obs_mod_auth_anon.xml revision 12e26d5f739d29958c17ec5272e80b8cc7b695a8
<?xml version="1.0"?>
<modulesynopsis>
<name>mod_auth_anon</name>
<description>Allows "anonymous" user access to authenticated
areas</description>
<status>Obsolete</status>
<hint>replaced by <module>mod_authn_anon</module> since 2.0.44</hint>
<identifier>auth_anon_module</identifier>
<compatibility>Available only in versions up to 2.0.43</compatibility>
<summary>
<note type="warning"><title>This module is obsolete!</title>
<p>Note, that this module has been marked as obsolete. A bunch
of modules was introduced in Apache version 2.0.44 that
<p>In order to get the same functionality, you have to invoke the
<module>mod_authn_anon</module> module now.</p>
<!-- XXX: I think `AuthBasicProvider anon' comes soon, doesn't it? -->
<!--
<p>In order to get the same functionality, you have
to use the <module>mod_auth_basic</module> module that implements
the HTTP part. <module>mod_authn_anon</module> provides for
anonymous user authentication.</p>
-->
<p>This document is kept only for historical reasons and no
longer maintained.</p>
</note>
<p>This module does access control in a manner similar to
'anonymous' and the email address as a password. These email
addresses can be logged.</p>
<p>Combined with other (database) access control methods, this
allows for effective user tracking and customization according
to a user profile while still keeping the site open for
'unregistered' users. One advantage of using Auth-based user
tracking is that, unlike magic-cookies and funny URL
allows users to share URLs.</p>
</summary>
<section id="example"><title>Example</title>
<p>The example below (when combined with the Auth directives of a
htpasswd-file based (or GDM, mSQL etc.) base access
control system allows users in as 'guests' with the following
properties:</p>
<ul>
<li>It insists that the user enters a userId.
(<code>Anonymous_NoUserId</code>)</li>
<li>It insists that the user enters a password.
(<code>Anonymous_MustGiveEmail</code>)</li>
<li>The password entered must be a valid email address, ie.
contain at least one '@' and a '.'.
(<code>Anonymous_VerifyEmail</code>)</li>
<li>The userID must be one of <code>anonymous guest www test
welcome</code> and comparison is <strong>not</strong> case
sensitive.</li>
<li>And the Email addresses entered in the passwd field are
logged to the error log file
(<code>Anonymous_LogEmail</code>)</li>
</ul>
<example>
Anonymous_NoUserId off<br />
Anonymous_MustGiveEmail on<br />
Anonymous_VerifyEmail on<br />
Anonymous_LogEmail on<br />
Anonymous anonymous guest www test welcome<br />
<br />
AuthName "Use 'anonymous' & Email address for guest entry"<br />
AuthType basic<br />
<br />
# An
# directive must be specified, or use<br />
# Anonymous_Authoritative for public access.<br />
# In the .htaccess for the public directory, add:<br />
<Files *><br />
<indent>
Order Deny,Allow<br />
Allow from all<br />
<br />
Require valid-user<br />
</indent>
</Files>
</example>
</section>
<directivesynopsis>
<name>Anonymous</name>
<description>Specifies userIDs that areallowed access without
password verification</description>
<syntax>Anonymous <var>user</var> [<var>user</var>] ...</syntax>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<usage>
<p>A list of one or more 'magic' userIDs which are allowed
access without password verification. The userIDs are space
separated. It is possible to use the ' and " quotes to allow a
space in a userID as well as the \ escape character.</p>
<p>Please note that the comparison is
<strong>case-IN-sensitive</strong>.<br />
I strongly suggest that the magic username
'<code>anonymous</code>' is always one of the allowed
userIDs.</p>
<example><title>Example:</title>
Anonymous anonymous "Not Registered" 'I don\'t know'
</example>
<p>This would allow the user to enter without password
verification by using the userId's 'anonymous',
'AnonyMous','Not Registered' and 'I Don't Know'.</p>
</usage>
</directivesynopsis>
<directivesynopsis>
<name>Anonymous_Authoritative</name>
<description>Configures if authorization will fall-through
to other methods</description>
<syntax>Anonymous_Authoritative on|off</syntax>
<default>Anonymous_Authoritative off</default>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<usage>
<p>When set 'on', there is no fall-through to other authorization
methods. So if a userID does not match the values specified in the
<directive module="mod_auth_anon" status="obsolete">Anonymous</directive> directive,
access is denied.</p>
<p>Be sure you know what you are doing when you decide to
switch it on. And remember that it is the linking order of the
modules (in the Configuration / Make file) which details the
order in which the Authorization modules are queried.</p>
</usage>
</directivesynopsis>
<directivesynopsis>
<name>Anonymous_LogEmail</name>
<description>Sets whether the password entered will be logged in the
error log</description>
<syntax>Anonymous_LogEmail on|off</syntax>
<default>Anonymous_LogEmail on</default>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<usage>
<p>When set <code>on</code>, the default, the 'password' entered
(which hopefully contains a sensible email address) is logged in
the error log.</p>
</usage>
</directivesynopsis>
<directivesynopsis>
<name>Anonymous_MustGiveEmail</name>
<description>Specifies whether blank passwords are allowed</description>
<syntax>Anonymous_MustGiveEmail on|off</syntax>
<default>Anonymous_MustGiveEmail on</default>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<usage>
<p>Specifies whether the user must specify an email address as
the password. This prohibits blank passwords.</p>
</usage>
</directivesynopsis>
<directivesynopsis>
<name>Anonymous_NoUserID</name>
<description>Sets whether the userID field may be empty</description>
<syntax>Anonymous_NoUserID on|off</syntax>
<default>Anonymous_NoUserID off</default>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<usage>
<p>When set <code>on</code>, users can leave the userID (and
perhaps the password field) empty. This can be very convenient for
MS-Explorer users who can just hit return or click directly on the
OK button; which seems a natural reaction.</p>
</usage>
</directivesynopsis>
<directivesynopsis>
<name>Anonymous_VerifyEmail</name>
<description>Sets whether to check the password field for a correctly
formatted email address</description>
<syntax>Anonymous_VerifyEmail on|off</syntax>
<default>Anonymous_VerifyEmail off</default>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<usage>
<p>When set <code>on</code> the 'password' entered is checked for
at least one '@' and a '.' to encourage users to enter valid email
addresses (see the above <directive
module="mod_auth_anon" status="obsolete">Auth_LogEmail</directive>).</p>
</usage>
</directivesynopsis>
</modulesynopsis>