mod_auth_dbm.html revision ac6d1ce7ccb1950bb2145a5c2c3498235353bcb0
af062818b47340eef15700d2f0211576ba3506eevboxsync<html xmlns="http://www.w3.org/TR/xhtml1/strict"><head><!--
af062818b47340eef15700d2f0211576ba3506eevboxsyncXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
af062818b47340eef15700d2f0211576ba3506eevboxsync This file is generated from xml source: DO NOT EDIT
af062818b47340eef15700d2f0211576ba3506eevboxsyncXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
af062818b47340eef15700d2f0211576ba3506eevboxsync--><title>mod_auth_dbm - Apache HTTP Server</title><link href="/style/manual.css" type="text/css" rel="stylesheet"/></head><body><blockquote><div align="center"><img alt="[APACHE DOCUMENTATION]" src="/images/sub.gif"/><h3>Apache HTTP Server Version 2.0</h3></div><h1 align="center">Apache Module mod_auth_dbm</h1><table cellspacing="1" cellpadding="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td valign="top"><span class="help">Description:</span></td><td>Provides for user authentication using DBM
af062818b47340eef15700d2f0211576ba3506eevboxsync files</td></tr><tr><td><a href="module-dict.html#Status" class="help">Status:</a></td><td>Extension</td></tr><tr><td><a href="module-dict.html#ModuleIdentifier" class="help">Module Identifier:</a></td><td>auth_dbm_module</td></tr></table></td></tr></table><h2>Summary</h2>
af062818b47340eef15700d2f0211576ba3506eevboxsync <p>This module provides for HTTP Basic Authentication, where
af062818b47340eef15700d2f0211576ba3506eevboxsync the usernames and passwords are stored in DBM type database
af062818b47340eef15700d2f0211576ba3506eevboxsync files. It is an alternative to the plain text password files
af062818b47340eef15700d2f0211576ba3506eevboxsync provided by <code><a href="mod_auth.html">mod_auth</a></code>.</p>
af062818b47340eef15700d2f0211576ba3506eevboxsync<h2>Directives</h2><ul><li><a href="#authdbmauthoritative">AuthDBMAuthoritative</a></li><li><a href="#authdbmgroupfile">AuthDBMGroupFile</a></li><li><a href="#authdbmtype">AuthDBMType</a></li><li><a href="#authdbmuserfile">AuthDBMUserFile</a></li></ul><p><strong>See also </strong></p><ul><li><a href="core.html#authname" class="directive"><code class="directive">AuthName</code></a></li><li><a href="core.html#authtype" class="directive"><code class="directive">AuthType</code></a></li><li><a href="core.html#require" class="directive"><code class="directive">Require</code></a></li><li><a href="core.html#satisfy" class="directive"><code class="directive">Satisfy</code></a></li></ul><hr/><h2><a name="AuthDBMAuthoritative">AuthDBMAuthoritative</a> <a name="authdbmauthoritative">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td><strong>Description: </strong></td><td>Sets whether authentication and authorization will be
af062818b47340eef15700d2f0211576ba3506eevboxsyncpasswed on to lower level modules</td></tr><tr><td><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>AuthDBMAuthoritative on|off</td></tr><tr><td><a href="directive-dict.html#Default" class="help">Default:</a></td><td><code>AuthDBMAuthoritative on</code></td></tr><tr><td><a href="directive-dict.html#Context" class="help">Context:</a></td><td>directory, .htaccess</td></tr><tr><td><a href="directive-dict.html#Override" class="help">Override:</a></td><td>AuthConfig</td></tr><tr><td><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Extension</td></tr><tr><td><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_auth_dbm</td></tr></table></td></tr></table>
af062818b47340eef15700d2f0211576ba3506eevboxsync<blockquote><table><tr><td bgcolor="#e0e5f5">This information has not been updated to take into account the
af062818b47340eef15700d2f0211576ba3506eevboxsyncnew module ordering techniques in Apache 2.0</td></tr></table></blockquote>
af062818b47340eef15700d2f0211576ba3506eevboxsync <p>Setting the <code class="directive">AuthDBMAuthoritative</code>
af062818b47340eef15700d2f0211576ba3506eevboxsync directive explicitly to <strong>'off'</strong> allows for both
af062818b47340eef15700d2f0211576ba3506eevboxsync authentication and authorization to be passed on to lower level
af062818b47340eef15700d2f0211576ba3506eevboxsync modules (as defined in the <code>Configuration</code> and
af062818b47340eef15700d2f0211576ba3506eevboxsync <code>modules.c</code> file if there is <strong>no userID</strong>
af062818b47340eef15700d2f0211576ba3506eevboxsync or <strong>rule</strong> matching the supplied userID. If there is
af062818b47340eef15700d2f0211576ba3506eevboxsync a userID and/or rule specified; the usual password and access
b955672b950093ff7416d1269dd4d3b69983bd8fvboxsync checks will be applied and a failure will give an Authorization
b955672b950093ff7416d1269dd4d3b69983bd8fvboxsync Required reply.</p>
b955672b950093ff7416d1269dd4d3b69983bd8fvboxsync <p>So if a userID appears in the database of more than one module;
b955672b950093ff7416d1269dd4d3b69983bd8fvboxsync or if a valid <a href="core.html#require" class="directive"><code class="directive">Require</code></a>
b955672b950093ff7416d1269dd4d3b69983bd8fvboxsync directive applies to more than one module; then the first module
b955672b950093ff7416d1269dd4d3b69983bd8fvboxsync will verify the credentials; and no access is passed on;
b955672b950093ff7416d1269dd4d3b69983bd8fvboxsync regardless of the <code class="directive">AuthAuthoritative</code> setting.</p>
af062818b47340eef15700d2f0211576ba3506eevboxsync <p>A common use for this is in conjunction with one of the
af062818b47340eef15700d2f0211576ba3506eevboxsync basic auth modules; such as <code><a href="mod_auth.html">mod_auth</a></code>. Whereas this
af062818b47340eef15700d2f0211576ba3506eevboxsync DBM module supplies the bulk of the user credential checking; a
af062818b47340eef15700d2f0211576ba3506eevboxsync few (administrator) related accesses fall through to a lower
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync level with a well protected .htpasswd file.</p>
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync <p>By default, control is not passed on and an unknown userID
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync or rule will result in an Authorization Required reply. Not
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync setting it thus keeps the system secure and forces an NCSA
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync compliant behaviour.</p>
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync <p>Security: Do consider the implications of allowing a user to
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync allow fall-through in his .htaccess file; and verify that this
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync is really what you want; Generally it is easier to just secure
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync a single .htpasswd file, than it is to secure a database which
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync might have more access interfaces.</p>
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync<hr/><h2><a name="AuthDBMGroupFile">AuthDBMGroupFile</a> <a name="authdbmgroupfile">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td><strong>Description: </strong></td><td>Sets the name of the database file containing the list
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsyncof user groups for authentication</td></tr><tr><td><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>AuthDBMGroupFile <em>file-path</em></td></tr><tr><td><a href="directive-dict.html#Context" class="help">Context:</a></td><td>directory, .htaccess</td></tr><tr><td><a href="directive-dict.html#Override" class="help">Override:</a></td><td>AuthConfig</td></tr><tr><td><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Extension</td></tr><tr><td><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_auth_dbm</td></tr></table></td></tr></table>
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync <p>The <code class="directive">AuthDBMGroupFile</code> directive sets the
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync name of a DBM file containing the list of user groups for user
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync authentication. <em>File-path</em> is the absolute path to the
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync group file.</p>
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync <p>The group file is keyed on the username. The value for a
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync user is a comma-separated list of the groups to which the users
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync belongs. There must be no whitespace within the value, and it
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync must never contain any colons.</p>
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync <p>Security: make sure that the
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync <code class="directive">AuthDBMGroupFile</code> is stored outside the
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync document tree of the web-server; do <em>not</em> put it in the
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync directory that it protects. Otherwise, clients will be able to
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync download the <code class="directive">AuthDBMGroupFile</code> unless
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync otherwise protected.</p>
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync <p>Combining Group and Password DBM files: In some cases it is
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync easier to manage a single database which contains both the
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync password and group details for each user. This simplifies any
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync support programs that need to be written: they now only have to
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync deal with writing to and locking a single DBM file. This can be
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync accomplished by first setting the group and password files to
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync point to the same DBM:</p>
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync<blockquote><table cellpadding="10"><tr><td bgcolor="#eeeeee"><code>
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync <p>The key for the single DBM is the username. The value consists
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync<blockquote><table cellpadding="10"><tr><td bgcolor="#eeeeee"><code>Unix Crypt-ed Password : List of Groups [ : (ignored)
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync <p>The password section contains the Unix <code>crypt()</code>
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync password as before. This is followed by a colon and the comma
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync separated list of groups. Other data may optionally be left in the
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync DBM file after another colon; it is ignored by the authentication
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync module. This is what www.telescope.org uses for its combined
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync password and group database.</p>
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync<hr/><h2><a name="AuthDBMType">AuthDBMType</a> <a name="authdbmtype">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td><strong>Description: </strong></td><td>Sets the type of database file that is used to
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsyncstore passwords</td></tr><tr><td><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>AuthDBMType default|SDBM|GDBM|DB</td></tr><tr><td><a href="directive-dict.html#Default" class="help">Default:</a></td><td><code>AuthDBMType default</code></td></tr><tr><td><a href="directive-dict.html#Context" class="help">Context:</a></td><td>directory, .htaccess</td></tr><tr><td><a href="directive-dict.html#Override" class="help">Override:</a></td><td>AuthConfig</td></tr><tr><td><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Extension</td></tr><tr><td><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_auth_dbm</td></tr><tr><td align="left" valign="top"><a href="directive-dict.html#Compatibility" class="help">Compatibility:</a></td><td>Available in version 2.0.30 and later.</td></tr></table></td></tr></table>
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync<p>Sets the type of database file that is used to store the passwords.
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsyncThe default database type is determined at compile time. The
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsyncavailability of other types of database files also depends on
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsynccompile-time settings.</p>
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync<p>It is crucial that whatever program you use to create your password
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsyncfiles is configured to use the same type of database.</p>
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync<hr/><h2><a name="AuthDBMUserFile">AuthDBMUserFile</a> <a name="authdbmuserfile">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td><strong>Description: </strong></td><td>Sets thename of a database file containing the list of users and
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsyncpasswords for authentication</td></tr><tr><td><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>AuthDBMUserFile <em>file-path</em></td></tr><tr><td><a href="directive-dict.html#Context" class="help">Context:</a></td><td>directory, .htaccess</td></tr><tr><td><a href="directive-dict.html#Override" class="help">Override:</a></td><td>AuthConfig</td></tr><tr><td><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Extension</td></tr><tr><td><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_auth_dbm</td></tr></table></td></tr></table>
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync <p>The <code class="directive">AuthDBMUserFile</code> directive sets the
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync name of a DBM file containing the list of users and passwords for
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync user authentication. <em>File-path</em> is the absolute path to
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync the user file.</p>
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync <p>The user file is keyed on the username. The value for a user is
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync the <code>crypt()</code> encrypted password, optionally followed
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync by a colon and arbitrary data. The colon and the data following it
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync will be ignored by the server.</p>
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync <p>Security: make sure that the
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync <code class="directive">AuthDBMUserFile</code> is stored outside the
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync document tree of the web-server; do <em>not</em> put it in the
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync directory that it protects. Otherwise, clients will be able to
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync download the <code class="directive">AuthDBMUserFile</code>.</p>
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync <p>Important compatibility note: The implementation of
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync "dbmopen" in the apache modules reads the string length of the
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync hashed values from the DBM data structures, rather than relying
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync upon the string being NULL-appended. Some applications, such as
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync the Netscape web server, rely upon the string being
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync NULL-appended, so if you are having trouble using DBM files
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync interchangeably between applications this may be a part of the
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync problem.</p>
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync <p>A perl script called
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync <a href="/programs/dbmmanage.html">dbmmanage</a> is included with
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync Apache. This program can be used to create and update DBM
554f00fe75489f3f3ce7fbb6d126ce1d2c5c922cvboxsync format password files for use with this module.</p>
