www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-26 05:42:34 +03:00
Code Activity
Files
359ae809b83a85f843bc3a7149af4ee0fd1e61c2
apache/docs/manual/mod/mod_auth_anon.html
brian b2ab672f99 Moving files to mod/ 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@76995 13f79535-47bb-0310-9956-ffa450edef68
1996-11-21 08:12:53 +00:00

193 lines
6.1 KiB
HTML
Raw Blame History

<html>
<head>
<title>4.1a Module mod_auth_anon.c</title>
</head>
<body>
<h1>4.1a Module mod_auth_anon.</h1>
This module is contained in the <code>mod_auth_anon.c</code> file and
is compiled in by default. It is only available in Apache 1.1 and
later.
<p>
It does access control in a manner similar to anonymous-ftp sites; i.e.
have a 'magic' user id 'anonymous' and the email address as a password.
These email addresses can be logged.
<p>
Combined with other (database) access control methods, this allows for
effective user tracking and customization according to a user profile
while still keeping the site open for 'unregistered' users. One advantage
of using Auth-based user tracking is that, unlike magic-cookies and
funny URL pre/postfixes, it is completely browser independent and it
allows users to share URLs.
<p>
<a href="#FullDescription">Full description</a> /
<a href="#Example">Example</a> /
<a href="#CompileTimeOptions">Compile time options</a> /
<a href="#RevisionHistory">RevisionHistory</a> /
<a href="#Person">Person to blame</a> /
<a href="#Sourcecode">Sourcecode</a>
<p>
<hr><h2><a name="FullDescription">Full description of all tokens</a></h2>
<dl>
<code><dt>
Anonymous &lt; Space separated list &gt
</code></dt><dd>
A list of one or more 'magic' userIDs which are allowed access
without password verification. The userIDs are space separated.
It is possible to use the ' and " quotes to allow a space in
a userID as well as the \ escape character.
<p>
Please note that the comparison is <b>case-IN-sensitive</b>.
<br>
I strongly suggest that the magic username '<code>anonymous</code>'
is always one of the allowed userIDs.
<p>
Example:<br>
<code>
Anonymous: anonymous "Not Registered" 'I don\'t know'
</code><p>
This would allow the user to enter without password verification
by using the userId's 'anonymous', 'AnonyMous','Not Registered' and
'I Don't Know'.
</dd>
<code><dt>
Anonymous_LogEmail &lt; on | off &gt
</code></dt><dd>
When set 'on', the default, the 'password' entered (which hopefully
contains a sensible email address) is logged in the httpd-log file.
</dd>
<code><dt>
Anonymous_VerifyEmail &lt; on | off &gt
</code></dt><dd>
When set 'on', the default is 'off', the 'password' entered is
checked for at least one '@' and a '.' to encourage users to enter
valid email addressses (see the above <code>Auth_LogEmail</code>.
</dd>
<code><dt>
Anonymous_NoUserID &lt; on | off &gt
</code></dt><dd>
When set 'on', the default is 'off', users can leave
the userID (and perhaps the password field) empty. This
can be very convenient for MS-Explorer users who can
just hit return or click directly on the OK button; which
seems a natural reaction.
</dd>
<code><dt>
<a name="Authorative">Anonymous_Authorative &lt; on | off &gt</a>
</code></dt><dd>
Default is 'off'. When set 'on', there is no
fall-through to other authorization methods. So if a
userID does not match the values specified in the
<code>Anonymous</code> directive, access is denied.
<p>
Be sure you know what you are doing when you decide to switch
it on. And remember that it is the linking order of the modules
(in the Configuration / Make file) which details the order
in which the Authorization modules are queried.
</dd>
</dl>
<hr><a name="Example"><h2>Example</h2></a>
The example below (when combined with the Auth directives
of a htpasswd-file based (or GDM, mSQL etc) base access
control system allows users in as 'guests' with the
following properties:
<ul>
<li>
It insists that the user enters a userId. (<code>Anonymous_NoUserId</code>)
<li>
It insists that the user enters a password. (<code>Anonymous_MustGiveEmail</code>)
<li>
The password entered must be a valid email address, ie. contain at least one '@' and a '.'.
(<code>Anonymous_VerifyEmail</code>)
<li>
The userID must be one of <code>anonymous guest www test welcome</code>
and comparison is <b>not</b> case sensitive.
<code>&lt;directory /web/docs/public&gt;</code>
<li>
And the Email addresses entered in the passswd field are logged to
the httpd-log file
(<code>Anonymous_LogEmail</code>)
</ul>
<p>
Excerp of access.conf:
<dl>
<dt><code>
Anonymous anonymous guest www test welcome<p>
Anonymous_MustGiveEmail on<br>
Anonymous_VerifyEmail on<br>
Anonymous_NoUserId off<br>
Anonymous_LogEmail on<br>
<p>
AuthName Use 'anonymous' & Email address for guest entry<br>
AuthType basic<p>
</code></dt>
<dd>
Normal Apache/NCSA tokens for access control
<p>
<code>&lt;limit get post head&gt</code><br>
<code>order deny,allow </code><br>
<code>allow from all </code><br>
<p>
<code>require valid-user </code><br>
<code>&lt;limit&gt </code><br>
</dd>
</dl>
<hr><h2><a name="CompileTimeOptions">Compile Time Options</a></h2>
Currently there are no Compile options.
<hr><h2><a name="RevisionHistory">Revision History</a></h2>
This version: 23 Nov 1995, 24 Feb 1996, 16 May 1996.
<dl>
<dt>Version 0.4<br></dt>
<dd>First release
</dd>
<dt>Version 0.5<br></dt>
<dd>Added 'VerifyEmail' and 'LogEmail' options. Multiple
'anonymous' tokes allowed. more docs. Added Authorative
functionality.
</dd>
</dl>
<hr><h2><a name="Person">Contact/person to blame</a></h2>
This module was written for the
<a href="http://ewse.ceo.org">European Wide Service Exchange</a> by
&lt<a href="mailto:Dirk.vanGulik@jrc.it"><code>Dirk.vanGulik@jrc.it</code></a>&gt.
Feel free to contact me if you have any problems, icecreams or bugs. This
documentation, courtesy of Nick Himba, <a href="mailto:himba@cs.utwente.nl">
<code>&lt;himba@cs.utwente.nl&gt;</code></a>.
<p>
<hr><h2><a NAME="Sourcecode">Sourcecode</a></h2>
The source code can be found at <a href="http://www.apache.org"><code>
http://www.apache.org</code></a>. A snapshot of a development version
usually resides at <a href="http://me-www.jrc.it/~dirkx/mod_auth_anon.c"><code>
http://me-www.jrc.it/~dirkx/mod_auth_anon.c</code></a>. Please make sure
that you always quote the version you use when filing a bug report.
<p>
</body>
</html>
View Git Blame Copy Permalink