mod_auth_basic.xml revision 7db9f691a00ead175b03335457ca296a33ddf31b
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<!DOCTYPE modulesynopsis SYSTEM "/style/modulesynopsis.dtd">
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<?xml-stylesheet type="text/xsl" href="/style/manual.en.xsl"?>
169280c7e65362d4ed444ec262c3f22a6a280166nd<compatibility>Available in Apache 2.1 and later</compatibility>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz <p>This module allows the use of HTTP Basic Authentication to
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz restrict access by looking up users in the given providers.
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz HTTP Digest Authentication is provided by
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<seealso><directive module="core">AuthName</directive></seealso>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<seealso><directive module="core">AuthType</directive></seealso>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<directivesynopsis>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<description>Sets the authentication provider(s) for this location</description>
f07998c217193b829f55c5ca8f4313ad5ba28f84nd<contextlist><context>directory</context><context>.htaccess</context>
f07998c217193b829f55c5ca8f4313ad5ba28f84nd</contextlist>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz <p>The <directive>AuthBasicProvider</directive> directive sets
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd which provider is used to authenticate the users for this location.
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd Setting the value to <code>On</code> will choose the default provider
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd (<code>file</code>). Since the <code>file</code> provider is implemented
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd by the <module>mod_authn_file</module> module, you have to make sure,
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd that the module is present in the server.</p>
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd <Location /secure><br />
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd AuthBasicProvider dbm<br />
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd AuthDBMType SDBM<br />
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd Require valid-user<br />
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd </Location>
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd </example>
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd <p>See <module>mod_authn_dbm</module> and <module>mod_authn_file</module>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz for providers.</p>
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd <p>The value <code>Off</code> clears the provider list and sets it back
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd to the default.</p>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz</directivesynopsis>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<directivesynopsis>
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd<description>Sets whether authorization and authentication are passed to
35ffb30f57f777dbf3f17c5a5ddf706559942c16ndlower level modules</description>
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd<contextlist><context>directory</context><context>.htaccess</context>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz</contextlist>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz <p>Setting the <directive>AuthBasicAuthoritative</directive> directive
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz authentication and authorization to be passed on to lower level
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd modules (as defined in the <code>modules.c</code> files) if there is
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd <strong>no userID</strong> or <strong>rule</strong> matching the
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd supplied userID. If there is a userID and/or rule specified, the usual
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz password and access checks will be applied and a failure will give
e32acaab1dda74d937a24fac7840058dbd7f77a2nd an "Authentication Required" reply.</p>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz <p>So if a userID appears in the database of more than one module;
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz or if a valid <directive module="core">Require</directive>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz directive applies to more than one module; then the first module
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz will verify the credentials; and no access is passed on;
e32acaab1dda74d937a24fac7840058dbd7f77a2nd regardless of the <directive>AuthBasicAuthoritative</directive>
e32acaab1dda74d937a24fac7840058dbd7f77a2nd setting.</p>
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd <p>By default control is not passed on and an unknown userID or
e32acaab1dda74d937a24fac7840058dbd7f77a2nd rule will result in an "Authentication Required" reply. Not setting
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd it thus keeps the system secure and forces an NCSA compliant
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz behaviour.</p>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz</directivesynopsis>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz</modulesynopsis>