Creating Provider Aliases

mod_authn_core Core Authentication Base mod_authn_core.c authn_core_module Available in Apache 2.3 and later

This module provides core authentication capabilities to allow or deny access to portions of the web site. mod_authn_core provides directives that are common to all authentication providers.

Creating Provider Aliases

Extended authentication providers can be created within the configuration file and assigned an alias name. The alias providers can then be referenced through the directives AuthBasicProvider or AuthDigestProvider in the same way as a base authentication provider. Besides the ability to create and alias an extended provider, it also allows the same extended authentication provider to be reference by multiple locations.

Example

The example below creates two different ldap authentication provider aliases based on the ldap provider. This allows a single authenticated location can be serviced by multiple ldap hosts:

Example LoadModule authn_alias_module modules/mod_authn_alias.so

<AuthnProviderAlias ldap ldap-alias1>
AuthLDAPBindDN cn=youruser,o=ctx
AuthLDAPBindPassword yourpassword
AuthLDAPURL ldap://ldap.host/o=ctx
</AuthnProviderAlias>

<AuthnProviderAlias ldap ldap-other-alias>
AuthLDAPBindDN cn=yourotheruser,o=dev
AuthLDAPBindPassword yourotherpassword
AuthLDAPURL ldap://other.ldap.host/o=dev?cn
</AuthnProviderAlias>

Alias /secure /webpages/secure
<Directory /webpages/secure>
Order deny,allow
Allow from all

AuthBasicProvider ldap-other-alias ldap-alias1

AuthType Basic
AuthName LDAP_Protected_Place
require valid-user
</Directory>

AuthName Authorization realm for use in HTTP authentication AuthName auth-domain directory.htaccess AuthConfig

This directive sets the name of the authorization realm for a directory. This realm is given to the client so that the user knows which username and password to send. AuthName takes a single argument; if the realm name contains spaces, it must be enclosed in quotation marks. It must be accompanied by AuthType and Require directives, and directives such as AuthUserFile and AuthGroupFile to work.

For example:

AuthName "Top Secret"

The string provided for the AuthName is what will appear in the password dialog provided by most browsers.

Authentication, Authorization, and Access Control AuthType Type of user authentication AuthType Basic|Digest directory.htaccess AuthConfig

This directive selects the type of user authentication for a directory. The authentication types available are Basic (implemented by mod_auth_basic) and Digest (implemented by mod_auth_digest).

To implement authentication, you must also use the AuthName and Require directives. In addition, the server must have an authentication-provider module such as mod_authn_file and an authorization module such as mod_authz_user.

Authentication, Authorization, and Access Control AuthnProviderAlias Enclose a group of directives that represent an extension of a base authentication provider and referenced by the specified alias <AuthnProviderAlias baseProvider Alias> ... </AuthnProviderAlias> server config

AuthnProviderAlias and </AuthnProviderAlias> are used to enclose a group of authentication directives that can be referenced by the alias name using one of the directives AuthBasicProvider or AuthDigestProvider.