mirror of
https://github.com/apache/httpd.git
synced 2025-06-03 10:42:03 +03:00
b68721ed3a
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102617 13f79535-47bb-0310-9956-ffa450edef68
109 lines
4.2 KiB
XML
109 lines
4.2 KiB
XML
<?xml version="1.0"?>
|
|
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
|
|
<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
|
|
|
|
<!--
|
|
Copyright 2002-2004 The Apache Software Foundation
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
-->
|
|
|
|
<modulesynopsis metafile="mod_authz_groupfile.xml.meta">
|
|
|
|
<name>mod_authz_groupfile</name>
|
|
<description>Group authorization using plaintext files</description>
|
|
<status>Base</status>
|
|
<sourcefile>mod_authz_groupfile.c</sourcefile>
|
|
<identifier>authz_groupfile_module</identifier>
|
|
<compatibility>Available in Apache 2.1 and later</compatibility>
|
|
|
|
<summary>
|
|
<p>This module provides authorization capabilities so that
|
|
authenticated users can be allowed or denied access to portions
|
|
of the web site by group membership. Similar functionality is
|
|
provided by <module>mod_authz_dbm</module>.</p>
|
|
</summary>
|
|
|
|
<seealso><directive module="core">Require</directive></seealso>
|
|
<seealso><directive module="core">Satisfy</directive></seealso>
|
|
|
|
<directivesynopsis>
|
|
<name>AuthGroupFile</name>
|
|
<description>Sets the name of a text file containing the list
|
|
of user groups for authentication</description>
|
|
<syntax>AuthGroupFile <var>file-path</var></syntax>
|
|
<contextlist><context>directory</context><context>.htaccess</context>
|
|
</contextlist>
|
|
<override>AuthConfig</override>
|
|
|
|
<usage>
|
|
<p>The <directive>AuthGroupFile</directive> directive sets the
|
|
name of a textual file containing the list of user groups for user
|
|
authentication. <var>File-path</var> is the path to the group
|
|
file. If it is not absolute, it is treated as relative to the <directive
|
|
module="core">ServerRoot</directive>.</p>
|
|
|
|
<p>Each line of the group file contains a groupname followed by a
|
|
colon, followed by the member usernames separated by spaces.</p>
|
|
|
|
<example><title>Example:</title>
|
|
mygroup: bob joe anne
|
|
</example>
|
|
|
|
<p>Note that searching large text files is <em>very</em>
|
|
inefficient; <directive module="mod_authz_dbm"
|
|
>AuthDBMGroupFile</directive> provides a much better performance.</p>
|
|
|
|
<note type="warning"><title>Security</title>
|
|
<p>Make sure that the <directive>AuthGroupFile</directive> is
|
|
stored outside the document tree of the web-server; do <em>not</em>
|
|
put it in the directory that it protects. Otherwise, clients may
|
|
be able to download the <directive>AuthGroupFile</directive>.</p>
|
|
</note>
|
|
</usage>
|
|
</directivesynopsis>
|
|
|
|
<directivesynopsis>
|
|
<name>AuthzGroupFileAuthoritative</name>
|
|
<description>Sets whether authorization will be passed on to lower level
|
|
modules</description>
|
|
<syntax>AuthzGroupFileAuthoritative On|Off</syntax>
|
|
<default>AuthzGroupFileAuthoritative On</default>
|
|
<contextlist><context>directory</context><context>.htaccess</context>
|
|
</contextlist>
|
|
<override>AuthConfig</override>
|
|
|
|
<usage>
|
|
<p>Setting the <directive>AuthzGroupFileAuthoritative</directive>
|
|
directive explicitly to <code>Off</code> allows for
|
|
group authorization to be passed on to lower level modules (as defined
|
|
in the <code>modules.c</code> files) if there is <strong>no
|
|
group</strong> matching the supplied userID.</p>
|
|
|
|
<p>By default, control is not passed on and an unknown group
|
|
will result in an Authentication Required reply. Not
|
|
setting it thus keeps the system secure and forces an NCSA
|
|
compliant behaviour.</p>
|
|
|
|
<note type="warning"><title>Security</title>
|
|
<p>Do consider the implications of allowing a user to
|
|
allow fall-through in his <code>.htaccess</code> file; and verify
|
|
that this is really what you want; Generally it is easier to just
|
|
secure a single <code>.htpasswd</code> file, than it is to secure
|
|
a database which might have more access interfaces.</p>
|
|
</note>
|
|
</usage>
|
|
</directivesynopsis>
|
|
|
|
</modulesynopsis>
|