<html>

<head>

<title>Module mod_auth_anon.c</title>

</head>

<body>

<H1>Module mod_auth_anon</H1>

This module is contained in the <code>mod_auth_anon.c</code> file and

is compiled in by default. It is only available in Apache 1.1 and

later.

<p>

It does access control in a manner similar to anonymous-ftp sites; i.e.

have a 'magic' user id 'anonymous' and the email address as a password.

These email addresses can be logged.

<p>

Combined with other (database) access control methods, this allows for

effective user tracking and customization according to a user profile

while still keeping the site open for 'unregistered' users. One advantage

of using Auth-based user tracking is that, unlike magic-cookies and

funny URL pre/postfixes, it is completely browser independent and it

allows users to share URLs.

<p>

<a href="#FullDescription">Full description</a> /

<a href="#Example">Example</a> /

<a href="#CompileTimeOptions">Compile time options</a> /

<a href="#RevisionHistory">RevisionHistory</a> /

<a href="#Person">Person to blame</a> /

<a href="#Sourcecode">Sourcecode</a>

<p>

<hr><h2><a name="FullDescription">Full description of all tokens</a></h2>

<dl>

<code><dt>

Anonymous &lt; Space separated list &gt

</code></dt><dd>

A list of one or more 'magic' userIDs which are allowed access

without password verification. The userIDs are space separated.

It is possible to use the ' and " quotes to allow a space in

a userID as well as the \ escape character.

<p>

Please note that the comparison is <b>case-IN-sensitive</b>.

<br>

I strongly suggest that the magic username '<code>anonymous</code>'

is always one of the allowed userIDs.

<p>

Example:<br>

<code>

Anonymous: anonymous "Not Registered" 'I don\'t know'

</code><p>

This would allow the user to enter without password verification

by using the userId's 'anonymous', 'AnonyMous','Not Registered' and

'I Don't Know'.

</dd>

<code><dt>

Anonymous_LogEmail &lt; on | off &gt

</code></dt><dd>

When set 'on', the default, the 'password' entered (which hopefully

contains a sensible email address) is logged in the httpd-log file.

</dd>

<code><dt>

Anonymous_VerifyEmail &lt; on | off &gt

</code></dt><dd>

When set 'on', the default is 'off', the 'password' entered is

checked for at least one '@' and a '.' to encourage users to enter

valid email addressses (see the above <code>Auth_LogEmail</code>.

</dd>

<code><dt>

Anonymous_NoUserID &lt; on | off &gt

</code></dt><dd>

When set 'on', the default is 'off', users can leave

the userID (and perhaps the password field) empty. This

can be very convenient for MS-Explorer users who can

just hit return or click directly on the OK button; which

seems a natural reaction.

</dd>

<code><dt>

<a name="Authorative">Anonymous_Authorative &lt; on | off &gt</a>

</code></dt><dd>

Default is 'off'. When set 'on', there is no

fall-through to other authorization methods. So if a

userID does not match the values specified in the

<code>Anonymous</code> directive, access is denied.

<p>

Be sure you know what you are doing when you decide to switch

it on. And remember that it is the linking order of the modules

(in the Configuration / Make file) which details the order

in which the Authorization modules are queried.

</dd>

</dl>

<hr><a name="Example"><h2>Example</h2></a>

The example below (when combined with the Auth directives

of a htpasswd-file based (or GDM, mSQL etc) base access

control system allows users in as 'guests' with the

following properties:

<ul>

<li>

It insists that the user enters a userId. (<code>Anonymous_NoUserId</code>)

<li>

It insists that the user enters a password. (<code>Anonymous_MustGiveEmail</code>)

<li>

The password entered must be a valid email address, ie. contain at least one '@' and a '.'.

(<code>Anonymous_VerifyEmail</code>)

<li>

The userID must be one of <code>anonymous guest www test welcome</code>

and comparison is <b>not</b> case sensitive.

<code>&lt;directory /web/docs/public&gt;</code>

<li>

And the Email addresses entered in the passswd field are logged to

the httpd-log file

(<code>Anonymous_LogEmail</code>)

</ul>

<p>

Excerp of access.conf:

<dl>

<dt><code>

Anonymous anonymous guest www test welcome<p>

Anonymous_MustGiveEmail on<br>

Anonymous_VerifyEmail on<br>

Anonymous_NoUserId off<br>

Anonymous_LogEmail on<br>

<p>

AuthName Use 'anonymous' & Email address for guest entry<br>

AuthType basic<p>

</code></dt>

<dd>

Normal Apache/NCSA tokens for access control

<p>

<code>&lt;limit get post head&gt</code><br>

<code>order deny,allow </code><br>

<code>allow from all </code><br>

<p>

<code>require valid-user </code><br>

<code>&lt;limit&gt </code><br>

</dd>

</dl>

<hr><h2><a name="CompileTimeOptions">Compile Time Options</a></h2>

Currently there are no Compile options.

<hr><h2><a name="RevisionHistory">Revision History</a></h2>

This version: 23 Nov 1995, 24 Feb 1996, 16 May 1996.

<dl>

<dt>Version 0.4<br></dt>

<dd>First release

</dd>

<dt>Version 0.5<br></dt>

<dd>Added 'VerifyEmail' and 'LogEmail' options. Multiple

'anonymous' tokes allowed. more docs. Added Authorative

functionality.

</dd>

</dl>

<hr><h2><a name="Person">Contact/person to blame</a></h2>

This module was written for the

<a href="http://ewse.ceo.org">European Wide Service Exchange</a> by

&lt<a href="mailto:Dirk.vanGulik@jrc.it"><code>Dirk.vanGulik@jrc.it</code></a>&gt.

Feel free to contact me if you have any problems, icecreams or bugs. This

documentation, courtesy of Nick Himba, <a href="mailto:himba@cs.utwente.nl">

<code>&lt;himba@cs.utwente.nl&gt;</code></a>.

<p>

<hr><h2><a NAME="Sourcecode">Sourcecode</a></h2>

The source code can be found at <a href="http://www.apache.org"><code>

http://www.apache.org</code></a>. A snapshot of a development version

usually resides at <a href="http://me-www.jrc.it/~dirkx/mod_auth_anon.c"><code>

http://me-www.jrc.it/~dirkx/mod_auth_anon.c</code></a>. Please make sure

that you always quote the version you use when filing a bug report.

<p>

</body>

</html>