f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<!DOCTYPE modulesynopsis SYSTEM "/style/modulesynopsis.dtd">
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<?xml-stylesheet type="text/xsl" href="/style/manual.en.xsl"?>
5f5d1b4cc970b7f06ff8ef6526128e9a27303d88nd<!-- $LastChangedRevision$ -->
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding Licensed to the Apache Software Foundation (ASF) under one or more
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding contributor license agreements. See the NOTICE file distributed with
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding this work for additional information regarding copyright ownership.
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding The ASF licenses this file to You under the Apache License, Version 2.0
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding (the "License"); you may not use this file except in compliance with
db479b48bd4d75423ed4a45e15b75089d1a8ad72fielding the License. You may obtain a copy of the License at
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd Unless required by applicable law or agreed to in writing, software
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd distributed under the License is distributed on an "AS IS" BASIS,
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd See the License for the specific language governing permissions and
d5d794fc2f4cc9ca6d6da17cfa2cdcd8d244bacdnd limitations under the License.
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<description>Group authorization using DBM files</description>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz <p>This module provides authorization capabilities so that
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz authenticated users can be allowed or denied access to portions
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz of the web site by group membership. Similar functionality is
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz provided by <module>mod_authz_groupfile</module>.</p>
9cd3b05d7b70f07a742bbaf548fa4fa2bdbe5ce6noodl<seealso><directive module="mod_authz_core">Require</directive></seealso>
98e7b885c8e4503fabc1c17889c8fbc73a41c8b6minfrin<section id="requiredirectives"><title>The Require Directives</title>
98e7b885c8e4503fabc1c17889c8fbc73a41c8b6minfrin <p>Apache's <directive module="mod_authz_core">Require</directive>
98e7b885c8e4503fabc1c17889c8fbc73a41c8b6minfrin directives are used during the authorization phase to ensure that
98e7b885c8e4503fabc1c17889c8fbc73a41c8b6minfrin a user is allowed to access a resource. mod_authz_dbm extends the
98e7b885c8e4503fabc1c17889c8fbc73a41c8b6minfrin authorization types with <code>dbm-group</code>.</p>
9a2b3982c53d51e2d2df29b6f94cc25e2ed134bcjailletc <p>Since v2.4.8, <a href="/expr.html">expressions</a> are supported
98e7b885c8e4503fabc1c17889c8fbc73a41c8b6minfrin within the DBM require directives.</p>
98e7b885c8e4503fabc1c17889c8fbc73a41c8b6minfrin<section id="reqgroup"><title>Require dbm-group</title>
98e7b885c8e4503fabc1c17889c8fbc73a41c8b6minfrin <p>This directive specifies group membership that is required for the
98e7b885c8e4503fabc1c17889c8fbc73a41c8b6minfrin user to gain access.</p>
98e7b885c8e4503fabc1c17889c8fbc73a41c8b6minfrin Require dbm-group admin
98e7b885c8e4503fabc1c17889c8fbc73a41c8b6minfrin </highlight>
98e7b885c8e4503fabc1c17889c8fbc73a41c8b6minfrin<section id="reqfilegroup"><title>Require dbm-file-group</title>
98e7b885c8e4503fabc1c17889c8fbc73a41c8b6minfrin <p>When this directive is specified, the user must be a member of the group
98e7b885c8e4503fabc1c17889c8fbc73a41c8b6minfrin assigned to the file being accessed.</p>
98e7b885c8e4503fabc1c17889c8fbc73a41c8b6minfrin Require dbm-file-group
98e7b885c8e4503fabc1c17889c8fbc73a41c8b6minfrin </highlight>
3658293f56f1683ca41e3bc5b70d98b203d8004bcoar<p><em>Note that using mod_authz_dbm requires you to require <code>dbm-group</code>
3658293f56f1683ca41e3bc5b70d98b203d8004bcoar AuthType Basic
9eea6c061eadd7497a51f72292c8890f910672fdhumbedooh AuthName "Secure Area"
3658293f56f1683ca41e3bc5b70d98b203d8004bcoar AuthBasicProvider dbm
3658293f56f1683ca41e3bc5b70d98b203d8004bcoar Require dbm-group admin
9eea6c061eadd7497a51f72292c8890f910672fdhumbedooh</Directory>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<directivesynopsis>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<description>Sets the name of the database file containing the list
43d99bfb458baee0a702c56a4ef4200e75c4dbb8yoshikiof user groups for authorization</description>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<contextlist><context>directory</context><context>.htaccess</context>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz</contextlist>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz <p>The <directive>AuthDBMGroupFile</directive> directive sets the
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz name of a DBM file containing the list of user groups for user
43d99bfb458baee0a702c56a4ef4200e75c4dbb8yoshiki authorization. <var>File-path</var> is the absolute path to the
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz group file.</p>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz <p>The group file is keyed on the username. The value for a
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz user is a comma-separated list of the groups to which the users
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz belongs. There must be no whitespace within the value, and it
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz must never contain any colons.</p>
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd <p>Make sure that the <directive>AuthDBMGroupFile</directive> is
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd stored outside the document tree of the web-server. Do
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd <strong>not</strong> put it in the directory that it protects.
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd Otherwise, clients will be able to download the
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd protected.</p>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz <p>Combining Group and Password DBM files: In some cases it is
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz easier to manage a single database which contains both the
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz password and group details for each user. This simplifies any
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz support programs that need to be written: they now only have to
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz deal with writing to and locking a single DBM file. This can be
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz accomplished by first setting the group and password files to
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz point to the same DBM:</p>
6f10385908fbdfd4849e4bc50e690ee54c62f2cdhumbedooh </highlight>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz <p>The key for the single DBM is the username. The value consists
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd Encrypted Password : List of Groups [ : (ignored) ]
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd </example>
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd <p>The password section contains the encrypted
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz password as before. This is followed by a colon and the comma
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz separated list of groups. Other data may optionally be left in the
ab006d00972fa9529a7a41b8869056e9b08c75aayoshiki DBM file after another colon; it is ignored by the authorization
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz module. This is what www.telescope.org uses for its combined
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz password and group database.</p>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz</directivesynopsis>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<directivesynopsis>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<description>Sets the type of database file that is used to
d423a2cc6aa6f80d8783f1211a86c4140dc86ca0yoshikistore list of user groups</description>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<syntax>AuthzDBMType default|SDBM|GDBM|NDBM|DB</syntax>
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd<contextlist><context>directory</context><context>.htaccess</context>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz</contextlist>
d423a2cc6aa6f80d8783f1211a86c4140dc86ca0yoshiki <p>Sets the type of database file that is used to store the list
d423a2cc6aa6f80d8783f1211a86c4140dc86ca0yoshiki of user groups.
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd The default database type is determined at compile time. The
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd availability of other types of database files also depends on
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd <a href="/install.html#dbm">compile-time settings</a>.</p>
d423a2cc6aa6f80d8783f1211a86c4140dc86ca0yoshiki <p>It is crucial that whatever program you use to create your group
35ffb30f57f777dbf3f17c5a5ddf706559942c16nd files is configured to use the same type of database.</p>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz</directivesynopsis>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz</modulesynopsis>