mod_auth_anon.html revision 2d30701ca0a1d1e35ddc8a1ca8e98c5ee44e7c28
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<TITLE>Apache module mod_auth_anon.c</TITLE>
</HEAD>
<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
<BODY
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#000080"
ALINK="#FF0000"
>
<!--#include virtual="header.html" -->
<H1 ALIGN="CENTER">Module mod_auth_anon</H1>
This module allows "anonymous" user access to authenticated areas.
<P><A
HREF="module-dict.html#Status"
REL="Help"
><STRONG>Status:</STRONG></A> Extension
<BR>
<A
HREF="module-dict.html#SourceFile"
REL="Help"
><STRONG>Source File:</STRONG></A> mod_auth_anon.c
<BR>
<A
HREF="module-dict.html#ModuleIdentifier"
REL="Help"
><STRONG>Module Identifier:</STRONG></A> anon_auth_module
</P>
<H2>Summary</H2>
<P>This module does access control in a manner similar to
anonymous-ftp sites; <EM>i.e.</EM> have a 'magic' user id 'anonymous'
and the email address as a password. These email addresses can be
logged.</p>
<p>Combined with other (database) access control methods, this allows for
effective user tracking and customization according to a user profile
while still keeping the site open for 'unregistered' users. One advantage
of using Auth-based user tracking is that, unlike magic-cookies and
funny URL pre/postfixes, it is completely browser independent and it
allows users to share URLs.</p>
<H2><A NAME="Directives">Directives</A></H2>
<UL>
<LI><A HREF="#anonymous">Anonymous</A>
<LI><A HREF="#Authoritative">Anonymous_Authoritative</A>
<LI><A HREF="#LogEmail">Anonymous_LogEmail</A>
<LI><A HREF="#MustGiveEmail">Anonymous_MustGiveEmail</A>
<LI><A HREF="#NoUserID">Anonymous_NoUserID</A>
<LI><A HREF="#VerifyEmail">Anonymous_VerifyEmail</A>
</UL>
<H2><A NAME="Example">Example</A></H2>
The example below (when combined with the Auth directives
of a htpasswd-file based (or GDM, mSQL <EM>etc.</EM>) base access
control system allows users in as 'guests' with the
following properties:
<UL>
<LI>
It insists that the user enters a userId. (<CODE>Anonymous_NoUserId</CODE>)
<LI>
It insists that the user enters a password.
(<CODE>Anonymous_MustGiveEmail</CODE>)
<LI>
The password entered must be a valid email address, ie. contain at least one
'@' and a '.'. (<CODE>Anonymous_VerifyEmail</CODE>)
<LI>
The userID must be one of <CODE>anonymous guest www test welcome</CODE>
and comparison is <STRONG>not</STRONG> case sensitive.
<LI>
And the Email addresses entered in the passwd field are logged to
the error log file
(<CODE>Anonymous_LogEmail</CODE>)
</UL>
<P>
Excerpt of access.conf:
<BLOCKQUOTE><CODE>
Anonymous_NoUserId off<BR>
Anonymous_MustGiveEmail on<BR>
Anonymous_VerifyEmail on<BR>
Anonymous_LogEmail on<BR>
Anonymous anonymous guest www test welcome<P>
<P>
AuthName "Use 'anonymous' &amp; Email address for guest entry"<BR>
AuthType basic
<P>
# An AuthUserFile/AuthDBUserFile/AuthDBMUserFile<BR>
# directive must be specified, or use<BR>
# Anonymous_Authoritative for public access.<BR>
# In the .htaccess for the public directory, add:<BR>
&lt;Files *&gt;<BR>
Order Deny,Allow <BR>
Allow from all <BR>
<P>
Require valid-user <BR>
&lt;/Files&gt;<BR>
</CODE></BLOCKQUOTE>
<HR>
<H2><A NAME="anonymous">Anonymous directive</A></H2>
<!--%plaintext &lt;?INDEX {\tt Anonymous} directive&gt; -->
<A
HREF="directive-dict.html#Syntax"
REL="Help"
><STRONG>Syntax:</STRONG></A> Anonymous <EM>user user ...</EM><BR>
<A
HREF="directive-dict.html#Default"
REL="Help"
><STRONG>Default:</STRONG></A> none<BR>
<A
HREF="directive-dict.html#Context"
REL="Help"
><STRONG>Context:</STRONG></A> directory, .htaccess<BR>
<A
HREF="directive-dict.html#Override"
REL="Help"
><STRONG>Override:</STRONG></A> AuthConfig<BR>
<A
HREF="directive-dict.html#Status"
REL="Help"
><STRONG>Status:</STRONG></A> Extension<BR>
<A
HREF="directive-dict.html#Module"
REL="Help"
><STRONG>Module:</STRONG></A> mod_auth_anon<P>
A list of one or more 'magic' userIDs which are allowed access
without password verification. The userIDs are space separated.
It is possible to use the ' and " quotes to allow a space in
a userID as well as the \ escape character.
<P>
Please note that the comparison is <STRONG>case-IN-sensitive</STRONG>.
<BR>
I strongly suggest that the magic username '<CODE>anonymous</CODE>'
is always one of the allowed userIDs.
<P>
Example:<BR>
<CODE>
Anonymous anonymous "Not Registered" 'I don\'t know'
</CODE><P>
This would allow the user to enter without password verification
by using the userId's 'anonymous', 'AnonyMous','Not Registered' and
'I Don't Know'.
<HR>
<H2><A NAME="Authoritative">Anonymous_Authoritative directive</A></H2>
<A
HREF="directive-dict.html#Syntax"
REL="Help"
><STRONG>Syntax:</STRONG></A> Anonymous_Authoritative <EM>on | off</EM><BR>
<A
HREF="directive-dict.html#Default"
REL="Help"
><STRONG>Default:</STRONG></A> <CODE>Anonymous_Authoritative off</CODE><BR>
<A
HREF="directive-dict.html#Context"
REL="Help"
><STRONG>Context:</STRONG></A> directory, .htaccess<BR>
<A
HREF="directive-dict.html#Override"
REL="Help"
><STRONG>Override:</STRONG></A> AuthConfig<BR>
<A
HREF="directive-dict.html#Status"
REL="Help"
><STRONG>Status:</STRONG></A> Extension<BR>
<A
HREF="directive-dict.html#Module"
REL="Help"
><STRONG>Module:</STRONG></A> mod_auth_anon<P>
When set 'on', there is no
fall-through to other authorization methods. So if a
userID does not match the values specified in the
<CODE>Anonymous</CODE> directive, access is denied.
<P>
Be sure you know what you are doing when you decide to switch
it on. And remember that it is the linking order of the modules
(in the Configuration / Make file) which details the order
in which the Authorization modules are queried.
<HR>
<H2><A NAME="LogEmail">Anonymous_LogEmail directive</A></H2>
<A
HREF="directive-dict.html#Syntax"
REL="Help"
><STRONG>Syntax:</STRONG></A> Anonymous_LogEmail <EM>on | off</EM><BR>
<A
HREF="directive-dict.html#Default"
REL="Help"
><STRONG>Default:</STRONG></A> <CODE>Anonymous_LogEmail on</CODE><BR>
<A
HREF="directive-dict.html#Context"
REL="Help"
><STRONG>Context:</STRONG></A> directory, .htaccess<BR>
<A
HREF="directive-dict.html#Override"
REL="Help"
><STRONG>Override:</STRONG></A> AuthConfig<BR>
<A
HREF="directive-dict.html#Status"
REL="Help"
><STRONG>Status:</STRONG></A> Extension<BR>
<A
HREF="directive-dict.html#Module"
REL="Help"
><STRONG>Module:</STRONG></A> mod_auth_anon<P>
When set 'on', the default, the 'password' entered (which hopefully
contains a sensible email address) is logged in the error log.
<HR>
<H2><A NAME="MustGiveEmail">Anonymous_MustGiveEmail directive</A></H2>
<!--%plaintext &lt;?INDEX {\tt Anonymous_MustGiveEmail} directive&gt; -->
<A
HREF="directive-dict.html#Syntax"
REL="Help"
><STRONG>Syntax:</STRONG></A> Anonymous_MustGiveEmail <EM>on</EM>
| <EM>off</EM><BR>
<A
HREF="directive-dict.html#Default"
REL="Help"
><STRONG>Default:</STRONG></A> <CODE>Anonymous_MustGiveEmail on</CODE><BR>
<A
HREF="directive-dict.html#Context"
REL="Help"
><STRONG>Context:</STRONG></A> directory, .htaccess<BR>
<A
HREF="directive-dict.html#Override"
REL="Help"
><STRONG>Override:</STRONG></A> AuthConfig<BR>
<A
HREF="directive-dict.html#Status"
REL="Help"
><STRONG>Status:</STRONG></A> Extension<BR>
<A
HREF="directive-dict.html#Module"
REL="Help"
><STRONG>Module:</STRONG></A> mod_auth_anon<P>
Specifies whether the user must specify an email
address as the password. This prohibits blank passwords.
<HR>
<H2><A NAME="NoUserID">Anonymous_NoUserID directive</A></H2>
<A
HREF="directive-dict.html#Syntax"
REL="Help"
><STRONG>Syntax:</STRONG></A> Anonymous_NoUserID <EM>on | off</EM><BR>
<A
HREF="directive-dict.html#Default"
REL="Help"
><STRONG>Default:</STRONG></A> <CODE>Anonymous_NoUserID off</CODE><BR>
<A
HREF="directive-dict.html#Context"
REL="Help"
><STRONG>Context:</STRONG></A> directory, .htaccess<BR>
<A
HREF="directive-dict.html#Override"
REL="Help"
><STRONG>Override:</STRONG></A> AuthConfig<BR>
<A
HREF="directive-dict.html#Status"
REL="Help"
><STRONG>Status:</STRONG></A> Extension<BR>
<A
HREF="directive-dict.html#Module"
REL="Help"
><STRONG>Module:</STRONG></A> mod_auth_anon<P>
When set 'on', users can leave
the userID (and perhaps the password field) empty. This
can be very convenient for MS-Explorer users who can
just hit return or click directly on the OK button; which
seems a natural reaction.
<HR>
<H2><A NAME="VerifyEmail">Anonymous_VerifyEmail directive</A></H2>
<A
HREF="directive-dict.html#Syntax"
REL="Help"
><STRONG>Syntax:</STRONG></A> Anonymous_VerifyEmail <EM>on | off</EM><BR>
<A
HREF="directive-dict.html#Default"
REL="Help"
><STRONG>Default:</STRONG></A> <CODE>Anonymous_VerifyEmail off</CODE><BR>
<A
HREF="directive-dict.html#Context"
REL="Help"
><STRONG>Context:</STRONG></A> directory, .htaccess<BR>
<A
HREF="directive-dict.html#Override"
REL="Help"
><STRONG>Override:</STRONG></A> AuthConfig<BR>
<A
HREF="directive-dict.html#Status"
REL="Help"
><STRONG>Status:</STRONG></A> Extension<BR>
<A
HREF="directive-dict.html#Module"
REL="Help"
><STRONG>Module:</STRONG></A> mod_auth_anon<P>
When set 'on' the 'password' entered is
checked for at least one '@' and a '.' to encourage users to enter
valid email addresses (see the above <CODE>Auth_LogEmail</CODE>).
<!--#include virtual="footer.html" -->
</BODY>
</HTML>