mod_auth_basic.xml revision 35ffb30f57f777dbf3f17c5a5ddf706559942c16
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<!DOCTYPE modulesynopsis SYSTEM "/style/modulesynopsis.dtd">
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<?xml-stylesheet type="text/xsl" href="/style/manual.en.xsl"?>
5f5d1b4cc970b7f06ff8ef6526128e9a27303d88nd<modulesynopsis>
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding<compatibility>Available in Apache 2.1 and later</compatibility>
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd <p>This module allows the use of HTTP Basic Authentication to
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd restrict access by looking up users in the given providers.
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd HTTP Digest Authentication is provided by
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd<seealso><directive module="core">AuthName</directive></seealso>
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd<seealso><directive module="core">AuthType</directive></seealso>
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd<directivesynopsis>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<description>Sets the authentication provider(s) for this location</description>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<syntax>AuthBasicProvider On|Off|<var>provider-name</var>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<contextlist><context>directory</context></contextlist>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz <p>The <directive>AuthBasicProvider</directive> directive sets
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz which provider is used to authenticate the users for this location.
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz Setting the value to <code>On</code> will choose the default provider
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz (<code>file</code>). Since the <code>file</code> provider is implemented
3604deb3632beeca54cfdb3864d872715971c300slive by the <module>mod_authn_file</module> module, you have to make sure,
3604deb3632beeca54cfdb3864d872715971c300slive that the module is present in the server.</p>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz <Location /secure><br />
87a0e78ba862eb998ccd545ae27c46c7ef89215abnicholes AuthBasicProvider dbm<br />
87a0e78ba862eb998ccd545ae27c46c7ef89215abnicholes AuthDBMType SDBM<br />
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz Require valid-user<br />
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz </Location>
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd <p>See <module>mod_authn_dbm</module> and <module>mod_authn_file</module>
3604deb3632beeca54cfdb3864d872715971c300slive for providers.</p>
f07998c217193b829f55c5ca8f4313ad5ba28f84nd <p>The value <code>Off</code> clears the provider list and sets it back
f07998c217193b829f55c5ca8f4313ad5ba28f84nd to the default.</p>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz</directivesynopsis>
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd<directivesynopsis>
3604deb3632beeca54cfdb3864d872715971c300slive<description>Sets whether authorization and authentication are passed to
3604deb3632beeca54cfdb3864d872715971c300slivelower level modules</description>
6f10385908fbdfd4849e4bc50e690ee54c62f2cdhumbedooh<contextlist><context>directory</context><context>.htaccess</context>
6f10385908fbdfd4849e4bc50e690ee54c62f2cdhumbedooh</contextlist>
6f10385908fbdfd4849e4bc50e690ee54c62f2cdhumbedooh <p>Setting the <directive>AuthBasicAuthoritative</directive> directive
6f10385908fbdfd4849e4bc50e690ee54c62f2cdhumbedooh authentication and authorization to be passed on to lower level
6f10385908fbdfd4849e4bc50e690ee54c62f2cdhumbedooh modules (as defined in the <code>modules.c</code> files) if there is
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd <strong>no userID</strong> or <strong>rule</strong> matching the
41618b507c149c7adf89bd92a0cc2c6962a29dcfcovener supplied userID. If there is a userID and/or rule specified, the usual
860b4efe27e7c1c9a2bf5c872b29c90f76849b51jim password and access checks will be applied and a failure will give
41618b507c149c7adf89bd92a0cc2c6962a29dcfcovener an Authorization Required reply.</p>
41618b507c149c7adf89bd92a0cc2c6962a29dcfcovener <p>So if a userID appears in the database of more than one module;
3604deb3632beeca54cfdb3864d872715971c300slive or if a valid <directive module="core">Require</directive>
3604deb3632beeca54cfdb3864d872715971c300slive directive applies to more than one module; then the first module
5632f75dd34db0112cf4b6b7527eb538c80d976cniq will verify the credentials; and no access is passed on;
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz regardless of the AuthAuthoritative setting.</p>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz <p>By default control is not passed on and an unknown userID or
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz rule will result in an Authorization Required reply. Not setting
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz it thus keeps the system secure and forces an NCSA compliant
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd behaviour.</p>
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd</directivesynopsis>
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd</modulesynopsis>