2605N/A<!
DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 2605N/A <
title>Apache module mod_auth_dbm</
title>
2605N/A <!-- Background white, links blue (unvisited), navy (visited), red (active) --> 2605N/A <
body bgcolor="#FFFFFF" text="#000000" link="#0000FF" 2605N/A vlink="#000080" alink="#FF0000">
2605N/A <
h1 align="CENTER">Module mod_auth_dbm</
h1>
2605N/A <
p>This module provides for user authentication using DBM
2605N/A rel="Help"><
strong>Status:</
strong></
a> Extension<
br />
2605N/A rel="Help"><
strong>Source File:</
strong></
a>
2605N/A rel="Help"><
strong>Module Identifier:</
strong></
a>
2900N/A <
p>This module provides for HTTP Basic Authentication, where
2605N/A the usernames and passwords are stored in DBM type database
2605N/A files. It is an alternative to the plain text password files
2605N/A Berkely DB password files provided by <
a 2900N/A <
li><
a href="#authdbmgroupfile">AuthDBMGroupFile</
a></
li>
2900N/A <
li><
a href="#authdbmuserfile">AuthDBMUserFile</
a></
li>
2900N/A <
li><
a href="#authdbmtype">AuthDBMType</
a></
li>
2605N/A href="#authdbmauthoritative">AuthDBMAuthoritative</
a></
li>
2605N/A <
h2><
a id="authdbmgroupfile" 2605N/A name="authdbmgroupfile">AuthDBMGroupFile</
a></
h2>
2605N/A <!--%plaintext <?INDEX {\tt AuthDBMGroupFile} directive> --> 2605N/A rel="Help"><
strong>Syntax:</
strong></
a> AuthDBMGroupFile
2605N/A rel="Help"><
strong>Context:</
strong></
a> directory,
2605N/A rel="Help"><
strong>Override:</
strong></
a> AuthConfig<
br />
2605N/A rel="Help"><
strong>Status:</
strong></
a> Extension<
br />
2605N/A rel="Help"><
strong>Module:</
strong></
a> mod_auth_dbm
2605N/A <
p>The AuthDBMGroupFile directive sets the name of a DBM file
2605N/A containing the list of user groups for user authentication.
2605N/A <
em>File-path</
em> is the absolute path to the group file.</
p>
2605N/A <
p>The group file is keyed on the username. The value for a
2605N/A user is a comma-separated list of the groups to which the users
2605N/A belongs. There must be no whitespace within the value, and it
2605N/A must never contain any colons.</
p>
<
p>Security: make sure that the AuthDBMGroupFile is stored
outside the document tree of the web-server; do <
em>not</
em>
put it in the directory that it protects. Otherwise, clients
will be able to download the AuthDBMGroupFile unless otherwise
<
p>Combining Group and Password DBM files: In some cases it is
easier to manage a single database which contains both the
password and group details for each user. This simplifies any
support programs that need to be written: they now only have to
deal with writing to and locking a single DBM file. This can be
accomplished by first setting the group and password files to
point to the same DBM:</
p>
The key for the single DBM is the username. The value consists
<
code>Unix Crypt-ed Password : List of Groups [ : (ignored)
The password section contains the Unix crypt() password as
before. This is followed by a colon and the comma separated
list of groups. Other data may optionally be left in the DBM
file after another colon; it is ignored by the authentication
password and group database.
<
p>See also <
a href="core.html#authname">AuthName</
a>, <
a href="core.html#authtype">AuthType</
a> and <
a href="#authdbmuserfile">AuthDBMUserFile</
a>.</
p>
<
h2><
a id="authdbmuserfile" name="authdbmuserfile">AuthDBMUserFile</
a></
h2>
<!--%plaintext <?INDEX {\tt AuthDBMUserFile} directive> --> rel="Help"><
strong>Syntax:</
strong></
a> AuthDBMUserFile
rel="Help"><
strong>Context:</
strong></
a> directory,
rel="Help"><
strong>Override:</
strong></
a> AuthConfig<
br />
rel="Help"><
strong>Status:</
strong></
a> Extension<
br />
rel="Help"><
strong>Module:</
strong></
a> mod_auth_dbm
<
p>The AuthDBMUserFile directive sets the name of a DBM file
containing the list of users and passwords for user
authentication. <
em>File-path</
em> is the absolute path to the
<
p>The user file is keyed on the username. The value for a user
is the crypt() encrypted password, optionally followed by a
colon and arbitrary data. The colon and the data following it
will be ignored by the server.</
p>
<
p>Security: make sure that the AuthDBMUserFile is stored
outside the document tree of the web-server; do <
em>not</
em>
put it in the directory that it protects. Otherwise, clients
will be able to download the AuthDBMUserFile.</
p>
<
p>Important compatibility note: The implementation of
"dbmopen" in the apache modules reads the string length of the
hashed values from the DBM data structures, rather than relying
upon the string being NULL-appended. Some applications, such as
the Netscape web server, rely upon the string being
NULL-appended, so if you are having trouble using DBM files
interchangeably between applications this may be a part of the
Apache. This program can be used to create and update DBM
format password files for use with this module.</
p>
See also <
a href="core.html#authname">AuthName</
a>, <
a href="core.html#authtype">AuthType</
a> and <
a href="#authdbmgroupfile">AuthDBMGroupFile</
a>.
name="authdbmtype">AuthDBMType</
a></
h2>
<!--%plaintext <?INDEX {\tt AuthDBMType} directive> --> rel="Help"><
strong>Syntax:</
strong></
a> AuthDBMType
<
em>type of DBM being used</
em><
br />
rel="Help"><
strong>Default:</
strong></
a>
<
code>AuthDBMType default</
code>(which sets it to the default DBM compiled in)<
br />
rel="Help"><
strong>Context:</
strong></
a> directory,
rel="Help"><
strong>Override:</
strong></
a> AuthConfig<
br />
rel="Help"><
strong>Status:</
strong></
a> Extension<
br />
rel="Help"><
strong>Module:</
strong></
a> mod_auth_dbm
<
p>Setting this directive allows the user to change the type of DBM file which holds the user data. Current valid values are (SDBM | GDBM | DB) these may not all be available on your system</
p>
<
h2><
a id="authdbmauthoritative" name="authdbmauthoritative">AuthDBMAuthoritative</
a></
h2>
<!--%plaintext <?INDEX {\tt AuthDBMAuthoritative} directive> --> rel="Help"><
strong>Syntax:</
strong></
a> AuthDBMAuthoritative
rel="Help"><
strong>Default:</
strong></
a>
<
code>AuthDBMAuthoritative on</
code><
br />
rel="Help"><
strong>Context:</
strong></
a> directory,
rel="Help"><
strong>Override:</
strong></
a> AuthConfig<
br />
rel="Help"><
strong>Status:</
strong></
a> Extension<
br />
rel="Help"><
strong>Module:</
strong></
a> mod_auth_dbm
<
p>Setting the AuthDBMAuthoritative directive explicitly to
<
strong>'off'</
strong> allows for both authentication and
authorization to be passed on to lower level modules (as
defined in the <
code>Configuration</
code> and
<
code>
modules.c</
code> file if there is <
strong>no
userID</
strong> or <
strong>rule</
strong> matching the supplied
userID. If there is a userID
and/
or rule specified; the usual
password and access checks will be applied and a failure will
give an Authorization Required reply.</
p>
<
p>So if a userID appears in the database of more than one
module; or if a valid <
code>Require</
code> directive applies to
more than one module; then the first module will verify the
credentials; and no access is passed on; regardless of the
AuthAuthoritative setting.</
p>
<
p>A common use for this is in conjunction with one of the
basic auth modules; such as <
a DBM module supplies the bulk of the user credential checking; a
few (administrator) related accesses fall through to a lower
level with a well protected .htpasswd file.</
p>
<
p>By default, control is not passed on and an unknown userID
or rule will result in an Authorization Required reply. Not
setting it thus keeps the system secure and forces an NCSA
<
p>Security: Do consider the implications of allowing a user to
allow fall-through in his .htaccess file; and verify that this
is really what you want; Generally it is easier to just secure
a single .htpasswd file, than it is to secure a database which
might have more access interfaces.</
p>
<
p>See also <
a href="core.html#authname">AuthName</
a>, <
a href="core.html#authtype">AuthType</
a> and <
a href="#authdbmgroupfile">AuthDBMGroupFile</
a>.</
p>