Otherwise, clients will
be able to download the <code class="directive">AuthUserFile</code>.</p>
</div>
</div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>

190
docs/manual/mod/obs_mod_auth.xml
View File

@@ -1,190 +0,0 @@
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
<modulesynopsis>
<name>mod_auth</name>
<description>User authentication using text files</description>
<status>Obsolete</status>
<hint>obsolete since 2.0.44</hint>
<sourcefile>mod_auth.c</sourcefile>
<identifier>auth_module</identifier>
<compatibility>Available only in versions up to 2.0.43</compatibility>
<summary>
<note type="warning"><title>This module is obsolete!</title>
<p>Note, that this module has been marked as obsolete. A bunch
of modules was introduced in Apache version 2.0.44 that
support the new Authentication/Authorization provider mechnism.</p>
<p>In order to get the ability of HTTP Basic Authentication, you have
to use the <module>mod_auth_basic</module> module that implements
the HTTP part. <module>mod_authn_file</module> provides for user
authentication based on plain text files. File based group
authorization is now done by the <module>mod_authz_groupfile</module>
module.</p>
<p>This document is kept only for historical reasons and no
longer maintained.</p>
</note>
<p>This module allows the use of HTTP Basic Authentication to
restrict access by looking up users in plain text password and
group files. Similar functionality and greater scalability is
provided by <module status="obsolete">mod_auth_dbm</module>. HTTP Digest
Authentication is provided by
<module status="obsolete">mod_auth_digest</module>.</p>
</summary>
<seealso><directive module="core">Require</directive></seealso>
<seealso><directive module="core">Satisfy</directive></seealso>
<seealso><directive module="core">AuthName</directive></seealso>
<seealso><directive module="core">AuthType</directive></seealso>
<directivesynopsis>
<name>AuthGroupFile</name>
<description>Sets the name of a text file containing the list
of user groups for authentication</description>
<syntax>AuthGroupFile <var>file-path</var></syntax>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<usage>
<p>The <directive>AuthGroupFile</directive> directive sets the
name of a textual file containing the list of user groups for user
authentication. <var>File-path</var> is the path to the group
file. If it is not absolute (<em>i.e.</em>, if it doesn't begin
with a slash), it is treated as relative to the <directive
module="core">ServerRoot</directive>.</p>
<p>Each line of the group file contains a groupname followed by a
colon, followed by the member usernames separated by spaces.
Example:</p>
<example>mygroup: bob joe anne</example>
<p>Note that searching large text files is <em>very</em>
inefficient; <directive
module="mod_auth_dbm" status="obsolete">AuthDBMGroupFile</directive> should be used
instead.</p>
<note><title>Security</title>
<p>Make sure that the <directive>AuthGroupFile</directive> is
stored outside the document tree of the web-server; do <em>not</em>
put it in the directory that it protects. Otherwise, clients will
be able to download the <directive>AuthGroupFile</directive>.</p>
</note>
</usage>
</directivesynopsis>
<directivesynopsis>
<name>AuthUserFile</name>
<description>Sets the name of a text file containing the list of users and
passwords for authentication</description>
<syntax>AuthUserFile <var>file-path</var></syntax>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<usage>
<p>The <directive>AuthUserFile</directive> directive sets the name
of a textual file containing the list of users and passwords for
user authentication. <var>File-path</var> is the path to the user
file. If it is not absolute (<em>i.e.</em>, if it doesn't begin
with a slash), it is treated as relative to the <directive
module="core">ServerRoot</directive>.</p>
<p>Each line of the user file contains a username followed by
a colon, followed by the <code>crypt()</code> encrypted
password. The behavior of multiple occurrences of the same user is
undefined.</p>
<p>The utility <a href="../programs/htpasswd.html">htpasswd</a>
which is installed as part of the binary distribution, or which
can be found in <code>src/support</code>, is used to maintain
this password file. See the <code>man</code> page for more
details. In short:</p>
<p>Create a password file 'Filename' with 'username' as the
initial ID. It will prompt for the password:</p>
<example>htpasswd -c Filename username</example>
<p>Add or modify 'username2' in the password file 'Filename':</p>
<example>htpasswd Filename username2</example>
<p>Note that searching large text files is <em>very</em>
inefficient; <directive
module="mod_auth_dbm" status="obsolete">AuthDBMUserFile</directive> should be used
instead.</p>
<note><title>Security</title>
<p>Make sure that the <directive>AuthUserFile</directive> is
stored outside the document tree of the web-server; do <em>not</em>
put it in the directory that it protects. Otherwise, clients will
be able to download the <directive>AuthUserFile</directive>.</p>
</note>
</usage>
</directivesynopsis>
<directivesynopsis>
<name>AuthAuthoritative</name>
<description>Sets whether authorization and authentication are
passed to lower level modules</description>
<syntax>AuthAuthoritative on|off</syntax>
<default>AuthAuthoritative on</default>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<usage>
<note>This information has not been updated for Apache 2.0, which
uses a different system for module ordering.</note>
<p>Setting the <directive>AuthAuthoritative</directive> directive
explicitly to <strong>'off'</strong> allows for both
authentication and authorization to be passed on to lower level
modules (as defined in the <code>Configuration</code> and
<code>modules.c</code> files) if there is <strong>no
userID</strong> or <strong>rule</strong> matching the supplied
userID. If there is a userID and/or rule specified; the usual
password and access checks will be applied and a failure will give
an Authorization Required reply.</p>
<p>So if a userID appears in the database of more than one module;
or if a valid <directive module="core">Require</directive>
directive applies to more than one module; then the first module
will verify the credentials; and no access is passed on;
regardless of the AuthAuthoritative setting.</p>
<p>A common use for this is in conjunction with one of the
database modules; such as <module status="obsolete">mod_auth_dbm</module>,
<code>mod_auth_msql</code>, and <module status="obsolete">mod_auth_anon</module>.
These modules supply the bulk of the user credential checking; but
a few (administrator) related accesses fall through to a lower
level with a well protected <directive
module="mod_auth" status="obsolete">AuthUserFile</directive>.</p>
<p>By default; control is not passed on; and an unknown userID or
rule will result in an Authorization Required reply. Not setting
it thus keeps the system secure; and forces an NCSA compliant
behaviour.</p>
<note><title>Security</title> Do consider the implications of
allowing a user to allow fall-through in his .htaccess file; and
verify that this is really what you want; Generally it is easier
to just secure a single .htpasswd file, than it is to secure a
database such as mSQL. Make sure that the <directive
module="mod_auth" status="obsolete">AuthUserFile</directive> and the <directive
module="mod_auth" status="obsolete">AuthGroupFile</directive> are stored outside the
document tree of the web-server; do <em>not</em> put them in the
directory that they protect. Otherwise, clients will be able to
download the <directive module="mod_auth" status="obsolete">AuthUserFile</directive>
and the <directive module="mod_auth" status="obsolete">AuthGroupFile</directive>.
</note>
</usage>
</directivesynopsis>
</modulesynopsis>

190
docs/manual/mod/obs_mod_auth_anon.html.en
View File

@@ -1,190 +0,0 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
This file is generated from xml source: DO NOT EDIT
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
--><title>mod_auth_anon - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs-project/">Documentation</a> &gt; <a href="../">Version 2.0</a> &gt; <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Obsolete Apache Module mod_auth_anon</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description:
</a></th><td>Allows "anonymous" user access to authenticated
areas</td></tr><tr><th><a href="module-dict.html#Status">Status:
</a></th><td>Obsolete<em> (replaced by <code class="module"><a href="../mod/mod_authn_anon.html">mod_authn_anon</a></code> since 2.0.44)</em><br /></td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module<6C>Identifier:
</a></th><td>auth_anon_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source<63>File:
</a></th><td>mod_auth_anon.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
</a></th><td>Available only in versions up to 2.0.43</td></tr></table><h3>Summary</h3>
<div class="warning"><h3>This module is obsolete!</h3>
<p>Note, that this module has been marked as obsolete. A bunch
of modules was introduced in Apache version 2.0.44 that
support the new Authentication/Authorization provider mechnism.</p>
<p>In order to get the same functionality, you have to invoke the
<code class="module"><a href="../mod/mod_authn_anon.html">mod_authn_anon</a></code> module now.</p>
<p>This document is kept only for historical reasons and no
longer maintained.</p>
</div>
<p>This module does access control in a manner similar to
anonymous-ftp sites; <em>i.e.</em> have a 'magic' user id
'anonymous' and the email address as a password. These email
addresses can be logged.</p>
<p>Combined with other (database) access control methods, this
allows for effective user tracking and customization according
to a user profile while still keeping the site open for
'unregistered' users. One advantage of using Auth-based user
tracking is that, unlike magic-cookies and funny URL
pre/postfixes, it is completely browser independent and it
allows users to share URLs.</p>
</div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#anonymous">Anonymous</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#anonymous_authoritative">Anonymous_Authoritative</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#anonymous_logemail">Anonymous_LogEmail</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#anonymous_mustgiveemail">Anonymous_MustGiveEmail</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#anonymous_nouserid">Anonymous_NoUserID</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#anonymous_verifyemail">Anonymous_VerifyEmail</a></li>
</ul><h3>Topics</h3><ul id="topics"><li><img alt="" src="../images/down.gif" /> <a href="#example">Example</a></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="example" id="example">Example</a></h2>
<p>The example below (when combined with the Auth directives of a
htpasswd-file based (or GDM, mSQL etc.) base access
control system allows users in as 'guests' with the following
properties:</p>
<ul>
<li>It insists that the user enters a userId.
(<code>Anonymous_NoUserId</code>)</li>
<li>It insists that the user enters a password.
(<code>Anonymous_MustGiveEmail</code>)</li>
<li>The password entered must be a valid email address, ie.
contain at least one '@' and a '.'.
(<code>Anonymous_VerifyEmail</code>)</li>
<li>The userID must be one of <code>anonymous guest www test
welcome</code> and comparison is <strong>not</strong> case
sensitive.</li>
<li>And the Email addresses entered in the passwd field are
logged to the error log file
(<code>Anonymous_LogEmail</code>)</li>
</ul>
<p>Excerpt of httpd.conf:</p>
<div class="example"><p><code>
Anonymous_NoUserId off<br />
Anonymous_MustGiveEmail on<br />
Anonymous_VerifyEmail on<br />
Anonymous_LogEmail on<br />
Anonymous anonymous guest www test welcome<br />
<br />
AuthName "Use 'anonymous' &amp; Email address for guest entry"<br />
AuthType basic<br />
<br />
# An
AuthUserFile/AuthDBUserFile/AuthDBMUserFile<br />
# directive must be specified, or use<br />
# Anonymous_Authoritative for public access.<br />
# In the .htaccess for the public directory, add:<br />
&lt;Files *&gt;<br />
<span class="indent">
Order Deny,Allow<br />
Allow from all<br />
<br />
Require valid-user<br />
</span>
&lt;/Files&gt;
</code></p></div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous" id="Anonymous">Anonymous</a> <a name="anonymous" id="anonymous">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Specifies userIDs that areallowed access without
password verification</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code>Anonymous <var>user</var> [<var>user</var>] ...</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_auth_anon</td></tr></table>
<p>A list of one or more 'magic' userIDs which are allowed
access without password verification. The userIDs are space
separated. It is possible to use the ' and " quotes to allow a
space in a userID as well as the \ escape character.</p>
<p>Please note that the comparison is
<strong>case-IN-sensitive</strong>.<br />
I strongly suggest that the magic username
'<code>anonymous</code>' is always one of the allowed
userIDs.</p>
<div class="example"><h3>Example:</h3><p><code>
Anonymous anonymous "Not Registered" 'I don\'t know'
</code></p></div>
<p>This would allow the user to enter without password
verification by using the userId's 'anonymous',
'AnonyMous','Not Registered' and 'I Don't Know'.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous_Authoritative" id="Anonymous_Authoritative">Anonymous_Authoritative</a> <a name="anonymous_authoritative" id="anonymous_authoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Configures if authorization will fall-through
to other methods</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code>Anonymous_Authoritative on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
</a></th><td><code>Anonymous_Authoritative off</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_auth_anon</td></tr></table>
<p>When set 'on', there is no fall-through to other authorization
methods. So if a userID does not match the values specified in the
<code class="directive"><a href="#anonymous">Anonymous</a></code> directive,
access is denied.</p>
<p>Be sure you know what you are doing when you decide to
switch it on. And remember that it is the linking order of the
modules (in the Configuration / Make file) which details the
order in which the Authorization modules are queried.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous_LogEmail" id="Anonymous_LogEmail">Anonymous_LogEmail</a> <a name="anonymous_logemail" id="anonymous_logemail">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Sets whether the password entered will be logged in the
error log</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code>Anonymous_LogEmail on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
</a></th><td><code>Anonymous_LogEmail on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_auth_anon</td></tr></table>
<p>When set <code>on</code>, the default, the 'password' entered
(which hopefully contains a sensible email address) is logged in
the error log.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous_MustGiveEmail" id="Anonymous_MustGiveEmail">Anonymous_MustGiveEmail</a> <a name="anonymous_mustgiveemail" id="anonymous_mustgiveemail">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Specifies whether blank passwords are allowed</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code>Anonymous_MustGiveEmail on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
</a></th><td><code>Anonymous_MustGiveEmail on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_auth_anon</td></tr></table>
<p>Specifies whether the user must specify an email address as
the password. This prohibits blank passwords.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous_NoUserID" id="Anonymous_NoUserID">Anonymous_NoUserID</a> <a name="anonymous_nouserid" id="anonymous_nouserid">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Sets whether the userID field may be empty</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code>Anonymous_NoUserID on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
</a></th><td><code>Anonymous_NoUserID off</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_auth_anon</td></tr></table>
<p>When set <code>on</code>, users can leave the userID (and
perhaps the password field) empty. This can be very convenient for
MS-Explorer users who can just hit return or click directly on the
OK button; which seems a natural reaction.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous_VerifyEmail" id="Anonymous_VerifyEmail">Anonymous_VerifyEmail</a> <a name="anonymous_verifyemail" id="anonymous_verifyemail">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Sets whether to check the password field for a correctly
formatted email address</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code>Anonymous_VerifyEmail on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
</a></th><td><code>Anonymous_VerifyEmail off</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_auth_anon</td></tr></table>
<p>When set <code>on</code> the 'password' entered is checked for
at least one '@' and a '.' to encourage users to enter valid email
addresses (see the above <code class="directive"><a href="#auth_logemail">Auth_LogEmail</a></code>).</p>
</div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>

226
docs/manual/mod/obs_mod_auth_anon.xml
View File

@@ -1,226 +0,0 @@
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
<modulesynopsis>
<name>mod_auth_anon</name>
<description>Allows "anonymous" user access to authenticated
areas</description>
<status>Obsolete</status>
<hint>replaced by <module>mod_authn_anon</module> since 2.0.44</hint>
<sourcefile>mod_auth_anon.c</sourcefile>
<identifier>auth_anon_module</identifier>
<compatibility>Available only in versions up to 2.0.43</compatibility>
<summary>
<note type="warning"><title>This module is obsolete!</title>
<p>Note, that this module has been marked as obsolete. A bunch
of modules was introduced in Apache version 2.0.44 that
support the new Authentication/Authorization provider mechnism.</p>
<p>In order to get the same functionality, you have to invoke the
<module>mod_authn_anon</module> module now.</p>
<!-- XXX: I think `AuthBasicProvider anon' comes soon, doesn't it? -->
<!--
<p>In order to get the same functionality, you have
to use the <module>mod_auth_basic</module> module that implements
the HTTP part. <module>mod_authn_anon</module> provides for
anonymous user authentication.</p>
-->
<p>This document is kept only for historical reasons and no
longer maintained.</p>
</note>
<p>This module does access control in a manner similar to
anonymous-ftp sites; <em>i.e.</em> have a 'magic' user id
'anonymous' and the email address as a password. These email
addresses can be logged.</p>
<p>Combined with other (database) access control methods, this
allows for effective user tracking and customization according
to a user profile while still keeping the site open for
'unregistered' users. One advantage of using Auth-based user
tracking is that, unlike magic-cookies and funny URL
pre/postfixes, it is completely browser independent and it
allows users to share URLs.</p>
</summary>
<section id="example"><title>Example</title>
<p>The example below (when combined with the Auth directives of a
htpasswd-file based (or GDM, mSQL etc.) base access
control system allows users in as 'guests' with the following
properties:</p>
<ul>
<li>It insists that the user enters a userId.
(<code>Anonymous_NoUserId</code>)</li>
<li>It insists that the user enters a password.
(<code>Anonymous_MustGiveEmail</code>)</li>
<li>The password entered must be a valid email address, ie.
contain at least one '@' and a '.'.
(<code>Anonymous_VerifyEmail</code>)</li>
<li>The userID must be one of <code>anonymous guest www test
welcome</code> and comparison is <strong>not</strong> case
sensitive.</li>
<li>And the Email addresses entered in the passwd field are
logged to the error log file
(<code>Anonymous_LogEmail</code>)</li>
</ul>
<p>Excerpt of httpd.conf:</p>
<example>
Anonymous_NoUserId off<br />
Anonymous_MustGiveEmail on<br />
Anonymous_VerifyEmail on<br />
Anonymous_LogEmail on<br />
Anonymous anonymous guest www test welcome<br />
<br />
AuthName "Use 'anonymous' &amp; Email address for guest entry"<br />
AuthType basic<br />
<br />
# An
AuthUserFile/AuthDBUserFile/AuthDBMUserFile<br />
# directive must be specified, or use<br />
# Anonymous_Authoritative for public access.<br />
# In the .htaccess for the public directory, add:<br />
&lt;Files *&gt;<br />
<indent>
Order Deny,Allow<br />
Allow from all<br />
<br />
Require valid-user<br />
</indent>
&lt;/Files&gt;
</example>
</section>
<directivesynopsis>
<name>Anonymous</name>
<description>Specifies userIDs that areallowed access without
password verification</description>
<syntax>Anonymous <var>user</var> [<var>user</var>] ...</syntax>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<usage>
<p>A list of one or more 'magic' userIDs which are allowed
access without password verification. The userIDs are space
separated. It is possible to use the ' and " quotes to allow a
space in a userID as well as the \ escape character.</p>
<p>Please note that the comparison is
<strong>case-IN-sensitive</strong>.<br />
I strongly suggest that the magic username
'<code>anonymous</code>' is always one of the allowed
userIDs.</p>
<example><title>Example:</title>
Anonymous anonymous "Not Registered" 'I don\'t know'
</example>
<p>This would allow the user to enter without password
verification by using the userId's 'anonymous',
'AnonyMous','Not Registered' and 'I Don't Know'.</p>
</usage>
</directivesynopsis>
<directivesynopsis>
<name>Anonymous_Authoritative</name>
<description>Configures if authorization will fall-through
to other methods</description>
<syntax>Anonymous_Authoritative on|off</syntax>
<default>Anonymous_Authoritative off</default>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<usage>
<p>When set 'on', there is no fall-through to other authorization
methods. So if a userID does not match the values specified in the
<directive module="mod_auth_anon" status="obsolete">Anonymous</directive> directive,
access is denied.</p>
<p>Be sure you know what you are doing when you decide to
switch it on. And remember that it is the linking order of the
modules (in the Configuration / Make file) which details the
order in which the Authorization modules are queried.</p>
</usage>
</directivesynopsis>
<directivesynopsis>
<name>Anonymous_LogEmail</name>
<description>Sets whether the password entered will be logged in the
error log</description>
<syntax>Anonymous_LogEmail on|off</syntax>
<default>Anonymous_LogEmail on</default>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<usage>
<p>When set <code>on</code>, the default, the 'password' entered
(which hopefully contains a sensible email address) is logged in
the error log.</p>
</usage>
</directivesynopsis>
<directivesynopsis>
<name>Anonymous_MustGiveEmail</name>
<description>Specifies whether blank passwords are allowed</description>
<syntax>Anonymous_MustGiveEmail on|off</syntax>
<default>Anonymous_MustGiveEmail on</default>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<usage>
<p>Specifies whether the user must specify an email address as
the password. This prohibits blank passwords.</p>
</usage>
</directivesynopsis>
<directivesynopsis>
<name>Anonymous_NoUserID</name>
<description>Sets whether the userID field may be empty</description>
<syntax>Anonymous_NoUserID on|off</syntax>
<default>Anonymous_NoUserID off</default>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<usage>
<p>When set <code>on</code>, users can leave the userID (and
perhaps the password field) empty. This can be very convenient for
MS-Explorer users who can just hit return or click directly on the
OK button; which seems a natural reaction.</p>
</usage>
</directivesynopsis>
<directivesynopsis>
<name>Anonymous_VerifyEmail</name>
<description>Sets whether to check the password field for a correctly
formatted email address</description>
<syntax>Anonymous_VerifyEmail on|off</syntax>
<default>Anonymous_VerifyEmail off</default>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<usage>
<p>When set <code>on</code> the 'password' entered is checked for
at least one '@' and a '.' to encourage users to enter valid email
addresses (see the above <directive
module="mod_auth_anon" status="obsolete">Auth_LogEmail</directive>).</p>
</usage>
</directivesynopsis>
</modulesynopsis>

189
docs/manual/mod/obs_mod_auth_dbm.html.en
View File

@@ -1,189 +0,0 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
This file is generated from xml source: DO NOT EDIT
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
--><title>mod_auth_dbm - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs-project/">Documentation</a> &gt; <a href="../">Version 2.0</a> &gt; <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Obsolete Apache Module mod_auth_dbm</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description:
</a></th><td>Provides for user authentication using DBM
files</td></tr><tr><th><a href="module-dict.html#Status">Status:
</a></th><td>Obsolete<em> (obsolete since 2.0.44)</em><br /></td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module<6C>Identifier:
</a></th><td>auth_dbm_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source<63>File:
</a></th><td>mod_auth_dbm.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
</a></th><td>Available only in versions up to 2.0.43</td></tr></table><h3>Summary</h3>
<div class="warning"><h3>This module is obsolete!</h3>
<p>Note, that this module has been marked as obsolete. A bunch
of modules was introduced in Apache version 2.0.44 that
support the new Authentication/Authorization provider mechnism.</p>
<p>In order to get the ability of HTTP Basic Authentication, you have
to use the <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code> module that implements
the HTTP part. <code class="module"><a href="../mod/mod_authn_dbm.html">mod_authn_dbm</a></code> provides for user
authentication based on DBM-files. DBM-File based group
authorization is now done by the <code class="module"><a href="../mod/mod_authz_dbm.html">mod_authz_dbm</a></code>
module.</p>
<p>This document is kept only for historical reasons and no
longer maintained.</p>
</div>
<p>This module provides for HTTP Basic Authentication, where
the usernames and passwords are stored in DBM type database
files. It is an alternative to the plain text password files
provided by <code class="module"><a href="../mod/obs_mod_auth.html">mod_auth</a></code>.</p>
</div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authdbmauthoritative">AuthDBMAuthoritative</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authdbmgroupfile">AuthDBMGroupFile</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authdbmtype">AuthDBMType</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authdbmuserfile">AuthDBMUserFile</a></li>
</ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDBMAuthoritative" id="AuthDBMAuthoritative">AuthDBMAuthoritative</a> <a name="authdbmauthoritative" id="authdbmauthoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Sets whether authentication and authorization will be
passwed on to lower level modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code>AuthDBMAuthoritative on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
</a></th><td><code>AuthDBMAuthoritative on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_auth_dbm</td></tr></table>
<div class="note">This information has not been updated to take into account the
new module ordering techniques in Apache 2.0</div>
<p>Setting the <code class="directive">AuthDBMAuthoritative</code>
directive explicitly to <strong>'off'</strong> allows for both
authentication and authorization to be passed on to lower level
modules (as defined in the <code>Configuration</code> and
<code>modules.c</code> file if there is <strong>no userID</strong>
or <strong>rule</strong> matching the supplied userID. If there is
a userID and/or rule specified; the usual password and access
checks will be applied and a failure will give an Authorization
Required reply.</p>
<p>So if a userID appears in the database of more than one module;
or if a valid <code class="directive"><a href="../mod/core.html#require">Require</a></code>
directive applies to more than one module; then the first module
will verify the credentials; and no access is passed on;
regardless of the <code class="directive">AuthAuthoritative</code> setting.</p>
<p>A common use for this is in conjunction with one of the
basic auth modules; such as <code class="module"><a href="../mod/obs_mod_auth.html">mod_auth</a></code>. Whereas this
DBM module supplies the bulk of the user credential checking; a
few (administrator) related accesses fall through to a lower
level with a well protected .htpasswd file.</p>
<p>By default, control is not passed on and an unknown userID
or rule will result in an Authorization Required reply. Not
setting it thus keeps the system secure and forces an NCSA
compliant behaviour.</p>
<p>Security: Do consider the implications of allowing a user to
allow fall-through in his .htaccess file; and verify that this
is really what you want; Generally it is easier to just secure
a single .htpasswd file, than it is to secure a database which
might have more access interfaces.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDBMGroupFile" id="AuthDBMGroupFile">AuthDBMGroupFile</a> <a name="authdbmgroupfile" id="authdbmgroupfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Sets the name of the database file containing the list
of user groups for authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code>AuthDBMGroupFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_auth_dbm</td></tr></table>
<p>The <code class="directive">AuthDBMGroupFile</code> directive sets the
name of a DBM file containing the list of user groups for user
authentication. <var>File-path</var> is the absolute path to the
group file.</p>
<p>The group file is keyed on the username. The value for a
user is a comma-separated list of the groups to which the users
belongs. There must be no whitespace within the value, and it
must never contain any colons.</p>
<p>Security: make sure that the
<code class="directive">AuthDBMGroupFile</code> is stored outside the
document tree of the web-server; do <em>not</em> put it in the
directory that it protects. Otherwise, clients will be able to
download the <code class="directive">AuthDBMGroupFile</code> unless
otherwise protected.</p>
<p>Combining Group and Password DBM files: In some cases it is
easier to manage a single database which contains both the
password and group details for each user. This simplifies any
support programs that need to be written: they now only have to
deal with writing to and locking a single DBM file. This can be
accomplished by first setting the group and password files to
point to the same DBM:</p>
<div class="example"><p><code>
AuthDBMGroupFile /www/userbase<br />
AuthDBMUserFile /www/userbase
</code></p></div>
<p>The key for the single DBM is the username. The value consists
of</p>
<div class="example"><p><code>
<var>Unix Crypt-ed Password</var>:<var>List of Groups</var>[:(ignored)]
</code></p></div>
<p>The password section contains the Unix <code>crypt()</code>
password as before. This is followed by a colon and the comma
separated list of groups. Other data may optionally be left in the
DBM file after another colon; it is ignored by the authentication
module. This is what www.telescope.org uses for its combined
password and group database.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDBMType" id="AuthDBMType">AuthDBMType</a> <a name="authdbmtype" id="authdbmtype">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Sets the type of database file that is used to
store passwords</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code>AuthDBMType default|SDBM|GDBM|NDBM|DB</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
</a></th><td><code>AuthDBMType default</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_auth_dbm</td></tr><tr><th><a href="directive-dict.html#Compatibility">Compatibility:
</a></th><td>Available in version 2.0.30 and later.</td></tr></table>
<p>Sets the type of database file that is used to store the passwords.
The default database type is determined at compile time. The
availability of other types of database files also depends on
<a href="../install.html#dbm">compile-time settings</a>.</p>
<p>It is crucial that whatever program you use to create your password
files is configured to use the same type of database.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDBMUserFile" id="AuthDBMUserFile">AuthDBMUserFile</a> <a name="authdbmuserfile" id="authdbmuserfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Sets thename of a database file containing the list of users and
passwords for authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code>AuthDBMUserFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_auth_dbm</td></tr></table>
<p>The <code class="directive">AuthDBMUserFile</code> directive sets the
name of a DBM file containing the list of users and passwords for
user authentication. <var>File-path</var> is the absolute path to
the user file.</p>
<p>The user file is keyed on the username. The value for a user is
the <code>crypt()</code> encrypted password, optionally followed
by a colon and arbitrary data. The colon and the data following it
will be ignored by the server.</p>
<p>Security: make sure that the
<code class="directive">AuthDBMUserFile</code> is stored outside the
document tree of the web-server; do <em>not</em> put it in the
directory that it protects. Otherwise, clients will be able to
download the <code class="directive">AuthDBMUserFile</code>.</p>
<p>Important compatibility note: The implementation of
"dbmopen" in the apache modules reads the string length of the
hashed values from the DBM data structures, rather than relying
upon the string being NULL-appended. Some applications, such as
the Netscape web server, rely upon the string being
NULL-appended, so if you are having trouble using DBM files
interchangeably between applications this may be a part of the
problem.</p>
<p>A perl script called
<a href="../programs/dbmmanage.html">dbmmanage</a> is included with
Apache. This program can be used to create and update DBM
format password files for use with this module.</p>
</div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>

214
docs/manual/mod/obs_mod_auth_dbm.xml
View File

@@ -1,214 +0,0 @@
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
<modulesynopsis>
<name>mod_auth_dbm</name>
<description>Provides for user authentication using DBM
files</description>
<status>Obsolete</status>
<hint>obsolete since 2.0.44</hint>
<sourcefile>mod_auth_dbm.c</sourcefile>
<identifier>auth_dbm_module</identifier>
<compatibility>Available only in versions up to 2.0.43</compatibility>
<summary>
<note type="warning"><title>This module is obsolete!</title>
<p>Note, that this module has been marked as obsolete. A bunch
of modules was introduced in Apache version 2.0.44 that
support the new Authentication/Authorization provider mechnism.</p>
<p>In order to get the ability of HTTP Basic Authentication, you have
to use the <module>mod_auth_basic</module> module that implements
the HTTP part. <module>mod_authn_dbm</module> provides for user
authentication based on DBM-files. DBM-File based group
authorization is now done by the <module>mod_authz_dbm</module>
module.</p>
<p>This document is kept only for historical reasons and no
longer maintained.</p>
</note>
<p>This module provides for HTTP Basic Authentication, where
the usernames and passwords are stored in DBM type database
files. It is an alternative to the plain text password files
provided by <module status="obsolete">mod_auth</module>.</p>
</summary>
<seealso><directive module="core">AuthName</directive></seealso>
<seealso><directive module="core">AuthType</directive></seealso>
<seealso><directive module="core">Require</directive></seealso>
<seealso><directive module="core">Satisfy</directive></seealso>
<directivesynopsis>
<name>AuthDBMGroupFile</name>
<description>Sets the name of the database file containing the list
of user groups for authentication</description>
<syntax>AuthDBMGroupFile <var>file-path</var></syntax>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<usage>
<p>The <directive>AuthDBMGroupFile</directive> directive sets the
name of a DBM file containing the list of user groups for user
authentication. <var>File-path</var> is the absolute path to the
group file.</p>
<p>The group file is keyed on the username. The value for a
user is a comma-separated list of the groups to which the users
belongs. There must be no whitespace within the value, and it
must never contain any colons.</p>
<p>Security: make sure that the
<directive>AuthDBMGroupFile</directive> is stored outside the
document tree of the web-server; do <em>not</em> put it in the
directory that it protects. Otherwise, clients will be able to
download the <directive>AuthDBMGroupFile</directive> unless
otherwise protected.</p>
<p>Combining Group and Password DBM files: In some cases it is
easier to manage a single database which contains both the
password and group details for each user. This simplifies any
support programs that need to be written: they now only have to
deal with writing to and locking a single DBM file. This can be
accomplished by first setting the group and password files to
point to the same DBM:</p>
<example>
AuthDBMGroupFile /www/userbase<br />
AuthDBMUserFile /www/userbase
</example>
<p>The key for the single DBM is the username. The value consists
of</p>
<example>
<var>Unix Crypt-ed Password</var>:<var>List of Groups</var>[:(ignored)]
</example>
<p>The password section contains the Unix <code>crypt()</code>
password as before. This is followed by a colon and the comma
separated list of groups. Other data may optionally be left in the
DBM file after another colon; it is ignored by the authentication
module. This is what www.telescope.org uses for its combined
password and group database.</p>
</usage>
</directivesynopsis>
<directivesynopsis>
<name>AuthDBMUserFile</name>
<description>Sets thename of a database file containing the list of users and
passwords for authentication</description>
<syntax>AuthDBMUserFile <var>file-path</var></syntax>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<usage>
<p>The <directive>AuthDBMUserFile</directive> directive sets the
name of a DBM file containing the list of users and passwords for
user authentication. <var>File-path</var> is the absolute path to
the user file.</p>
<p>The user file is keyed on the username. The value for a user is
the <code>crypt()</code> encrypted password, optionally followed
by a colon and arbitrary data. The colon and the data following it
will be ignored by the server.</p>
<p>Security: make sure that the
<directive>AuthDBMUserFile</directive> is stored outside the
document tree of the web-server; do <em>not</em> put it in the
directory that it protects. Otherwise, clients will be able to
download the <directive>AuthDBMUserFile</directive>.</p>
<p>Important compatibility note: The implementation of
"dbmopen" in the apache modules reads the string length of the
hashed values from the DBM data structures, rather than relying
upon the string being NULL-appended. Some applications, such as
the Netscape web server, rely upon the string being
NULL-appended, so if you are having trouble using DBM files
interchangeably between applications this may be a part of the
problem.</p>
<p>A perl script called
<a href="../programs/dbmmanage.html">dbmmanage</a> is included with
Apache. This program can be used to create and update DBM
format password files for use with this module.</p>
</usage>
</directivesynopsis>
<directivesynopsis>
<name>AuthDBMType</name>
<description>Sets the type of database file that is used to
store passwords</description>
<syntax>AuthDBMType default|SDBM|GDBM|NDBM|DB</syntax>
<default>AuthDBMType default</default>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<compatibility>Available in version 2.0.30 and later.</compatibility>
<usage>
<p>Sets the type of database file that is used to store the passwords.
The default database type is determined at compile time. The
availability of other types of database files also depends on
<a href="../install.html#dbm">compile-time settings</a>.</p>
<p>It is crucial that whatever program you use to create your password
files is configured to use the same type of database.</p>
</usage>
</directivesynopsis>
<directivesynopsis>
<name>AuthDBMAuthoritative</name>
<description>Sets whether authentication and authorization will be
passwed on to lower level modules</description>
<syntax>AuthDBMAuthoritative on|off</syntax>
<default>AuthDBMAuthoritative on</default>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<usage>
<note>This information has not been updated to take into account the
new module ordering techniques in Apache 2.0</note>
<p>Setting the <directive>AuthDBMAuthoritative</directive>
directive explicitly to <strong>'off'</strong> allows for both
authentication and authorization to be passed on to lower level
modules (as defined in the <code>Configuration</code> and
<code>modules.c</code> file if there is <strong>no userID</strong>
or <strong>rule</strong> matching the supplied userID. If there is
a userID and/or rule specified; the usual password and access
checks will be applied and a failure will give an Authorization
Required reply.</p>
<p>So if a userID appears in the database of more than one module;
or if a valid <directive module="core">Require</directive>
directive applies to more than one module; then the first module
will verify the credentials; and no access is passed on;
regardless of the <directive>AuthAuthoritative</directive> setting.</p>
<p>A common use for this is in conjunction with one of the
basic auth modules; such as <module status="obsolete">mod_auth</module>. Whereas this
DBM module supplies the bulk of the user credential checking; a
few (administrator) related accesses fall through to a lower
level with a well protected .htpasswd file.</p>
<p>By default, control is not passed on and an unknown userID
or rule will result in an Authorization Required reply. Not
setting it thus keeps the system secure and forces an NCSA
compliant behaviour.</p>
<p>Security: Do consider the implications of allowing a user to
allow fall-through in his .htaccess file; and verify that this
is really what you want; Generally it is easier to just secure
a single .htpasswd file, than it is to secure a database which
might have more access interfaces.</p>
</usage>
</directivesynopsis>
</modulesynopsis>

222
docs/manual/mod/obs_mod_auth_digest.html.en
View File

@@ -1,222 +0,0 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
This file is generated from xml source: DO NOT EDIT
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
--><title>mod_auth_digest - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs-project/">Documentation</a> &gt; <a href="../">Version 2.0</a> &gt; <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Obsolete Apache Module mod_auth_digest</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description:
</a></th><td>User authentication using MD5
Digest Authentication.</td></tr><tr><th><a href="module-dict.html#Status">Status:
</a></th><td>Obsolete<em> (obsolete since 2.0.44)</em><br /></td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module<6C>Identifier:
</a></th><td>auth_digest_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source<63>File:
</a></th><td>mod_auth_digest.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
</a></th><td>Available only in versions up to 2.0.43. The new module
that unfortunately is also named <code class="module"><a href="../mod/mod_auth_digest.html">mod_auth_digest</a></code>
includes support for the auth provider mechanism introduced
in 2.0.44.</td></tr></table><h3>Summary</h3>
<div class="warning"><h3>This module is obsolete!</h3>
<p>Note, that this module has been marked as obsolete. A bunch
of modules was introduced in Apache version 2.0.44 that
support the new Authentication/Authorization provider mechnism.</p>
<p>In order to get the ability of HTTP Digest Authentication, you have
to use the new <code class="module"><a href="../mod/mod_auth_digest.html">mod_auth_digest</a></code> module that implements
the HTTP part. The user and group data management is provided by the
<code>mod_authn_*</code> and <code>mod_authz_*</code> modules. If you
want to use your existing user files, have a look at <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code>.</p>
<p>This document is kept only for historical reasons and no
longer maintained.</p>
</div>
<p>This module implements HTTP Digest Authentication. However, it
has not been extensively tested and is therefore marked
experimental.</p>
</div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authdigestalgorithm">AuthDigestAlgorithm</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authdigestdomain">AuthDigestDomain</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authdigestfile">AuthDigestFile</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authdigestgroupfile">AuthDigestGroupFile</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authdigestnccheck">AuthDigestNcCheck</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authdigestnonceformat">AuthDigestNonceFormat</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authdigestnoncelifetime">AuthDigestNonceLifetime</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authdigestqop">AuthDigestQop</a></li>
</ul><h3>Topics</h3><ul id="topics"><li><img alt="" src="../images/down.gif" /> <a href="#using">Using Digest Authentication</a></li></ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="using" id="using">Using Digest Authentication</a></h2>
<p>Using MD5 Digest authentication is very simple. Simply set
up authentication normally, using "AuthType Digest" and
"AuthDigestFile" instead of the normal "AuthType Basic" and
"AuthUserFile"; also, replace any "AuthGroupFile" with
"AuthDigestGroupFile". Then add a "AuthDigestDomain" directive
containing at least the root URI(s) for this protection space.
Example:</p>
<div class="example"><p><code>
&lt;Location /private/&gt;<br />
<span class="indent">
AuthType Digest<br />
AuthName "private area"<br />
AuthDigestDomain /private/ http://mirror.my.dom/private2/<br />
AuthDigestFile /web/auth/.digest_pw<br />
Require valid-user<br />
</span>
&lt;/Location&gt;
</code></p></div>
<div class="note"><h3>Note</h3>
<p>Digest authentication provides a more secure password system
than Basic authentication, but only works with supporting
browsers. As of July 2002, the major browsers that support digest
authentication are <a href="http://www.opera.com/">Opera</a>, <a href="http://www.microsoft.com/windows/ie/">MS Internet
Explorer</a> (fails when used with a query string), <a href="http://www.w3.org/Amaya/">Amaya</a> and <a href="http://www.mozilla.org">Mozilla</a>. Since digest
authentication is not as widely implemented as basic
authentication, you should use it only in controlled settings.</p>
</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestAlgorithm" id="AuthDigestAlgorithm">AuthDigestAlgorithm</a> <a name="authdigestalgorithm" id="authdigestalgorithm">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Selects the algorithm used to calculate the challenge and
response hases in digest authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code>AuthDigestAlgorithm MD5|MD5-sess</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
</a></th><td><code>AuthDigestAlgorithm MD5</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_auth_digest</td></tr></table>
<p>The <code class="directive">AuthDigestAlgorithm</code> directive
selects the algorithm used to calculate the challenge and response
hashes.</p>
<div class="note">
<code>MD5-sess</code> is not correctly implemented yet.
</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestDomain" id="AuthDigestDomain">AuthDigestDomain</a> <a name="authdigestdomain" id="authdigestdomain">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>URIs that are in the same protection space for digest
authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code>AuthDigestDomain <var>URI</var> [<var>URI</var>] ...</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_auth_digest</td></tr></table>
<p>The <code class="directive">AuthDigestDomain</code> directive allows
you to specify one or more URIs which are in the same protection
space (i.e. use the same realm and username/password info). The
specified URIs are prefixes, i.e. the client will assume that all
URIs "below" these are also protected by the same
username/password. The URIs may be either absolute URIs
(i.e. inluding a scheme, host, port, etc) or relative URIs.</p>
<p>This directive <em>should</em> always be specified and
contain at least the (set of) root URI(s) for this space.
Omitting to do so will cause the client to send the
Authorization header for <em>every request</em> sent to this
server. Apart from increasing the size of the request, it may
also have a detrimental effect on performance if
"AuthDigestNcCheck" is on.</p>
<p>The URIs specified can also point to different servers, in
which case clients (which understand this) will then share
username/password info across multiple servers without
prompting the user each time. </p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestFile" id="AuthDigestFile">AuthDigestFile</a> <a name="authdigestfile" id="authdigestfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Location of the text file containing the list
of users and encoded passwords for digest authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code>AuthDigestFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_auth_digest</td></tr></table>
<p>The <code class="directive">AuthDigestFile</code> directive sets the
name of a textual file containing the list of users and encoded
passwords for digest authentication. <var>File-path</var> is the
absolute path to the user file.</p>
<p>The digest file uses a special format. Files in this format
can be created using the <a href="../programs/htdigest.html">htdigest</a> utility found in
the support/ subdirectory of the Apache distribution.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestGroupFile" id="AuthDigestGroupFile">AuthDigestGroupFile</a> <a name="authdigestgroupfile" id="authdigestgroupfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Name of the text file containing the list of groups
for digest authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code>AuthDigestGroupFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_auth_digest</td></tr></table>
<p>The <code class="directive">AuthDigestGroupFile</code> directive sets
the name of a textual file containing the list of groups and their
members (user names). <var>File-path</var> is the absolute path to
the group file.</p>
<p>Each line of the group file contains a groupname followed by
a colon, followed by the member usernames separated by spaces.
Example:</p>
<div class="example"><p><code>mygroup: bob joe anne</code></p></div>
<p>Note that searching large text files is <em>very</em>
inefficient.</p>
<p>Security: make sure that the AuthGroupFile is stored outside
the document tree of the web-server; do <em>not</em> put it in
the directory that it protects. Otherwise, clients will be able
to download the AuthGroupFile.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestNcCheck" id="AuthDigestNcCheck">AuthDigestNcCheck</a> <a name="authdigestnccheck" id="authdigestnccheck">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Enables or disables checking of the nonce-count sent by the
server</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code>AuthDigestNcCheck On|Off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
</a></th><td><code>AuthDigestNcCheck Off</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>server config</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_auth_digest</td></tr></table>
<div class="note">
Not implemented yet.
</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestNonceFormat" id="AuthDigestNonceFormat">AuthDigestNonceFormat</a> <a name="authdigestnonceformat" id="authdigestnonceformat">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Determines how the nonce is generated</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code>AuthDigestNonceFormat <var>format</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_auth_digest</td></tr></table>
<p><strong>Not implemented yet.</strong>
</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestNonceLifetime" id="AuthDigestNonceLifetime">AuthDigestNonceLifetime</a> <a name="authdigestnoncelifetime" id="authdigestnoncelifetime">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>How long the server nonce is valid</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code>AuthDigestNonceLifetime <var>seconds</var></code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
</a></th><td><code>AuthDigestNonceLifetime 300</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_auth_digest</td></tr></table>
<p>The <code class="directive">AuthDigestNonceLifetime</code> directive
controls how long the server nonce is valid. When the client
contacts the server using an expired nonce the server will send
back a 401 with <code>stale=true</code>. If <var>seconds</var> is
greater than 0 then it specifies the amount of time for which the
nonce is valid; this should probably never be set to less than 10
seconds. If <var>seconds</var> is less than 0 then the nonce never
expires.
</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestQop" id="AuthDigestQop">AuthDigestQop</a> <a name="authdigestqop" id="authdigestqop">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description:
</a></th><td>Determines the quality-of-protection to use in digest
authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
</a></th><td><code>AuthDigestQop none|auth|auth-int [auth|auth-int]</code></td></tr><tr><th><a href="directive-dict.html#Default">Default:
</a></th><td><code>AuthDigestQop auth</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
</a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
</a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
</a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
</a></th><td>mod_auth_digest</td></tr></table>
<p>The <code class="directive">AuthDigestQop</code> directive determines
the quality-of-protection to use. <code>auth</code> will only do
authentication (username/password); <code>auth-int</code> is
authentication plus integrity checking (an MD5 hash of the entity
is also computed and checked); <code>none</code> will cause the module
to use the old RFC-2069 digest algorithm (which does not include
integrity checking). Both <code>auth</code> and <code>auth-int</code> may
be specified, in which the case the browser will choose which of
these to use. <code>none</code> should only be used if the browser for
some reason does not like the challenge it receives otherwise.</p>
<div class="note">
<code>auth-int</code> is not implemented yet.
</div>
</div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>

300
docs/manual/mod/obs_mod_auth_digest.xml
View File

@@ -1,300 +0,0 @@
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
<modulesynopsis>
<name>mod_auth_digest</name>
<description>User authentication using MD5
Digest Authentication.</description>
<status>Obsolete</status>
<hint>obsolete since 2.0.44</hint>
<sourcefile>mod_auth_digest.c</sourcefile>
<identifier>auth_digest_module</identifier>
<compatibility>Available only in versions up to 2.0.43. The new module
that unfortunately is also named <module>mod_auth_digest</module>
includes support for the auth provider mechanism introduced
in 2.0.44.</compatibility>
<summary>
<note type="warning"><title>This module is obsolete!</title>
<p>Note, that this module has been marked as obsolete. A bunch
of modules was introduced in Apache version 2.0.44 that
support the new Authentication/Authorization provider mechnism.</p>
<p>In order to get the ability of HTTP Digest Authentication, you have
to use the new <module>mod_auth_digest</module> module that implements
the HTTP part. The user and group data management is provided by the
<code>mod_authn_*</code> and <code>mod_authz_*</code> modules. If you
want to use your existing user files, have a look at <module
>mod_authn_file</module>.</p>
<p>This document is kept only for historical reasons and no
longer maintained.</p>
</note>
<p>This module implements HTTP Digest Authentication. However, it
has not been extensively tested and is therefore marked
experimental.</p>
</summary>
<seealso><directive module="core">AuthName</directive></seealso>
<seealso><directive module="core">AuthType</directive></seealso>
<seealso><directive module="core">Require</directive></seealso>
<seealso><directive module="core">Satisfy</directive></seealso>
<section id="using"><title>Using Digest Authentication</title>
<p>Using MD5 Digest authentication is very simple. Simply set
up authentication normally, using "AuthType Digest" and
"AuthDigestFile" instead of the normal "AuthType Basic" and
"AuthUserFile"; also, replace any "AuthGroupFile" with
"AuthDigestGroupFile". Then add a "AuthDigestDomain" directive
containing at least the root URI(s) for this protection space.
Example:</p>
<example>
&lt;Location /private/&gt;<br />
<indent>
AuthType Digest<br />
AuthName "private area"<br />
AuthDigestDomain /private/ http://mirror.my.dom/private2/<br />
AuthDigestFile /web/auth/.digest_pw<br />
Require valid-user<br />
</indent>
&lt;/Location&gt;
</example>
<note><title>Note</title>
<p>Digest authentication provides a more secure password system
than Basic authentication, but only works with supporting
browsers. As of July 2002, the major browsers that support digest
authentication are <a href="http://www.opera.com/">Opera</a>, <a
href="http://www.microsoft.com/windows/ie/">MS Internet
Explorer</a> (fails when used with a query string), <a
href="http://www.w3.org/Amaya/">Amaya</a> and <a
href="http://www.mozilla.org">Mozilla</a>. Since digest
authentication is not as widely implemented as basic
authentication, you should use it only in controlled settings.</p>
</note>
</section>
<directivesynopsis>
<name>AuthDigestFile</name>
<description>Location of the text file containing the list
of users and encoded passwords for digest authentication</description>
<syntax>AuthDigestFile <var>file-path</var></syntax>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<usage>
<p>The <directive>AuthDigestFile</directive> directive sets the
name of a textual file containing the list of users and encoded
passwords for digest authentication. <var>File-path</var> is the
absolute path to the user file.</p>
<p>The digest file uses a special format. Files in this format
can be created using the <a
href="../programs/htdigest.html">htdigest</a> utility found in
the support/ subdirectory of the Apache distribution.</p>
</usage>
</directivesynopsis>
<directivesynopsis>
<name>AuthDigestGroupFile</name>
<description>Name of the text file containing the list of groups
for digest authentication</description>
<syntax>AuthDigestGroupFile <var>file-path</var></syntax>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<usage>
<p>The <directive>AuthDigestGroupFile</directive> directive sets
the name of a textual file containing the list of groups and their
members (user names). <var>File-path</var> is the absolute path to
the group file.</p>
<p>Each line of the group file contains a groupname followed by
a colon, followed by the member usernames separated by spaces.
Example:</p>
<example>mygroup: bob joe anne</example>
<p>Note that searching large text files is <em>very</em>
inefficient.</p>
<p>Security: make sure that the AuthGroupFile is stored outside
the document tree of the web-server; do <em>not</em> put it in
the directory that it protects. Otherwise, clients will be able
to download the AuthGroupFile.</p>
</usage>
</directivesynopsis>
<directivesynopsis>
<name>AuthDigestQop</name>
<description>Determines the quality-of-protection to use in digest
authentication</description>
<syntax>AuthDigestQop none|auth|auth-int [auth|auth-int]</syntax>
<default>AuthDigestQop auth</default>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<usage>
<p>The <directive>AuthDigestQop</directive> directive determines
the quality-of-protection to use. <code>auth</code> will only do
authentication (username/password); <code>auth-int</code> is
authentication plus integrity checking (an MD5 hash of the entity
is also computed and checked); <code>none</code> will cause the module
to use the old RFC-2069 digest algorithm (which does not include
integrity checking). Both <code>auth</code> and <code>auth-int</code> may
be specified, in which the case the browser will choose which of
these to use. <code>none</code> should only be used if the browser for
some reason does not like the challenge it receives otherwise.</p>
<note>
<code>auth-int</code> is not implemented yet.
</note>
</usage>
</directivesynopsis>
<directivesynopsis>
<name>AuthDigestNonceLifetime</name>
<description>How long the server nonce is valid</description>
<syntax>AuthDigestNonceLifetime <var>seconds</var></syntax>
<default>AuthDigestNonceLifetime 300</default>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<usage>
<p>The <directive>AuthDigestNonceLifetime</directive> directive
controls how long the server nonce is valid. When the client
contacts the server using an expired nonce the server will send
back a 401 with <code>stale=true</code>. If <var>seconds</var> is
greater than 0 then it specifies the amount of time for which the
nonce is valid; this should probably never be set to less than 10
seconds. If <var>seconds</var> is less than 0 then the nonce never
expires. <!-- Not implemented yet If <var>seconds</var> is 0 then
the nonce may be used exactly once by the client. Note that while
one-time-nonces provide higher security against replay attacks,
they also have significant performance implications, as the
browser cannot pipeline or multiple connections for the
requests. Because browsers cannot easily detect that
one-time-nonces are being used, this may lead to browsers trying
to pipeline requests and receiving 401 responses for all but the
first request, requiring the browser to resend the requests. Note
also that the protection against reply attacks only makes sense
for dynamically generated content and things like POST requests;
for static content the attacker may already have the complete
response, so one-time-nonces do not make sense here. -->
</p>
</usage>
</directivesynopsis>
<directivesynopsis>
<name>AuthDigestNonceFormat</name>
<description>Determines how the nonce is generated</description>
<syntax>AuthDigestNonceFormat <var>format</var></syntax>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<usage>
<p><strong>Not implemented yet.</strong> <!--
<P>The AuthDigestNonceFormat directive determines how the nonce is
generated.
-->
</p>
</usage>
</directivesynopsis>
<directivesynopsis>
<name>AuthDigestNcCheck</name>
<description>Enables or disables checking of the nonce-count sent by the
server</description>
<syntax>AuthDigestNcCheck On|Off</syntax>
<default>AuthDigestNcCheck Off</default>
<contextlist><context>server config</context></contextlist>
<usage>
<note>
Not implemented yet.
</note>
<!--
<P>The AuthDigestNcCheck directive enables or disables the checking of the
nonce-count sent by the server.
<P>While recommended from a security standpoint, turning this directive
On has one important performance implication. To check the nonce-count
*all* requests (which have an Authorization header, irrespective of
whether they require digest authentication) must be serialized through
a critical section. If the server is handling a large number of
requests which contain the Authorization header then this may noticeably
impact performance.
-->
</usage>
</directivesynopsis>
<directivesynopsis>
<name>AuthDigestAlgorithm</name>
<description>Selects the algorithm used to calculate the challenge and
response hases in digest authentication</description>
<syntax>AuthDigestAlgorithm MD5|MD5-sess</syntax>
<default>AuthDigestAlgorithm MD5</default>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<usage>
<p>The <directive>AuthDigestAlgorithm</directive> directive
selects the algorithm used to calculate the challenge and response
hashes.</p>
<note>
<code>MD5-sess</code> is not correctly implemented yet.
</note>
<!--
<P>To use <EM>MD5-sess</EM> you must first code up the
<VAR>get_userpw_hash()</VAR> function in <VAR>mod_auth_digest.c</VAR> .
-->
</usage>
</directivesynopsis>
<directivesynopsis>
<name>AuthDigestDomain</name>
<description>URIs that are in the same protection space for digest
authentication</description>
<syntax>AuthDigestDomain <var>URI</var> [<var>URI</var>] ...</syntax>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<usage>
<p>The <directive>AuthDigestDomain</directive> directive allows
you to specify one or more URIs which are in the same protection
space (i.e. use the same realm and username/password info). The
specified URIs are prefixes, i.e. the client will assume that all
URIs "below" these are also protected by the same
username/password. The URIs may be either absolute URIs
(i.e. inluding a scheme, host, port, etc) or relative URIs.</p>
<p>This directive <em>should</em> always be specified and
contain at least the (set of) root URI(s) for this space.
Omitting to do so will cause the client to send the
Authorization header for <em>every request</em> sent to this
server. Apart from increasing the size of the request, it may
also have a detrimental effect on performance if
"AuthDigestNcCheck" is on.</p>
<p>The URIs specified can also point to different servers, in
which case clients (which understand this) will then share
username/password info across multiple servers without
prompting the user each time. </p>
</usage>
</directivesynopsis>
</modulesynopsis>

10
docs/manual/mod/quickreference.html.en
View File

@@ -121,16 +121,16 @@ store passwords</td></tr>
passwords for authentication</td></tr>
<tr><td><a href="mod_auth_digest.html#authdigestalgorithm">AuthDigestAlgorithm MD5|MD5-sess</a></td><td> MD5 </td><td>dh</td><td>X</td></tr><tr><td class="descr" colspan="4">Selects the algorithm used to calculate the challenge and
response hases in digest authentication</td></tr>
<tr class="odd"><td><a href="mod_auth_digest.html#authdigestdomain">AuthDigestDomain <em>URI</em> [<em>URI</em>] ...</a></td><td /><td>dh</td><td>X</td></tr><tr class="odd"><td class="descr" colspan="4">URIs that are in the same protection space for digest
<tr class="odd"><td><a href="mod_auth_digest.html#authdigestdomain">AuthDigestDomain <var>URI</var> [<var>URI</var>] ...</a></td><td /><td>dh</td><td>X</td></tr><tr class="odd"><td class="descr" colspan="4">URIs that are in the same protection space for digest
authentication</td></tr>
<tr><td><a href="mod_auth_digest.html#authdigestfile">AuthDigestFile <em>file-path</em></a></td><td /><td>dh</td><td>X</td></tr><tr><td class="descr" colspan="4">Location of the text file containing the list
<tr><td><a href="mod_auth_digest.html#authdigestfile">AuthDigestFile <var>file-path</var></a></td><td /><td>dh</td><td>X</td></tr><tr><td class="descr" colspan="4">Location of the text file containing the list
of users and encoded passwords for digest authentication</td></tr>
<tr class="odd"><td><a href="mod_auth_digest.html#authdigestgroupfile">AuthDigestGroupFile <em>file-path</em></a></td><td /><td>dh</td><td>X</td></tr><tr class="odd"><td class="descr" colspan="4">Name of the text file containing the list of groups
<tr class="odd"><td><a href="mod_auth_digest.html#authdigestgroupfile">AuthDigestGroupFile <var>file-path</var></a></td><td /><td>dh</td><td>X</td></tr><tr class="odd"><td class="descr" colspan="4">Name of the text file containing the list of groups
for digest authentication</td></tr>
<tr><td><a href="mod_auth_digest.html#authdigestnccheck">AuthDigestNcCheck On|Off</a></td><td> Off </td><td>s</td><td>X</td></tr><tr><td class="descr" colspan="4">Enables or disables checking of the nonce-count sent by the
server</td></tr>
<tr class="odd"><td><a href="mod_auth_digest.html#authdigestnonceformat">AuthDigestNonceFormat <em>format</em></a></td><td /><td>dh</td><td>X</td></tr><tr class="odd"><td class="descr" colspan="4">Determines how the nonce is generated</td></tr>
<tr><td><a href="mod_auth_digest.html#authdigestnoncelifetime">AuthDigestNonceLifetime <em>seconds</em></a></td><td> 300 </td><td>dh</td><td>X</td></tr><tr><td class="descr" colspan="4">How long the server nonce is valid</td></tr>
<tr class="odd"><td><a href="mod_auth_digest.html#authdigestnonceformat">AuthDigestNonceFormat <var>format</var></a></td><td /><td>dh</td><td>X</td></tr><tr class="odd"><td class="descr" colspan="4">Determines how the nonce is generated</td></tr>
<tr><td><a href="mod_auth_digest.html#authdigestnoncelifetime">AuthDigestNonceLifetime <var>seconds</var></a></td><td> 300 </td><td>dh</td><td>X</td></tr><tr><td class="descr" colspan="4">How long the server nonce is valid</td></tr>
<tr class="odd"><td><a href="mod_auth_digest.html#authdigestqop">AuthDigestQop none|auth|auth-int [auth|auth-int]</a></td><td> auth </td><td>dh</td><td>X</td></tr><tr class="odd"><td class="descr" colspan="4">Determines the quality-of-protection to use in digest
authentication</td></tr>
<tr><td><a href="mod_authz_groupfile.html#authgroupfile">AuthGroupFile <em>file-path</em></a></td><td /><td>dh</td><td>E</td></tr><tr><td class="descr" colspan="4">Sets the name of a text file containing the list

16
docs/manual/programs/rotatelogs.html
View File

@@ -7,13 +7,12 @@ vlink="#000080" alink="#ff0000">
<!--#include virtual="header.html" -->
<h1 align="center">Manual Page: rotatelogs</h1>
<!-- This document was autogenerated from the man page -->
<pre>
<strong>NAME</strong>
<pre><strong>NAME</strong>
rotatelogs - rotate Apache logs without having to kill the
server
<strong>SYNOPSIS</strong>
<strong>rotatelogs </strong><em>logfile rotationtime </em>[<em>offset</em>]
<strong>rotatelogs </strong><em>logfile </em>[<em>rotationtime </em>[<em>offset</em>]] | [<em>filesize</em>M]
<strong>DESCRIPTION</strong>
<strong>rotatelogs </strong>is a simple program for use in conjunction with
@@ -21,6 +20,10 @@ vlink="#000080" alink="#ff0000">
CustomLog "|bin/rotatelogs /var/logs/logfile 86400" common
or
CustomLog &quot;|bin/rotatelogs /var/logs/logfile 5M&quot; common
This creates the files /var/logs/logfile.nnnn where nnnn is
the system time at which the log nominally starts (this time
will always be a multiple of the rotation time, so you can
@@ -44,6 +47,13 @@ vlink="#000080" alink="#ff0000">
local time in the zone UTC -5 hours, specify a value of
-<em>300 </em>for this argument.
or
<em>filesize</em>M
The maximum file size in megabytes followed by the
letter 'M' to specify size rather than time. Use this
parameter in place of both rotationtime and offset.
<strong>PORTABILITY</strong>
The following logfile format string substitutions should be
supported by all <em>strftime</em>(<em>3</em>) implementations, see the

11
docs/manual/sitemap.html.en
View File

@@ -44,13 +44,15 @@
<li><a href="ssl/ssl_compat.html">SSL/TLS Encryption: Compatibility</a></li>
<li><a href="ssl/ssl_howto.html">SSL/TLS Encryption: How-To</a></li>
<li><a href="ssl/ssl_faq.html">SSL/TLS Encryption: FAQ</a></li>
</ul></div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div><div class="section"><h2><a name="howto" id="howto">Guides, Tutorials, and HowTos</a></h2><ul><li><a href="howto/auth.html">Authentication</a></li>
</ul></div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div><div class="section"><h2><a name="howto" id="howto">Guides, Tutorials, and HowTos</a></h2><ul><li class="separate"><a href="howto/">Overview</a></li>
<li><a href="howto/auth.html">Authentication</a></li>
<li><a href="howto/cgi.html">Dynamic Content with CGI</a></li>
<li><a href="howto/ssi.html">Introduction to Server Side Includes</a></li>
<li><a href="howto/htaccess.html">.htaccess files</a></li>
<li><a href="howto/public_html.html">Per-user web directories</a></li>
<li><a href="misc/tutorials.html">Apache Tutorials</a></li>
</ul></div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div><div class="section"><h2><a name="platform" id="platform">Platform-specific Notes</a></h2><ul><li><a href="platform/windows.html">Using Apache with Microsoft
</ul></div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div><div class="section"><h2><a name="platform" id="platform">Platform-specific Notes</a></h2><ul><li class="separate"><a href="platform/">Overview</a></li>
<li><a href="platform/windows.html">Using Apache with Microsoft
Windows</a></li>
<li><a href="platform/win_compiling.html">Compiling Apache for
Microsoft Windows</a></li>
@@ -141,11 +143,6 @@ Server on HPUX</a></li>
<li><a href="mod/mod_userdir.html">Apache Module mod_userdir</a></li>
<li><a href="mod/mod_usertrack.html">Apache Module mod_usertrack</a></li>
<li><a href="mod/mod_vhost_alias.html">Apache Module mod_vhost_alias</a></li>
</ul><ul><li><a href="mod/obs_mod_access.html">Obsolete Apache Module mod_access</a></li>
<li><a href="mod/obs_mod_auth.html">Obsolete Apache Module mod_auth</a></li>
<li><a href="mod/obs_mod_auth_anon.html">Obsolete Apache Module mod_auth_anon</a></li>
<li><a href="mod/obs_mod_auth_dbm.html">Obsolete Apache Module mod_auth_dbm</a></li>
<li><a href="mod/obs_mod_auth_digest.html">Obsolete Apache Module mod_auth_digest</a></li>
</ul></div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div><div class="section"><h2><a name="developer" id="developer">Developer Documentation</a></h2><ul><li class="separate"><a href="developer/">Overview</a></li>
<li><a href="developer/API.html">Apache API notes</a></li>
<li><a href="developer/debugging.html">Debugging Memory Allocation in APR</a></li>

6
docs/manual/sitemap.xml
View File

@@ -186,12 +186,6 @@ Server on HPUX</page>
<modulefile>perchild.xml</modulefile>
<modulefile>prefork.xml</modulefile>
<modulefile>worker.xml</modulefile>
<modulefile>obs_mod_access.xml</modulefile>
<modulefile>obs_mod_auth.xml</modulefile>
<modulefile>obs_mod_auth_anon.xml</modulefile>
<modulefile>obs_mod_auth_dbm.xml</modulefile>
<modulefile>obs_mod_auth_digest.xml</modulefile>
</modulefilelist>
</category>

6
docs/manual/style/css/manual.css
View File

@@ -537,7 +537,7 @@ div#quickview ul#toc {
padding: 0;
}
#module-index div#quickview ul#toc,
/* #module-index div#quickview ul#toc, */
#manual-page div#quickview ul#toc {
margin-left: 0;
}
@@ -552,14 +552,14 @@ div#quickview li img {
display: none;
}
#module-index div#quickview ul#toc,
/* #module-index div#quickview ul#toc, */
#manual-page div#quickview ul#toc,
div#quickview #topics,
div#quickview .seealso {
padding-left: 15px;
}
#module-index div#quickview ul#toc li,
/* #module-index div#quickview ul#toc li, */
#manual-page div#quickview ul#toc li,
div#quickview #topics li,
div#quickview .seealso li {

13
docs/manual/style/xsl/moduleindex.xsl
View File

@@ -14,7 +14,7 @@
<body id="module-index">
<xsl:call-template name="top"/>
<div id="page-content">
<!-- <div id="page-content"> -->
<div id="preamble">
<h1>
<xsl:value-of select="title"/>
@@ -23,6 +23,7 @@
<xsl:apply-templates select="summary" />
</div>
<!--
<div id="quickview">
<ul id="toc">
<li>
@@ -49,7 +50,9 @@
</a>
</li>
</ul>
</div> <!-- /quickview -->
</div>
-->
<!-- /quickview -->
<xsl:call-template name="toplink"/>
@@ -115,6 +118,7 @@
</div>
<!-- /modules section -->
<!--
<xsl:call-template name="toplink"/>
<div class="section">
@@ -148,15 +152,16 @@
</dd>
<xsl:text>
</xsl:text> <!-- insert line break -->
</xsl:text>
</xsl:if>
</xsl:for-each>
</dl>
</div>
-->
<!-- /obsolete section -->
</div> <!-- /page-content -->
<!-- </div> <!- /page-content -->
<xsl:call-template name="bottom"/>

6
docs/manual/style/xsl/sitemap.xsl
View File

@@ -209,6 +209,7 @@
</ul>
<!-- obsolete modules -->
<!--
<ul>
<xsl:for-each select="modulefile">
<xsl:sort select="document(concat($basedir,'mod/',.))/modulesynopsis/name"/>
@@ -224,12 +225,13 @@
</li>
<xsl:text>
</xsl:text> <!-- insert line break -->
</xsl:text>
</xsl:if>
</xsl:for-each>
<!-- /other modules -->
</ul>
-->
<!-- /obsolete modules -->
</xsl:template>
<!-- /category/modulefilelist -->