mod_authn_core.xml revision 8fd572cca68670bef3948b603518523d2d9ab01a
03831d35f7499c87d51205817c93e9a8d42c4baestevel<!DOCTYPE modulesynopsis SYSTEM "/style/modulesynopsis.dtd">
03831d35f7499c87d51205817c93e9a8d42c4baestevel<?xml-stylesheet type="text/xsl" href="/style/manual.en.xsl"?>
03831d35f7499c87d51205817c93e9a8d42c4baestevel<!-- $LastChangedRevision$ -->
03831d35f7499c87d51205817c93e9a8d42c4baestevel Licensed to the Apache Software Foundation (ASF) under one or more
03831d35f7499c87d51205817c93e9a8d42c4baestevel contributor license agreements. See the NOTICE file distributed with
03831d35f7499c87d51205817c93e9a8d42c4baestevel this work for additional information regarding copyright ownership.
03831d35f7499c87d51205817c93e9a8d42c4baestevel The ASF licenses this file to You under the Apache License, Version 2.0
03831d35f7499c87d51205817c93e9a8d42c4baestevel (the "License"); you may not use this file except in compliance with
03831d35f7499c87d51205817c93e9a8d42c4baestevel the License. You may obtain a copy of the License at
03831d35f7499c87d51205817c93e9a8d42c4baestevel Unless required by applicable law or agreed to in writing, software
03831d35f7499c87d51205817c93e9a8d42c4baestevel distributed under the License is distributed on an "AS IS" BASIS,
03831d35f7499c87d51205817c93e9a8d42c4baestevel WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
03831d35f7499c87d51205817c93e9a8d42c4baestevel See the License for the specific language governing permissions and
03831d35f7499c87d51205817c93e9a8d42c4baestevel limitations under the License.
07d06da50d310a325b457d6330165aebab1e0064Surya Prakki<modulesynopsis metafile="mod_authn_core.xml.meta">
03831d35f7499c87d51205817c93e9a8d42c4baestevel<compatibility>Available in Apache 2.3 and later</compatibility>
03831d35f7499c87d51205817c93e9a8d42c4baestevel <p>This module provides core authentication capabilities to
03831d35f7499c87d51205817c93e9a8d42c4baestevel allow or deny access to portions of the web site.
03831d35f7499c87d51205817c93e9a8d42c4baestevel <module>mod_authn_core</module> provides directives that are
03831d35f7499c87d51205817c93e9a8d42c4baestevel common to all authentication providers.</p>
03831d35f7499c87d51205817c93e9a8d42c4baestevel<section id="authnalias"><title>Creating Authentication Provider Aliases</title>
03831d35f7499c87d51205817c93e9a8d42c4baestevel <p>Extended authentication providers can be created
03831d35f7499c87d51205817c93e9a8d42c4baestevel within the configuration file and assigned an alias name. The alias
03831d35f7499c87d51205817c93e9a8d42c4baestevel providers can then be referenced through the directives
03831d35f7499c87d51205817c93e9a8d42c4baestevel <directive module="mod_auth_basic">AuthBasicProvider</directive> or
03831d35f7499c87d51205817c93e9a8d42c4baestevel <directive module="mod_auth_digest">AuthDigestProvider</directive> in
03831d35f7499c87d51205817c93e9a8d42c4baestevel the same way as a base authentication provider. Besides the ability
03831d35f7499c87d51205817c93e9a8d42c4baestevel to create and alias an extended provider, it also allows the same
03831d35f7499c87d51205817c93e9a8d42c4baestevel extended authentication provider to be reference by multiple
03831d35f7499c87d51205817c93e9a8d42c4baestevel locations.</p>
03831d35f7499c87d51205817c93e9a8d42c4baestevel <p>The example below creates two different ldap authentication
03831d35f7499c87d51205817c93e9a8d42c4baestevel provider aliases based on the ldap provider. This allows
03831d35f7499c87d51205817c93e9a8d42c4baestevel a single authenticated location to be serviced by multiple ldap
03831d35f7499c87d51205817c93e9a8d42c4baestevel <AuthnProviderAlias ldap ldap-alias1><br />
03831d35f7499c87d51205817c93e9a8d42c4baestevel AuthLDAPBindDN cn=youruser,o=ctx<br />
03831d35f7499c87d51205817c93e9a8d42c4baestevel AuthLDAPBindPassword yourpassword<br />
03831d35f7499c87d51205817c93e9a8d42c4baestevel <AuthnProviderAlias ldap ldap-other-alias><br />
03831d35f7499c87d51205817c93e9a8d42c4baestevel AuthLDAPBindDN cn=yourotheruser,o=dev<br />
03831d35f7499c87d51205817c93e9a8d42c4baestevel AuthLDAPBindPassword yourotherpassword<br />
03831d35f7499c87d51205817c93e9a8d42c4baestevel Order deny,allow<br />
03831d35f7499c87d51205817c93e9a8d42c4baestevel AuthBasicProvider ldap-other-alias ldap-alias1<br /><br />
03831d35f7499c87d51205817c93e9a8d42c4baestevel AuthType Basic<br />
03831d35f7499c87d51205817c93e9a8d42c4baestevel AuthName LDAP_Protected_Place<br />
03831d35f7499c87d51205817c93e9a8d42c4baestevel require valid-user<br />
03831d35f7499c87d51205817c93e9a8d42c4baestevel </Directory><br />
03831d35f7499c87d51205817c93e9a8d42c4baestevel<directivesynopsis>
03831d35f7499c87d51205817c93e9a8d42c4baestevel<description>Authorization realm for use in HTTP
03831d35f7499c87d51205817c93e9a8d42c4baestevelauthentication</description>
03831d35f7499c87d51205817c93e9a8d42c4baestevel<contextlist><context>directory</context><context>.htaccess</context>
03831d35f7499c87d51205817c93e9a8d42c4baestevel</contextlist>
03831d35f7499c87d51205817c93e9a8d42c4baestevel <p>This directive sets the name of the authorization realm for a
03831d35f7499c87d51205817c93e9a8d42c4baestevel directory. This realm is given to the client so that the user
03831d35f7499c87d51205817c93e9a8d42c4baestevel knows which username and password to send.
03831d35f7499c87d51205817c93e9a8d42c4baestevel <directive>AuthName</directive> takes a single argument; if the
03831d35f7499c87d51205817c93e9a8d42c4baestevel realm name contains spaces, it must be enclosed in quotation
03831d35f7499c87d51205817c93e9a8d42c4baestevel marks. It must be accompanied by <directive
03831d35f7499c87d51205817c93e9a8d42c4baestevel module="mod_authn_core">AuthType</directive> and <directive
03831d35f7499c87d51205817c93e9a8d42c4baestevel module="mod_authz_core">Require</directive> directives, and directives such
03831d35f7499c87d51205817c93e9a8d42c4baestevel as <directive module="mod_authn_file">AuthUserFile</directive> and
03831d35f7499c87d51205817c93e9a8d42c4baestevel <directive module="mod_authz_groupfile">AuthGroupFile</directive> to
03831d35f7499c87d51205817c93e9a8d42c4baestevel AuthName "Top Secret"
03831d35f7499c87d51205817c93e9a8d42c4baestevel <p>The string provided for the <code>AuthName</code> is what will
03831d35f7499c87d51205817c93e9a8d42c4baestevel appear in the password dialog provided by most browsers.</p>
03831d35f7499c87d51205817c93e9a8d42c4baestevel href="/howto/auth.html">Authentication, Authorization, and
03831d35f7499c87d51205817c93e9a8d42c4baestevel</directivesynopsis>
03831d35f7499c87d51205817c93e9a8d42c4baestevel<directivesynopsis>
03831d35f7499c87d51205817c93e9a8d42c4baestevel<description>Type of user authentication</description>
03831d35f7499c87d51205817c93e9a8d42c4baestevel<contextlist><context>directory</context><context>.htaccess</context>
03831d35f7499c87d51205817c93e9a8d42c4baestevel</contextlist>
03831d35f7499c87d51205817c93e9a8d42c4baestevel <p>This directive selects the type of user authentication for a
03831d35f7499c87d51205817c93e9a8d42c4baestevel directory. The authentication types available are
03831d35f7499c87d51205817c93e9a8d42c4baestevel <module>mod_auth_basic</module>) and <code>Digest</code>
03831d35f7499c87d51205817c93e9a8d42c4baestevel (implemented by <module>mod_auth_digest</module>).</p>
03831d35f7499c87d51205817c93e9a8d42c4baestevel <p>To implement authentication, you must also use the <directive
03831d35f7499c87d51205817c93e9a8d42c4baestevel module="mod_authn_core">AuthName</directive> and <directive
03831d35f7499c87d51205817c93e9a8d42c4baestevel module="mod_authz_core">Require</directive> directives. In addition, the
03831d35f7499c87d51205817c93e9a8d42c4baestevel server must have an authentication-provider module such as
03831d35f7499c87d51205817c93e9a8d42c4baestevel <module>mod_authn_file</module> and an authorization module such
03831d35f7499c87d51205817c93e9a8d42c4baestevel<seealso><a href="/howto/auth.html">Authentication, Authorization,
03831d35f7499c87d51205817c93e9a8d42c4baestevel</directivesynopsis>
03831d35f7499c87d51205817c93e9a8d42c4baestevel<description>Enclose a group of directives that represent an
03831d35f7499c87d51205817c93e9a8d42c4baestevelextension of a base authentication provider and referenced by
03831d35f7499c87d51205817c93e9a8d42c4baestevelthe specified alias</description>
03831d35f7499c87d51205817c93e9a8d42c4baestevel<syntax><AuthnProviderAlias <var>baseProvider Alias</var>>
03831d35f7499c87d51205817c93e9a8d42c4baestevel... </AuthnProviderAlias></syntax>
03831d35f7499c87d51205817c93e9a8d42c4baestevel</contextlist>
03831d35f7499c87d51205817c93e9a8d42c4baestevel <p><directive type="section">AuthnProviderAlias</directive> and
03831d35f7499c87d51205817c93e9a8d42c4baestevel <code></AuthnProviderAlias></code> are used to enclose a group of
03831d35f7499c87d51205817c93e9a8d42c4baestevel authentication directives that can be referenced by the alias name
03831d35f7499c87d51205817c93e9a8d42c4baestevel using one of the directives <directive module="mod_auth_basic">
03831d35f7499c87d51205817c93e9a8d42c4baestevel AuthBasicProvider</directive> or <directive module="mod_auth_digest">
03831d35f7499c87d51205817c93e9a8d42c4baestevel</directivesynopsis>
03831d35f7499c87d51205817c93e9a8d42c4baestevel</modulesynopsis>