mirror of
https://github.com/apache/httpd.git
synced 2025-07-04 05:22:30 +03:00
fe00cab209
Add a reference to 2.5 for regex within AuthName and update the misleading 2.4.x reference in AuthType git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1834267 13f79535-47bb-0310-9956-ffa450edef68
246 lines
9.0 KiB
XML
246 lines
9.0 KiB
XML
<?xml version="1.0"?>
|
|
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
|
|
<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
|
|
<!-- $LastChangedRevision$ -->
|
|
|
|
<!--
|
|
Licensed to the Apache Software Foundation (ASF) under one or more
|
|
contributor license agreements. See the NOTICE file distributed with
|
|
this work for additional information regarding copyright ownership.
|
|
The ASF licenses this file to You under the Apache License, Version 2.0
|
|
(the "License"); you may not use this file except in compliance with
|
|
the License. You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
-->
|
|
|
|
<modulesynopsis metafile="mod_authn_core.xml.meta">
|
|
|
|
<name>mod_authn_core</name>
|
|
<description>Core Authentication</description>
|
|
<status>Base</status>
|
|
<sourcefile>mod_authn_core.c</sourcefile>
|
|
<identifier>authn_core_module</identifier>
|
|
<compatibility>Available in Apache 2.3 and later</compatibility>
|
|
|
|
<summary>
|
|
<p>This module provides core authentication capabilities to
|
|
allow or deny access to portions of the web site.
|
|
<module>mod_authn_core</module> provides directives that are
|
|
common to all authentication providers.</p>
|
|
</summary>
|
|
|
|
<section id="authnalias"><title>Creating Authentication Provider Aliases</title>
|
|
|
|
<p>Extended authentication providers can be created
|
|
within the configuration file and assigned an alias name. The alias
|
|
providers can then be referenced through the directives
|
|
<directive module="mod_auth_basic">AuthBasicProvider</directive> or
|
|
<directive module="mod_auth_digest">AuthDigestProvider</directive> in
|
|
the same way as a base authentication provider. Besides the ability
|
|
to create and alias an extended provider, it also allows the same
|
|
extended authentication provider to be reference by multiple
|
|
locations.</p>
|
|
|
|
<section id="example"><title>Examples</title>
|
|
|
|
<p>This example checks for passwords in two different text
|
|
files.</p>
|
|
|
|
<example><title>Checking multiple text password files</title>
|
|
<highlight language="config">
|
|
# Check here first
|
|
<AuthnProviderAlias file file1>
|
|
AuthUserFile "/www/conf/passwords1"
|
|
</AuthnProviderAlias>
|
|
|
|
# Then check here
|
|
<AuthnProviderAlias file file2>
|
|
AuthUserFile "/www/conf/passwords2"
|
|
</AuthnProviderAlias>
|
|
|
|
<Directory "/var/web/pages/secure">
|
|
AuthBasicProvider file1 file2
|
|
|
|
AuthType Basic
|
|
AuthName "Protected Area"
|
|
Require valid-user
|
|
</Directory>
|
|
</highlight>
|
|
</example>
|
|
|
|
<p>The example below creates two different ldap authentication
|
|
provider aliases based on the ldap provider. This allows
|
|
a single authenticated location to be serviced by multiple ldap
|
|
hosts:</p>
|
|
|
|
<example><title>Checking multiple LDAP servers</title>
|
|
<highlight language="config">
|
|
<AuthnProviderAlias ldap ldap-alias1>
|
|
AuthLDAPBindDN "cn=youruser,o=ctx"
|
|
AuthLDAPBindPassword yourpassword
|
|
AuthLDAPURL "ldap://ldap.host/o=ctx"
|
|
</AuthnProviderAlias>
|
|
<AuthnProviderAlias ldap ldap-other-alias>
|
|
AuthLDAPBindDN "cn=yourotheruser,o=dev"
|
|
AuthLDAPBindPassword yourotherpassword
|
|
AuthLDAPURL "ldap://other.ldap.host/o=dev?cn"
|
|
</AuthnProviderAlias>
|
|
|
|
Alias "/secure" "/webpages/secure"
|
|
<Directory "/webpages/secure">
|
|
AuthBasicProvider ldap-other-alias ldap-alias1
|
|
|
|
AuthType Basic
|
|
AuthName "LDAP Protected Place"
|
|
Require valid-user
|
|
# Note that Require ldap-* would not work here, since the
|
|
# AuthnProviderAlias does not provide the config to authorization providers
|
|
# that are implemented in the same module as the authentication provider.
|
|
</Directory>
|
|
</highlight>
|
|
</example>
|
|
</section>
|
|
|
|
</section>
|
|
|
|
|
|
<directivesynopsis>
|
|
<name>AuthName</name>
|
|
<description>Authorization realm for use in HTTP
|
|
authentication</description>
|
|
<syntax>AuthName <var>auth-domain</var></syntax>
|
|
<contextlist><context>directory</context><context>.htaccess</context>
|
|
</contextlist>
|
|
<override>AuthConfig</override>
|
|
|
|
<usage>
|
|
<p>This directive sets the name of the authorization realm for a
|
|
directory. This realm is given to the client so that the user
|
|
knows which username and password to send.
|
|
<directive>AuthName</directive> takes a single argument; if the
|
|
realm name contains spaces, it must be enclosed in quotation
|
|
marks. It must be accompanied by <directive
|
|
module="mod_authn_core">AuthType</directive> and <directive
|
|
module="mod_authz_core">Require</directive> directives, and directives such
|
|
as <directive module="mod_authn_file">AuthUserFile</directive> and
|
|
<directive module="mod_authz_groupfile">AuthGroupFile</directive> to
|
|
work.</p>
|
|
|
|
<p>For example:</p>
|
|
|
|
<highlight language="config">
|
|
AuthName "Top Secret"
|
|
</highlight>
|
|
|
|
<p>The string provided for the <code>AuthName</code> is what will
|
|
appear in the password dialog provided by most browsers.</p>
|
|
|
|
<p>From 2.5.0, <a href="../expr.html">expression syntax</a> can be
|
|
used inside the directive to produce the name dynamically.</p>
|
|
|
|
<p>For example:</p>
|
|
|
|
<highlight language="config">
|
|
AuthName "%{HTTP_HOST}"
|
|
</highlight>
|
|
|
|
</usage>
|
|
<seealso><a
|
|
href="../howto/auth.html">Authentication, Authorization, and
|
|
Access Control</a></seealso>
|
|
<seealso><module>mod_authz_core</module></seealso>
|
|
</directivesynopsis>
|
|
|
|
<directivesynopsis>
|
|
<name>AuthType</name>
|
|
<description>Type of user authentication</description>
|
|
<syntax>AuthType None|Basic|Digest|Form</syntax>
|
|
<contextlist><context>directory</context><context>.htaccess</context>
|
|
</contextlist>
|
|
<override>AuthConfig</override>
|
|
|
|
<usage>
|
|
<p>This directive selects the type of user authentication for a
|
|
directory. The authentication types available are <code>None</code>,
|
|
<code>Basic</code> (implemented by
|
|
<module>mod_auth_basic</module>), <code>Digest</code>
|
|
(implemented by <module>mod_auth_digest</module>), and
|
|
<code>Form</code> (implemented by <module>mod_auth_form</module>).</p>
|
|
|
|
<p>To implement authentication, you must also use the <directive
|
|
module="mod_authn_core">AuthName</directive> and <directive
|
|
module="mod_authz_core">Require</directive> directives. In addition, the
|
|
server must have an authentication-provider module such as
|
|
<module>mod_authn_file</module> and an authorization module such
|
|
as <module>mod_authz_user</module>.</p>
|
|
|
|
<p>The authentication type <code>None</code> disables authentication.
|
|
When authentication is enabled, it is normally inherited by each
|
|
subsequent <a href="../sections.html#mergin">configuration section</a>,
|
|
unless a different authentication type is specified. If no
|
|
authentication is desired for a subsection of an authenticated
|
|
section, the authentication type <code>None</code> may be used;
|
|
in the following example, clients may access the
|
|
<code>/www/docs/public</code> directory without authenticating:</p>
|
|
|
|
<highlight language="config">
|
|
<Directory "/www/docs">
|
|
AuthType Basic
|
|
AuthName Documents
|
|
AuthBasicProvider file
|
|
AuthUserFile "/usr/local/apache/passwd/passwords"
|
|
Require valid-user
|
|
</Directory>
|
|
|
|
<Directory "/www/docs/public">
|
|
AuthType None
|
|
Require all granted
|
|
</Directory>
|
|
</highlight>
|
|
|
|
<p>From 2.5.0, <a href="../expr.html">expression syntax</a> can be
|
|
used inside the directive to specify the type dynamically.</p>
|
|
|
|
<note>When disabling authentication, note that clients which have
|
|
already authenticated against another portion of the server's document
|
|
tree will typically continue to send authentication HTTP headers
|
|
or cookies with each request, regardless of whether the server
|
|
actually requires authentication for every resource.</note>
|
|
</usage>
|
|
|
|
<seealso><a href="../howto/auth.html">Authentication, Authorization,
|
|
and Access Control</a></seealso>
|
|
</directivesynopsis>
|
|
|
|
<directivesynopsis type="section">
|
|
<name>AuthnProviderAlias</name>
|
|
<description>Enclose a group of directives that represent an
|
|
extension of a base authentication provider and referenced by
|
|
the specified alias</description>
|
|
<syntax><AuthnProviderAlias <var>baseProvider Alias</var>>
|
|
... </AuthnProviderAlias></syntax>
|
|
<contextlist><context>server config</context>
|
|
</contextlist>
|
|
|
|
<usage>
|
|
<p><code><AuthnProviderAlias></code> and
|
|
<code></AuthnProviderAlias></code> are used to enclose a group of
|
|
authentication directives that can be referenced by the alias name
|
|
using one of the directives <directive module="mod_auth_basic">
|
|
AuthBasicProvider</directive> or <directive module="mod_auth_digest">
|
|
AuthDigestProvider</directive>.</p>
|
|
|
|
<note>This directive has no affect on authorization, even for modules that
|
|
provide both authentication and authorization.</note>
|
|
</usage>
|
|
</directivesynopsis>
|
|
|
|
</modulesynopsis>
|