<?xml version="1.0"?>

<!DOCTYPE modulesynopsis SYSTEM "/style/modulesynopsis.dtd">

<?xml-stylesheet type="text/xsl" href="/style/manual.en.xsl"?>

<modulesynopsis>

<name>mod_authz_user</name>

<description>User Authorization</description>

<status>Base</status>

<sourcefile>mod_authz_user.c</sourcefile>

<identifier>authz_user_module</identifier>

<compatibility>Available in Apache 2.1 and later</compatibility>

<summary>

<p>This module provides authorization capabilities so that

authenticated users can be allowed or denied access to portions

of the web site. <module>mod_authz_user</module> grants

access if the authenticated user is listed in a <code>Require user</code>

directive. Alternatively <code>require valid-user</code> can be used to

grant access to all successfully authenticated users.</p>

</summary>

<seealso><directive module="core">Require</directive></seealso>

<seealso><directive module="core">Satisfy</directive></seealso>

<directivesynopsis>

<name>AuthzUserAuthoritative</name>

<description>Sets whether authorization will be passed on to lower level

modules</description>

<syntax>AuthzUserAuthoritative On|Off</syntax>

<default>AuthzUserAuthoritative On</default>

<contextlist><context>directory</context><context>.htaccess</context>

</contextlist>

<override>AuthConfig</override>

<usage>

<p>Setting the <directive>AuthzUserAuthoritative</directive>

directive explicitly to <code>Off</code> allows for

user authorization to be passed on to lower level modules (as defined

in the <code>modules.c</code> files) if there is <strong>no

user</strong> matching the supplied userID.</p>

<p>By default, control is not passed on and an unknown user

will result in an Authentication Required reply. Not

setting it to <code>Off</code> thus keeps the system secure and forces

an NCSA compliant behaviour.</p>

</usage>

</directivesynopsis>

</modulesynopsis>