apache/docs/manual/mod/mod_authz_user.xml

<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
<modulesynopsis metafile="mod_authz_user.xml.meta">

<name>mod_authz_user</name> 
<description>User Authorization</description>
<status>Base</status>
<sourcefile>mod_authz_user.c</sourcefile>
<identifier>authz_user_module</identifier>
<compatibility>Available in Apache 2.1 and later</compatibility>

<summary>
    <p>This module provides authorization capabilities so that
    authenticated users can be allowed or denied access to portions
    of the web site. <module>mod_authz_user</module> grants
    access if the authenticated user is listed in a <code>Require user</code>
    directive. Alternatively <code>require valid-user</code> can be used to
    grant access to all successfully authenticated users.</p>
</summary>
<seealso><directive module="core">Require</directive></seealso>
<seealso><directive module="core">Satisfy</directive></seealso>

<directivesynopsis>
<name>AuthzUserAuthoritative</name>
<description>Sets whether authorization will be passed on to lower level
modules</description>
<syntax>AuthzUserAuthoritative On|Off</syntax>
<default>AuthzUserAuthoritative On</default>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>

<usage>
    <p>Setting the <directive>AuthzUserAuthoritative</directive>
    directive explicitly to <code>Off</code> allows for
    user authorization to be passed on to lower level modules (as defined
    in the <code>modules.c</code> files) if there is <strong>no
    user</strong> matching the supplied userID.</p>

    <p>By default, control is not passed on and an unknown user
    will result in an Authentication Required reply. Not
    setting it to <code>Off</code> thus keeps the system secure and forces
    an NCSA compliant behaviour.</p>
</usage>
</directivesynopsis>

</modulesynopsis>