www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-26 05:42:34 +03:00
Code Activity
Files
006dfb41f0268e31dba93e83fa5f1271d7325396
apache/docs/manual/mod/mod_auth_anon.html
dgaudet cb5bff9e93 |From Martin.Kraemer@mch.sni.de Mon Sep 15 21:04:46 1997 
|Date: Fri, 5 Sep 1997 14:22:32 +0200 (MET DST)
|From: Martin Kraemer <Martin.Kraemer@mch.sni.de>
|Reply-To: new-httpd@apache.org
|To: Apache Mailing List <new-httpd@apache.org>
|Subject: [DOC] mod_auth_anon.html corrections
|
|The mod_auth_anon.html documentation describes the default of
|the Anonymous_LogEmail and Anonymous_MustGiveEmail being "off", but in
|the code, the default seems to be "on".
|
|The "Example" section could be improved because when used as-is, the
|server returns a [500] server error (configuration error:  couldn't check
|user.  No user file?). I added a comment to clarify things.

Submitted by:	Martin Kraemer
Reviewed by:	Dean Gaudet


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@79267 13f79535-47bb-0310-9956-ffa450edef68
1997-09-16 04:06:03 +00:00

252 lines
8.9 KiB
HTML
Raw Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<TITLE>Apache module mod_auth_anon.c</TITLE>
</HEAD>
<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
<BODY
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#000080"
ALINK="#FF0000"
>
<!--#include virtual="header.html" -->
<H1 ALIGN="CENTER">Module mod_auth_anon</H1>
This module is contained in the <code>mod_auth_anon.c</code> file and
is not compiled in by default. It is only available in Apache 1.1 and
later. It allows "anonymous" user access to authenticated areas.
<h2>Summary</h2>
It does access control in a manner similar to anonymous-ftp sites; i.e.
have a 'magic' user id 'anonymous' and the email address as a password.
These email addresses can be logged.
<p>
Combined with other (database) access control methods, this allows for
effective user tracking and customization according to a user profile
while still keeping the site open for 'unregistered' users. One advantage
of using Auth-based user tracking is that, unlike magic-cookies and
funny URL pre/postfixes, it is completely browser independent and it
allows users to share URLs.
<p>
<a href="#Directives">Directives</a> /
<a href="#Example">Example</a> /
<a href="#CompileTimeOptions">Compile time options</a> /
<a href="#RevisionHistory">RevisionHistory</a> /
<a href="#Person">Person to blame</a> /
<a href="#Sourcecode">Sourcecode</a>
<p>
<h2><a name="Directives">Directives</a></h2>
<ul>
<li><A HREF="#anonymous">Anonymous</A>
<li><A HREF="#Authoritative">Anonymous_Authoritative</A>
<li><A HREF="#LogEmail">Anonymous_LogEmail</A>
<li><A HREF="#MustGiveEmail">Anonymous_MustGiveEmail</A>
<li><A HREF="#NoUserID">Anonymous_NoUserID</A>
<li><A HREF="#VerifyEmail">Anonymous_VerifyEmail</A>
</ul>
<hr>
<h2><A name="anonymous">Anonymous directive</A></h2>
<!--%plaintext &lt;?INDEX {\tt Anonymous} directive&gt; -->
<strong>Syntax:</strong> Anonymous <em>user user ...</em><br>
<strong>Default:</strong> none<br>
<strong>Context:</strong> directory, .htaccess<br>
<strong>Override:</strong> AuthConfig<br>
<strong>Status:</strong> Extension<br>
<strong>Module:</strong> mod_auth_anon<p>
A list of one or more 'magic' userIDs which are allowed access
without password verification. The userIDs are space separated.
It is possible to use the ' and " quotes to allow a space in
a userID as well as the \ escape character.
<p>
Please note that the comparison is <b>case-IN-sensitive</b>.
<br>
I strongly suggest that the magic username '<code>anonymous</code>'
is always one of the allowed userIDs.
<p>
Example:<br>
<code>
Anonymous anonymous "Not Registered" 'I don\'t know'
</code><p>
This would allow the user to enter without password verification
by using the userId's 'anonymous', 'AnonyMous','Not Registered' and
'I Don't Know'.
<HR>
<h2><A name="Authoritative">Anonymous_Authoritative directive</A></h2>
<strong>Syntax:</strong> Anonymous_Authoritative <em>on | off</em><br>
<strong>Default:</strong> <code>Anonymous_Authoritative off</code><br>
<strong>Context:</strong> directory, .htaccess<br>
<strong>Override:</strong> AuthConfig<br>
<strong>Status:</strong> Extension<br>
<strong>Module:</strong> mod_auth_anon<p>
When set 'on', there is no
fall-through to other authorization methods. So if a
userID does not match the values specified in the
<code>Anonymous</code> directive, access is denied.
<p>
Be sure you know what you are doing when you decide to switch
it on. And remember that it is the linking order of the modules
(in the Configuration / Make file) which details the order
in which the Authorization modules are queried.
<hr>
<h2><A name="LogEmail">Anonymous_LogEmail directive</A></h2>
<strong>Syntax:</strong> Anonymous_LogEmail <em>on | off</em><br>
<strong>Default:</strong> <code>Anonymous_LogEmail on</code><br>
<strong>Context:</strong> directory, .htaccess<br>
<strong>Override:</strong> AuthConfig<br>
<strong>Status:</strong> Extension<br>
<strong>Module:</strong> mod_auth_anon<p>
When set 'on', the default, the 'password' entered (which hopefully
contains a sensible email address) is logged in the httpd-log file.
<hr>
<h2><A name="MustGiveEmail">Anonymous_MustGiveEmail directive</A></h2>
<!--%plaintext &lt;?INDEX {\tt Anonymous_MustGiveEmail} directive&gt; -->
<strong>Syntax:</strong> Anonymous_MustGiveEmail <em>on</em> | <em>off</em><br>
<strong>Default:</strong> <code>Anonymous_MustGiveEmail on</code><br>
<strong>Context:</strong> directory, .htaccess<br>
<strong>Override:</strong> AuthConfig<br>
<strong>Status:</strong> Extension<br>
<strong>Module:</strong> mod_auth_anon<p>
Specifies whether the user must specify an email
address as the password. This prohibits blank passwords.
<HR>
<h2><A name="NoUserID">Anonymous_NoUserID directive</A></h2>
<strong>Syntax:</strong> Anonymous_NoUserID <em>on | off</em><br>
<strong>Default:</strong> <code>Anonymous_NoUserID off</code><br>
<strong>Context:</strong> directory, .htaccess<br>
<strong>Override:</strong> AuthConfig<br>
<strong>Status:</strong> Extension<br>
<strong>Module:</strong> mod_auth_anon<p>
When set 'on', users can leave
the userID (and perhaps the password field) empty. This
can be very convenient for MS-Explorer users who can
just hit return or click directly on the OK button; which
seems a natural reaction.
<hr>
<h2><A name="VerifyEmail">Anonymous_VerifyEmail directive</A></h2>
<strong>Syntax:</strong> Anonymous_VerifyEmail <em>on | off</em><br>
<strong>Default:</strong> <code>Anonymous_VerifyEmail off</code><br>
<strong>Context:</strong> directory, .htaccess<br>
<strong>Override:</strong> AuthConfig<br>
<strong>Status:</strong> Extension<br>
<strong>Module:</strong> mod_auth_anon<p>
When set 'on' the 'password' entered is
checked for at least one '@' and a '.' to encourage users to enter
valid email addresses (see the above <code>Auth_LogEmail</code>).
<hr>
<h2><a name="Example">Example</A></h2>
The example below (when combined with the Auth directives
of a htpasswd-file based (or GDM, mSQL etc) base access
control system allows users in as 'guests' with the
following properties:
<ul>
<li>
It insists that the user enters a userId. (<code>Anonymous_NoUserId</code>)
<li>
It insists that the user enters a password. (<code>Anonymous_MustGiveEmail</code>)
<li>
The password entered must be a valid email address, ie. contain at least one '@' and a '.'.
(<code>Anonymous_VerifyEmail</code>)
<li>
The userID must be one of <code>anonymous guest www test welcome</code>
and comparison is <b>not</b> case sensitive.
<li>
And the Email addresses entered in the passwd field are logged to
the httpd-log file
(<code>Anonymous_LogEmail</code>)
</ul>
<p>
Excerpt of access.conf:
<blockquote><code>
Anonymous_NoUserId off<br>
Anonymous_MustGiveEmail on<br>
Anonymous_VerifyEmail on<br>
Anonymous_LogEmail on<br>
Anonymous anonymous guest www test welcome<p>
<p>
AuthName Use 'anonymous' & Email address for guest entry<br>
AuthType basic
<p>
# An AuthUserFile/AuthDBUserFile/AuthDBMUserFile<br>
# directive must be specified, or use<br>
# Anonymous_Authoritative for public access.<br>
# In the .htaccess for the public directory, add:<br>
&lt;Files *&gt;<br>
order deny,allow <br>
allow from all <br>
<p>
require valid-user <br>
&lt;/Files&gt;<br>
</code></blockquote>
<hr>
<h2><a name="CompileTimeOptions">Compile Time Options</a></h2>
Currently there are no Compile options.
<hr>
<h2><a name="RevisionHistory">Revision History</a></h2>
This version: 23 Nov 1995, 24 Feb 1996, 16 May 1996.
<dl>
<dt>Version 0.4<br></dt>
<dd>First release
</dd>
<dt>Version 0.5<br></dt>
<dd>Added 'VerifyEmail' and 'LogEmail' options. Multiple
'anonymous' tokens allowed. more docs. Added Authoritative
functionality.
</dd>
</dl>
<hr>
<h2><a name="Person">Contact/person to blame</a></h2>
This module was written for the
<a href="http://ewse.ceo.org">European Wide Service Exchange</a> by
&lt<a href="mailto:Dirk.vanGulik@jrc.it"><code>Dirk.vanGulik@jrc.it</code></a>&gt.
Feel free to contact me if you have any problems, ice-creams or bugs. This
documentation, courtesy of Nick Himba, <a href="mailto:himba@cs.utwente.nl">
<code>&lt;himba@cs.utwente.nl&gt;</code></a>.
<p>
<hr>
<h2><a NAME="Sourcecode">Sourcecode</a></h2>
The source code can be found at <a href="http://www.apache.org"><code>
http://www.apache.org</code></a>. A snapshot of a development version
usually resides at <a href="http://me-www.jrc.it/~dirkx/mod_auth_anon.c"><code>
http://me-www.jrc.it/~dirkx/mod_auth_anon.c</code></a>. Please make sure
that you always quote the version you use when filing a bug report.
<p>
<!--#include virtual="footer.html" -->
</body>
</html>
View Git Blame Copy Permalink