mirror of
https://github.com/apache/httpd.git
synced 2025-11-06 16:49:32 +03:00
54c2f3418c
Probably overlooked one or two ;-) Some files are left unmodified, since the parts there aren't clear or have to be (re-)written: ebcdic.xml new_features_2_0.xml upgrading.xml git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97153 13f79535-47bb-0310-9956-ffa450edef68
204 lines
7.0 KiB
XML
204 lines
7.0 KiB
XML
<?xml version="1.0"?>
|
|
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
|
|
<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
|
|
<modulesynopsis>
|
|
|
|
<name>mod_authn_anon</name>
|
|
<description>Allows "anonymous" user access to authenticated
|
|
areas</description>
|
|
<status>Extension</status>
|
|
<sourcefile>mod_authn_anon.c</sourcefile>
|
|
<identifier>authn_anon_module</identifier>
|
|
<compatibility>Available in Apache 2.0.44 and later</compatibility>
|
|
|
|
<summary>
|
|
<p>This module does access control in a manner similar to
|
|
anonymous-ftp sites; <em>i.e.</em> have a 'magic' user id
|
|
'anonymous' and the email address as a password. These email
|
|
addresses can be logged.</p>
|
|
|
|
<p>Combined with other (database) access control methods, this
|
|
allows for effective user tracking and customization according
|
|
to a user profile while still keeping the site open for
|
|
'unregistered' users. One advantage of using Auth-based user
|
|
tracking is that, unlike magic-cookies and funny URL
|
|
pre/postfixes, it is completely browser independent and it
|
|
allows users to share URLs.</p>
|
|
</summary>
|
|
|
|
<section><title>Example</title>
|
|
|
|
<p>The example below (when combined with the Auth directives of a
|
|
htpasswd-file based (or GDM, mSQL <em>etc.</em>) base access
|
|
control system allows users in as 'guests' with the following
|
|
properties:</p>
|
|
|
|
<ul>
|
|
<li>It insists that the user enters a userId.
|
|
(<code>Anonymous_NoUserId</code>)</li>
|
|
|
|
<li>It insists that the user enters a password.
|
|
(<code>Anonymous_MustGiveEmail</code>)</li>
|
|
|
|
<li>The password entered must be a valid email address, ie.
|
|
contain at least one '@' and a '.'.
|
|
(<code>Anonymous_VerifyEmail</code>)</li>
|
|
|
|
<li>The userID must be one of <code>anonymous guest www test
|
|
welcome</code> and comparison is <strong>not</strong> case
|
|
sensitive.</li>
|
|
|
|
<li>And the Email addresses entered in the passwd field are
|
|
logged to the error log file
|
|
(<code>Anonymous_LogEmail</code>)</li>
|
|
</ul>
|
|
|
|
<p>Excerpt of httpd.conf:</p>
|
|
|
|
<example>
|
|
Anonymous_NoUserId off<br />
|
|
Anonymous_MustGiveEmail on<br />
|
|
Anonymous_VerifyEmail on<br />
|
|
Anonymous_LogEmail on<br />
|
|
Anonymous anonymous guest www test welcome<br />
|
|
<br />
|
|
AuthName "Use 'anonymous' & Email address for
|
|
guest entry"<br />
|
|
AuthType basic<br />
|
|
<br />
|
|
# An
|
|
AuthUserFile/AuthDBMUserFile<br />
|
|
# directive must be specified, or use<br />
|
|
# Anonymous_Authoritative for public access.<br />
|
|
# In the .htaccess for the public directory, add:<br />
|
|
<Files *><br />
|
|
Order Deny,Allow<br />
|
|
Allow from all<br />
|
|
<br />
|
|
Require valid-user<br />
|
|
</Files><br />
|
|
</example>
|
|
</section>
|
|
|
|
<directivesynopsis>
|
|
<name>Anonymous</name>
|
|
<description>Specifies userIDs that areallowed access without
|
|
password verification</description>
|
|
<syntax>Anonymous <em>user</em> [<em>user</em>] ...</syntax>
|
|
<contextlist><context>directory</context><context>.htaccess</context>
|
|
</contextlist>
|
|
<override>AuthConfig</override>
|
|
|
|
<usage>
|
|
<p>A list of one or more 'magic' userIDs which are allowed
|
|
access without password verification. The userIDs are space
|
|
separated. It is possible to use the ' and " quotes to allow a
|
|
space in a userID as well as the \ escape character.</p>
|
|
|
|
<p>Please note that the comparison is
|
|
<strong>case-IN-sensitive</strong>.<br />
|
|
I strongly suggest that the magic username
|
|
'<code>anonymous</code>' is always one of the allowed
|
|
userIDs.</p>
|
|
|
|
<p>Example:</p>
|
|
<example>Anonymous anonymous "Not Registered" 'I don\'t know'</example>
|
|
|
|
<p>This would allow the user to enter without password
|
|
verification by using the userId's 'anonymous',
|
|
'AnonyMous','Not Registered' and 'I Don't Know'.</p>
|
|
</usage>
|
|
</directivesynopsis>
|
|
|
|
<directivesynopsis>
|
|
<name>Anonymous_Authoritative</name>
|
|
<description>Configures if authorization will fall-through
|
|
to other methods</description>
|
|
<syntax>Anonymous_Authoritative on|off</syntax>
|
|
<default>Anonymous_Authoritative off</default>
|
|
<contextlist><context>directory</context><context>.htaccess</context>
|
|
</contextlist>
|
|
<override>AuthConfig</override>
|
|
|
|
<usage>
|
|
<p>When set 'on', there is no fall-through to other authorization
|
|
methods. So if a userID does not match the values specified in the
|
|
<directive module="mod_authn_anon">Anonymous</directive> directive,
|
|
access is denied.</p>
|
|
|
|
<p>Be sure you know what you are doing when you decide to
|
|
switch it on. And remember that it is the linking order of the
|
|
modules (in the Configuration / Make file) which details the
|
|
order in which the Authorization modules are queried.</p>
|
|
</usage>
|
|
</directivesynopsis>
|
|
|
|
<directivesynopsis>
|
|
<name>Anonymous_LogEmail</name>
|
|
<description>Sets whether the password entered will be logged in the
|
|
error log</description>
|
|
<syntax>Anonymous_LogEmail on|off</syntax>
|
|
<default>Anonymous_LogEmail on</default>
|
|
<contextlist><context>directory</context><context>.htaccess</context>
|
|
</contextlist>
|
|
<override>AuthConfig</override>
|
|
|
|
<usage>
|
|
<p>When set <code>on</code>, the default, the 'password' entered
|
|
(which hopefully contains a sensible email address) is logged in
|
|
the error log.</p>
|
|
</usage>
|
|
</directivesynopsis>
|
|
|
|
<directivesynopsis>
|
|
<name>Anonymous_MustGiveEmail</name>
|
|
<description>Specifies whether blank passwords are allowed</description>
|
|
<syntax>Anonymous_MustGiveEmail on|off</syntax>
|
|
<default>Anonymous_MustGiveEmail on</default>
|
|
<contextlist><context>directory</context><context>.htaccess</context>
|
|
</contextlist>
|
|
<override>AuthConfig</override>
|
|
|
|
<usage>
|
|
<p>Specifies whether the user must specify an email address as
|
|
the password. This prohibits blank passwords.</p>
|
|
</usage>
|
|
</directivesynopsis>
|
|
|
|
<directivesynopsis>
|
|
<name>Anonymous_NoUserID</name>
|
|
<description>Sets whether the userID field may be empty</description>
|
|
<syntax>Anonymous_NoUserID on|off</syntax>
|
|
<default>Anonymous_NoUserID off</default>
|
|
<contextlist><context>directory</context><context>.htaccess</context>
|
|
</contextlist>
|
|
<override>AuthConfig</override>
|
|
|
|
<usage>
|
|
<p>When set <code>on</code>, users can leave the userID (and
|
|
perhaps the password field) empty. This can be very convenient for
|
|
MS-Explorer users who can just hit return or click directly on the
|
|
OK button; which seems a natural reaction.</p>
|
|
</usage>
|
|
</directivesynopsis>
|
|
|
|
<directivesynopsis>
|
|
<name>Anonymous_VerifyEmail</name>
|
|
<description>Sets whether to check the password field for a correctly
|
|
formatted email address</description>
|
|
<syntax>Anonymous_VerifyEmail on|off</syntax>
|
|
<default>Anonymous_VerifyEmail off</default>
|
|
<contextlist><context>directory</context><context>.htaccess</context>
|
|
</contextlist>
|
|
<override>AuthConfig</override>
|
|
|
|
<usage>
|
|
<p>When set <code>on</code> the 'password' entered is checked for
|
|
at least one '@' and a '.' to encourage users to enter valid email
|
|
addresses (see the above <directive
|
|
module="mod_authn_anon">Auth_LogEmail</directive>).</p>
|
|
</usage>
|
|
</directivesynopsis>
|
|
|
|
</modulesynopsis>
|