mod_authn_core.xml revision eb5dc86f8a44b4571adfb11b831dd09a2721f159
c3fcea07965f59723831e23da647a77518285b8eslive<!DOCTYPE modulesynopsis SYSTEM "/style/modulesynopsis.dtd">
e942c741056732f50da2074b36fe59805d370650slive<?xml-stylesheet type="text/xsl" href="/style/manual.en.xsl"?>
5f5d1b4cc970b7f06ff8ef6526128e9a27303d88nd<!-- $LastChangedRevision$ -->
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding Copyright 2002-2005 The Apache Software Foundation or its licensors, as
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding applicable.
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding Licensed under the Apache License, Version 2.0 (the "License");
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding you may not use this file except in compliance with the License.
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding You may obtain a copy of the License at
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd Unless required by applicable law or agreed to in writing, software
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd distributed under the License is distributed on an "AS IS" BASIS,
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd See the License for the specific language governing permissions and
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd limitations under the License.
6c822625991844de5475569ff656a69965aa6affrbowen<compatibility>Available in Apache 2.3 and later</compatibility>
6c822625991844de5475569ff656a69965aa6affrbowen <p>This module provides core authentication capabilities to
6c822625991844de5475569ff656a69965aa6affrbowen allow or deny access to portions of the web site.
6c822625991844de5475569ff656a69965aa6affrbowen <module>mod_authn_core</module> provides directives that are
6c822625991844de5475569ff656a69965aa6affrbowen common to all authentication providers.</p>
6c822625991844de5475569ff656a69965aa6affrbowen<section id="authnalias"><title>Creating Provider Aliases</title>
10542e490a1b0abf5c02e022f29ea2074ca4d435nd <p>Extended authentication providers can be created
10542e490a1b0abf5c02e022f29ea2074ca4d435nd within the configuration file and assigned an alias name. The alias
10542e490a1b0abf5c02e022f29ea2074ca4d435nd providers can then be referenced through the directives
10542e490a1b0abf5c02e022f29ea2074ca4d435nd <directive module="mod_auth_basic">AuthBasicProvider</directive> or
10542e490a1b0abf5c02e022f29ea2074ca4d435nd <directive module="mod_auth_digest">AuthDigestProvider</directive> in
10542e490a1b0abf5c02e022f29ea2074ca4d435nd the same way as a base authentication provider. Besides the ability
c3fcea07965f59723831e23da647a77518285b8eslive to create and alias an extended provider, it also allows the same
c3fcea07965f59723831e23da647a77518285b8eslive extended authentication provider to be reference by multiple
6c822625991844de5475569ff656a69965aa6affrbowen locations.</p>
10542e490a1b0abf5c02e022f29ea2074ca4d435nd <p>The example below creates two different ldap authentication
10542e490a1b0abf5c02e022f29ea2074ca4d435nd provider aliases based on the ldap provider. This allows
10542e490a1b0abf5c02e022f29ea2074ca4d435nd a single authenticated location can be serviced by multiple
70d5ff773604d8c7625050947c3a9a764b31dd58pepper ldap hosts:</p>
b20a53da22140b5a3d221a19a12142f89f1b606drjung LoadModule authn_alias_module modules/mod_authn_alias.so<br /><br />
b20a53da22140b5a3d221a19a12142f89f1b606drjung <AuthnProviderAlias ldap ldap-alias1><br />
6c822625991844de5475569ff656a69965aa6affrbowen AuthLDAPBindDN cn=youruser,o=ctx<br />
10542e490a1b0abf5c02e022f29ea2074ca4d435nd AuthLDAPBindPassword yourpassword<br />
3209c0009829fcf63b6213fb9c43d534f7906006slive <AuthnProviderAlias ldap ldap-other-alias><br />
10542e490a1b0abf5c02e022f29ea2074ca4d435nd AuthLDAPBindDN cn=yourotheruser,o=dev<br />
6c822625991844de5475569ff656a69965aa6affrbowen AuthLDAPBindPassword yourotherpassword<br />
2a781ea98a32c069ae57a89566ee9628e19a2ec2minfrin Order deny,allow<br />
2a781ea98a32c069ae57a89566ee9628e19a2ec2minfrin AuthBasicProvider ldap-other-alias ldap-alias1<br /><br />
dabce7765eb66e8c7929981526dd0b2f9efeb5cdrbowen AuthType Basic<br />
6c822625991844de5475569ff656a69965aa6affrbowen AuthName LDAP_Protected_Place<br />
c244470ffb627d4fd092f8bdcc7c1b8e6b7dc70cslive require valid-user<br />
6c822625991844de5475569ff656a69965aa6affrbowen </Directory><br />
a96ba81cada826f2a9ab1e24218a77bfadfc31d8sf<directivesynopsis>
c244470ffb627d4fd092f8bdcc7c1b8e6b7dc70cslive<description>Authorization realm for use in HTTP
10542e490a1b0abf5c02e022f29ea2074ca4d435ndauthentication</description>
1ad1c5f9a82d056966dcca9c6108c5ace8eed446rbowen<contextlist><context>directory</context><context>.htaccess</context>
10542e490a1b0abf5c02e022f29ea2074ca4d435nd</contextlist>
dabce7765eb66e8c7929981526dd0b2f9efeb5cdrbowen <p>This directive sets the name of the authorization realm for a
6c822625991844de5475569ff656a69965aa6affrbowen directory. This realm is given to the client so that the user
c244470ffb627d4fd092f8bdcc7c1b8e6b7dc70cslive knows which username and password to send.
05a9ee8994d646c0067b6ea6ec64551e1e0c56abrbowen <directive>AuthName</directive> takes a single argument; if the
05a9ee8994d646c0067b6ea6ec64551e1e0c56abrbowen realm name contains spaces, it must be enclosed in quotation
8f6d5eed33235ccf1729516b788072f36c72a8d4rbowen marks. It must be accompanied by <directive
8f6d5eed33235ccf1729516b788072f36c72a8d4rbowen module="mod_authn_core">AuthType</directive> and <directive
8f6d5eed33235ccf1729516b788072f36c72a8d4rbowen module="mod_authz_core">Require</directive> directives, and directives such
8f6d5eed33235ccf1729516b788072f36c72a8d4rbowen as <directive module="mod_authn_file">AuthUserFile</directive> and
8f6d5eed33235ccf1729516b788072f36c72a8d4rbowen <directive module="mod_authz_groupfile">AuthGroupFile</directive> to
1ad1c5f9a82d056966dcca9c6108c5ace8eed446rbowen AuthName "Top Secret"
9fdf9f0bd3efa24a253b1343e466ebee869aa7eecovener <p>The string provided for the <code>AuthName</code> is what will
9fdf9f0bd3efa24a253b1343e466ebee869aa7eecovener appear in the password dialog provided by most browsers.</p>
9fdf9f0bd3efa24a253b1343e466ebee869aa7eecovener href="/howto/auth.html">Authentication, Authorization, and
6c822625991844de5475569ff656a69965aa6affrbowen</directivesynopsis>
0e5f5a150c8835371cb625de3272f0f1adf9d036jim<directivesynopsis>
0e5f5a150c8835371cb625de3272f0f1adf9d036jim<contextlist><context>directory</context><context>.htaccess</context>
5c05c1f29be5bc37b22794737ee63a5f567053b5jim</contextlist>
77b840c850ef60fd6a119f3a7e907412d78b77d5nd <p>This directive selects the type of user authentication for a
77b840c850ef60fd6a119f3a7e907412d78b77d5nd directory. The authentication types available are
c9de69e69ff779c5502bbed6b092f9ed7e9665bbrbowen <p>To implement authentication, you must also use the <directive
e302f38fd646764ce1a1e1c578d794aef514a9e5sf module="mod_authn_core">AuthName</directive> and <directive
c244470ffb627d4fd092f8bdcc7c1b8e6b7dc70cslive module="mod_authz_core">Require</directive> directives. In addition, the
dabce7765eb66e8c7929981526dd0b2f9efeb5cdrbowen server must have an authentication-provider module such as
6c822625991844de5475569ff656a69965aa6affrbowen <module>mod_authn_file</module> and an authorization module such
6c822625991844de5475569ff656a69965aa6affrbowen<seealso><a href="/howto/auth.html">Authentication, Authorization,
1ad1c5f9a82d056966dcca9c6108c5ace8eed446rbowen</directivesynopsis>
dabce7765eb66e8c7929981526dd0b2f9efeb5cdrbowen<description>Enclose a group of directives that represent an
6c822625991844de5475569ff656a69965aa6affrbowenextension of a base authentication provider and referenced by
06446302a0a3e40cd8807bb25467c8f776cf2fbatrawickthe specified alias</description>
c9de69e69ff779c5502bbed6b092f9ed7e9665bbrbowen<syntax><AuthnProviderAlias <var>baseProvider Alias</var>>
c9de69e69ff779c5502bbed6b092f9ed7e9665bbrbowen... </AuthnProviderAlias></syntax>
06446302a0a3e40cd8807bb25467c8f776cf2fbatrawick<contextlist><context>server config</context><context>virtual host</context>
06446302a0a3e40cd8807bb25467c8f776cf2fbatrawick</contextlist>
10542e490a1b0abf5c02e022f29ea2074ca4d435nd <p><directive type="section">AuthnProviderAlias</directive> and
6c822625991844de5475569ff656a69965aa6affrbowen <code></AuthnProviderAlias></code> are used to enclose a group of
c244470ffb627d4fd092f8bdcc7c1b8e6b7dc70cslive authentication directives that can be referenced by the alias name
860b4efe27e7c1c9a2bf5c872b29c90f76849b51jim using one of the directives <directive module="mod_auth_basic">
6ecde05c829c9d0aa24b2b1c18b40c8739997571trawick AuthBasicProvider</directive> or <directive module="mod_auth_digest">
9176f5c945b7a6eafad180636752d28de5cbc494trawick</directivesynopsis>
10542e490a1b0abf5c02e022f29ea2074ca4d435nd</modulesynopsis>