httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n.@apache.org
Subject cvs commit: httpd-2.0/docs/manual/mod obs_mod_access.html.en obs_mod_auth.html.en obs_mod_auth_anon.html.en obs_mod_auth_dbm.html.en obs_mod_auth_digest.html.en index.html.en
Date Wed, 16 Oct 2002 07:08:10 GMT
nd          2002/10/16 00:08:09

  Modified:    docs/manual sitemap.html.en
               docs/manual/mod index.html.en
  Added:       docs/manual/mod obs_mod_access.html.en obs_mod_auth.html.en
                        obs_mod_auth_anon.html.en obs_mod_auth_dbm.html.en
                        obs_mod_auth_digest.html.en
  Log:
  update transformation
  
  Revision  Changes    Path
  1.18      +5 -0      httpd-2.0/docs/manual/sitemap.html.en
  
  Index: sitemap.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/sitemap.html.en,v
  retrieving revision 1.17
  retrieving revision 1.18
  diff -u -r1.17 -r1.18
  --- sitemap.html.en	7 Oct 2002 08:46:31 -0000	1.17
  +++ sitemap.html.en	16 Oct 2002 07:08:08 -0000	1.18
  @@ -138,6 +138,11 @@
   <li><a href="mod/mod_userdir.html">Apache Module mod_userdir</a></li>
   <li><a href="mod/mod_usertrack.html">Apache Module mod_usertrack</a></li>
   <li><a href="mod/mod_vhost_alias.html">Apache Module mod_vhost_alias</a></li>
  +</ul><ul><li><a href="mod/obs_mod_access.html">Obsolete Apache Module mod_access</a></li>
  +<li><a href="mod/obs_mod_auth.html">Obsolete Apache Module mod_auth</a></li>
  +<li><a href="mod/obs_mod_auth_anon.html">Obsolete Apache Module mod_auth_anon</a></li>
  +<li><a href="mod/obs_mod_auth_dbm.html">Obsolete Apache Module mod_auth_dbm</a></li>
  +<li><a href="mod/obs_mod_auth_digest.html">Obsolete Apache Module mod_auth_digest</a></li>
   </ul></div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div><div class="section"><h2><a name="developer" id="developer">Developer Documentation</a></h2><ul><li class="separate"><a href="developer/">Overview</a></li>
   <li><a href="developer/API.html">Apache API notes</a></li>
   <li><a href="developer/debugging.html">Debugging Memory Allocation in APR</a></li>
  
  
  
  1.15      +105 -39   httpd-2.0/docs/manual/mod/index.html.en
  
  Index: index.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/index.html.en,v
  retrieving revision 1.14
  retrieving revision 1.15
  diff -u -r1.14 -r1.15
  --- index.html.en	7 Oct 2002 08:46:31 -0000	1.14
  +++ index.html.en	16 Oct 2002 07:08:09 -0000	1.15
  @@ -4,56 +4,122 @@
           XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
                 This file is generated from xml source: DO NOT EDIT
           XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  -      --><title>Module Index - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body id="module-index"><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs-project/">Documentation</a> &gt; <a href="../">Version 2.0</a></div><div id="preamble"><h1>Module Index</h1>
  +      --><title>Module Index - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body id="module-index"><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs-project/">Documentation</a> &gt; <a href="../">Version 2.0</a></div><div id="page-content"><div id="preamble"><h1>Module Index</h1>
       <p>
         Below is a list of all of the modules that come as part of
         the Apache distribution.  See also the complete
         alphabetical list of <a href="directives.html">all Apache
         directives</a>.
       </p>
  -  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2>Core Features and Multi-Processing Modules</h2><dl><dt><a href="core.html">core</a></dt><dd>Core Apache HTTP Server features that are always
  -available</dd><dt><a href="mpm_common.html">mpm_common</a></dt><dd>A collection of directives that are implemented by
  -more than one multi-processing module (MPM)</dd><dt><a href="mpm_netware.html">mpm_netware</a></dt><dd>Multi-Processing Module implementing an exclusively threaded web
  -    server optimized for Novell NetWare</dd><dt><a href="mpm_winnt.html">mpm_winnt</a></dt><dd>This Multi-Processing Module is optimized for Windows
  -    NT.</dd><dt><a href="perchild.html">perchild</a></dt><dd>Multi-Processing Module allowing for daemon processes
  +  </div><div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#core">Core Features and Multi-Processing Modules</a></li><li><img alt="" src="../images/down.gif" /> <a href="#other">Other Modules</a></li><li><img alt="" src="../images/down.gif" /> <a href="#obsolete">Obsolete Modules</a></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a id="core" name="core">Core Features and Multi-Processing Modules</a></h2><dl><dt><a href="core.html">core</a></dt><dd>Core Apache HTTP Server features that are always
  +available</dd>
  +<dt><a href="mpm_common.html">mpm_common</a></dt><dd>A collection of directives that are implemented by
  +more than one multi-processing module (MPM)</dd>
  +<dt><a href="mpm_netware.html">mpm_netware</a></dt><dd>Multi-Processing Module implementing an exclusively threaded web
  +    server optimized for Novell NetWare</dd>
  +<dt><a href="mpm_winnt.html">mpm_winnt</a></dt><dd>This Multi-Processing Module is optimized for Windows
  +    NT.</dd>
  +<dt><a href="perchild.html">perchild</a></dt><dd>Multi-Processing Module allowing for daemon processes
       serving requests to be assigned a variety of different
  -    userids</dd><dt><a href="prefork.html">prefork</a></dt><dd>Implements a non-threaded, pre-forking web server</dd><dt><a href="worker.html">worker</a></dt><dd>Multi-Processing Module implementing a hybrid
  -    multi-threaded multi-process web server</dd></dl></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2>Other Modules</h2><dl><dt><a href="mod_actions.html">mod_actions</a></dt><dd>This module provides for executing CGI scripts based on
  -media type or request method.</dd><dt><a href="mod_alias.html">mod_alias</a></dt><dd>Provides for mapping different parts of the host
  -    filesystem in the document tree and for URL redirection</dd><dt><a href="mod_asis.html">mod_asis</a></dt><dd>Sends files that contain their own
  -HTTP headers</dd><dt><a href="mod_auth_basic.html">mod_auth_basic</a></dt><dd>Basic authentication</dd><dt><a href="mod_auth_digest.html">mod_auth_digest</a></dt><dd>User authentication using MD5
  -    Digest Authentication.</dd><dt><a href="mod_auth_ldap.html">mod_auth_ldap</a></dt><dd>Allows an LDAP directory to be used to store the database
  -for HTTP Basic authentication.</dd><dt><a href="mod_authn_anon.html">mod_authn_anon</a></dt><dd>Allows "anonymous" user access to authenticated
  -    areas</dd><dt><a href="mod_authn_dbm.html">mod_authn_dbm</a></dt><dd>User authentication using DBM files</dd><dt><a href="mod_authn_file.html">mod_authn_file</a></dt><dd>User authentication using text files</dd><dt><a href="mod_authz_dbm.html">mod_authz_dbm</a></dt><dd>Group authorization using DBM files</dd><dt><a href="mod_authz_groupfile.html">mod_authz_groupfile</a></dt><dd>Group authorization using plaintext files</dd><dt><a href="mod_authz_host.html">mod_authz_host</a></dt><dd>Group authorizations based on host (name or IP
  -address)</dd><dt><a href="mod_autoindex.html">mod_autoindex</a></dt><dd>Generates directory indexes,
  +    userids</dd>
  +<dt><a href="prefork.html">prefork</a></dt><dd>Implements a non-threaded, pre-forking web server</dd>
  +<dt><a href="worker.html">worker</a></dt><dd>Multi-Processing Module implementing a hybrid
  +    multi-threaded multi-process web server</dd>
  +</dl></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a id="other" name="other">Other Modules</a></h2><dl><dt><a href="mod_actions.html">mod_actions</a></dt><dd>This module provides for executing CGI scripts based on
  +media type or request method.</dd>
  +<dt><a href="mod_alias.html">mod_alias</a></dt><dd>Provides for mapping different parts of the host
  +    filesystem in the document tree and for URL redirection</dd>
  +<dt><a href="mod_asis.html">mod_asis</a></dt><dd>Sends files that contain their own
  +HTTP headers</dd>
  +<dt><a href="mod_auth_basic.html">mod_auth_basic</a></dt><dd>Basic authentication</dd>
  +<dt><a href="mod_auth_digest.html">mod_auth_digest</a></dt><dd>User authentication using MD5
  +    Digest Authentication.</dd>
  +<dt><a href="mod_auth_ldap.html">mod_auth_ldap</a></dt><dd>Allows an LDAP directory to be used to store the database
  +for HTTP Basic authentication.</dd>
  +<dt><a href="mod_authn_anon.html">mod_authn_anon</a></dt><dd>Allows "anonymous" user access to authenticated
  +    areas</dd>
  +<dt><a href="mod_authn_dbm.html">mod_authn_dbm</a></dt><dd>User authentication using DBM files</dd>
  +<dt><a href="mod_authn_file.html">mod_authn_file</a></dt><dd>User authentication using text files</dd>
  +<dt><a href="mod_authz_dbm.html">mod_authz_dbm</a></dt><dd>Group authorization using DBM files</dd>
  +<dt><a href="mod_authz_groupfile.html">mod_authz_groupfile</a></dt><dd>Group authorization using plaintext files</dd>
  +<dt><a href="mod_authz_host.html">mod_authz_host</a></dt><dd>Group authorizations based on host (name or IP
  +address)</dd>
  +<dt><a href="mod_autoindex.html">mod_autoindex</a></dt><dd>Generates directory indexes,
       automatically, similar to the Unix <em>ls</em> command or the
  -    Win32 <em>dir</em> shell command</dd><dt><a href="mod_cache.html">mod_cache</a></dt><dd>Content cache keyed to URIs.</dd><dt><a href="mod_cern_meta.html">mod_cern_meta</a></dt><dd>CERN httpd metafile semantics</dd><dt><a href="mod_cgi.html">mod_cgi</a></dt><dd>Execution of CGI scripts</dd><dt><a href="mod_cgid.html">mod_cgid</a></dt><dd>Execution of CGI scripts using an
  -    external CGI daemon</dd><dt><a href="mod_charset_lite.html">mod_charset_lite</a></dt><dd>Specify character set translation or recoding</dd><dt><a href="mod_dav.html">mod_dav</a></dt><dd>Distributed Authoring and Versioning
  -(<a href="http://www.webdav.org/">WebDAV</a>) functionality</dd><dt><a href="mod_deflate.html">mod_deflate</a></dt><dd>Compress content before
  -    it is delivered to the client</dd><dt><a href="mod_dir.html">mod_dir</a></dt><dd>Provides for "trailing slash" redirects and
  -    serving directory index files</dd><dt><a href="mod_echo.html">mod_echo</a></dt><dd>A simple echo server to illustrate protocol 
  -modules</dd><dt><a href="mod_env.html">mod_env</a></dt><dd>Modifies the environment which is
  -    passed to CGI scripts and SSI pages</dd><dt><a href="mod_example.html">mod_example</a></dt><dd>Illustrates the Apache module API</dd><dt><a href="mod_expires.html">mod_expires</a></dt><dd>Generation of
  +    Win32 <em>dir</em> shell command</dd>
  +<dt><a href="mod_cache.html">mod_cache</a></dt><dd>Content cache keyed to URIs.</dd>
  +<dt><a href="mod_cern_meta.html">mod_cern_meta</a></dt><dd>CERN httpd metafile semantics</dd>
  +<dt><a href="mod_cgi.html">mod_cgi</a></dt><dd>Execution of CGI scripts</dd>
  +<dt><a href="mod_cgid.html">mod_cgid</a></dt><dd>Execution of CGI scripts using an
  +    external CGI daemon</dd>
  +<dt><a href="mod_charset_lite.html">mod_charset_lite</a></dt><dd>Specify character set translation or recoding</dd>
  +<dt><a href="mod_dav.html">mod_dav</a></dt><dd>Distributed Authoring and Versioning
  +(<a href="http://www.webdav.org/">WebDAV</a>) functionality</dd>
  +<dt><a href="mod_deflate.html">mod_deflate</a></dt><dd>Compress content before
  +    it is delivered to the client</dd>
  +<dt><a href="mod_dir.html">mod_dir</a></dt><dd>Provides for "trailing slash" redirects and
  +    serving directory index files</dd>
  +<dt><a href="mod_echo.html">mod_echo</a></dt><dd>A simple echo server to illustrate protocol 
  +modules</dd>
  +<dt><a href="mod_env.html">mod_env</a></dt><dd>Modifies the environment which is
  +    passed to CGI scripts and SSI pages</dd>
  +<dt><a href="mod_example.html">mod_example</a></dt><dd>Illustrates the Apache module API</dd>
  +<dt><a href="mod_expires.html">mod_expires</a></dt><dd>Generation of
       <code>Expires</code> HTTP headers according to user-specified
  -    criteria</dd><dt><a href="mod_ext_filter.html">mod_ext_filter</a></dt><dd>Pass the response body
  +    criteria</dd>
  +<dt><a href="mod_ext_filter.html">mod_ext_filter</a></dt><dd>Pass the response body
       through an external program before delivery to the
  -    client</dd><dt><a href="mod_file_cache.html">mod_file_cache</a></dt><dd>Caches a static list of files in memory</dd><dt><a href="mod_headers.html">mod_headers</a></dt><dd>Customization of HTTP request
  -    and response headers</dd><dt><a href="mod_imap.html">mod_imap</a></dt><dd>Server-side imagemap processing</dd><dt><a href="mod_include.html">mod_include</a></dt><dd>Server-parsed html documents (Server Side Includes)</dd><dt><a href="mod_info.html">mod_info</a></dt><dd>Provides a comprehensive overview of the server
  -configuration</dd><dt><a href="mod_isapi.html">mod_isapi</a></dt><dd>ISAPI Extensions within Apache for Windows</dd><dt><a href="mod_ldap.html">mod_ldap</a></dt><dd>LDAP connection pooling and result caching
  -services for use by other LDAP modules</dd><dt><a href="mod_log_config.html">mod_log_config</a></dt><dd>Logging of the requests made to the server</dd><dt><a href="mod_logio.html">mod_logio</a></dt><dd>Logging of input and output bytes per request</dd><dt><a href="mod_mime.html">mod_mime</a></dt><dd>Associates the requested filename's extensions
  +    client</dd>
  +<dt><a href="mod_file_cache.html">mod_file_cache</a></dt><dd>Caches a static list of files in memory</dd>
  +<dt><a href="mod_headers.html">mod_headers</a></dt><dd>Customization of HTTP request
  +    and response headers</dd>
  +<dt><a href="mod_imap.html">mod_imap</a></dt><dd>Server-side imagemap processing</dd>
  +<dt><a href="mod_include.html">mod_include</a></dt><dd>Server-parsed html documents (Server Side Includes)</dd>
  +<dt><a href="mod_info.html">mod_info</a></dt><dd>Provides a comprehensive overview of the server
  +configuration</dd>
  +<dt><a href="mod_isapi.html">mod_isapi</a></dt><dd>ISAPI Extensions within Apache for Windows</dd>
  +<dt><a href="mod_ldap.html">mod_ldap</a></dt><dd>LDAP connection pooling and result caching
  +services for use by other LDAP modules</dd>
  +<dt><a href="mod_log_config.html">mod_log_config</a></dt><dd>Logging of the requests made to the server</dd>
  +<dt><a href="mod_logio.html">mod_logio</a></dt><dd>Logging of input and output bytes per request</dd>
  +<dt><a href="mod_mime.html">mod_mime</a></dt><dd>Associates the requested filename's extensions
       with the file's behavior (handlers and filters)
       and content (mime-type, language, character set and
  -    encoding)</dd><dt><a href="mod_mime_magic.html">mod_mime_magic</a></dt><dd>Determines the MIME type of a file
  -    by looking at a few bytes of its contents</dd><dt><a href="mod_negotiation.html">mod_negotiation</a></dt><dd>Provides for <a href="../content-negotiation.html">content negotiation</a></dd><dt><a href="mod_proxy.html">mod_proxy</a></dt><dd>HTTP/1.1 proxy/gateway server</dd><dt><a href="mod_rewrite.html">mod_rewrite</a></dt><dd>Provides a rule-based rewriting engine to rewrite requested
  -URLs on the fly</dd><dt><a href="mod_setenvif.html">mod_setenvif</a></dt><dd>Allows the setting of environment variables based
  -on characteristics of the request</dd><dt><a href="mod_so.html">mod_so</a></dt><dd>Loading of executable code and
  -modules into the server at start-up or restart time</dd><dt><a href="mod_speling.html">mod_speling</a></dt><dd>Attempts to correct mistaken URLs that
  +    encoding)</dd>
  +<dt><a href="mod_mime_magic.html">mod_mime_magic</a></dt><dd>Determines the MIME type of a file
  +    by looking at a few bytes of its contents</dd>
  +<dt><a href="mod_negotiation.html">mod_negotiation</a></dt><dd>Provides for <a href="../content-negotiation.html">content negotiation</a></dd>
  +<dt><a href="mod_proxy.html">mod_proxy</a></dt><dd>HTTP/1.1 proxy/gateway server</dd>
  +<dt><a href="mod_rewrite.html">mod_rewrite</a></dt><dd>Provides a rule-based rewriting engine to rewrite requested
  +URLs on the fly</dd>
  +<dt><a href="mod_setenvif.html">mod_setenvif</a></dt><dd>Allows the setting of environment variables based
  +on characteristics of the request</dd>
  +<dt><a href="mod_so.html">mod_so</a></dt><dd>Loading of executable code and
  +modules into the server at start-up or restart time</dd>
  +<dt><a href="mod_speling.html">mod_speling</a></dt><dd>Attempts to correct mistaken URLs that
   users might have entered by ignoring capitalization and by
  -allowing up to one misspelling</dd><dt><a href="mod_ssl.html">mod_ssl</a></dt><dd>Strong cryptography using the Secure Sockets
  -Layer (SSL) and Transport Layer Security (TLS) protocols</dd><dt><a href="mod_status.html">mod_status</a></dt><dd>Provides information on server activity and
  -performance</dd><dt><a href="mod_suexec.html">mod_suexec</a></dt><dd>Allows CGI scripts to run as a specified user
  -and Group</dd><dt><a href="mod_unique_id.html">mod_unique_id</a></dt><dd>Provides an environment variable with a unique
  -identifier for each request</dd><dt><a href="mod_userdir.html">mod_userdir</a></dt><dd>User-specific directories</dd><dt><a href="mod_usertrack.html">mod_usertrack</a></dt><dd>
  +allowing up to one misspelling</dd>
  +<dt><a href="mod_ssl.html">mod_ssl</a></dt><dd>Strong cryptography using the Secure Sockets
  +Layer (SSL) and Transport Layer Security (TLS) protocols</dd>
  +<dt><a href="mod_status.html">mod_status</a></dt><dd>Provides information on server activity and
  +performance</dd>
  +<dt><a href="mod_suexec.html">mod_suexec</a></dt><dd>Allows CGI scripts to run as a specified user
  +and Group</dd>
  +<dt><a href="mod_unique_id.html">mod_unique_id</a></dt><dd>Provides an environment variable with a unique
  +identifier for each request</dd>
  +<dt><a href="mod_userdir.html">mod_userdir</a></dt><dd>User-specific directories</dd>
  +<dt><a href="mod_usertrack.html">mod_usertrack</a></dt><dd>
   <em>Clickstream</em> logging of user activity on a site
  -</dd><dt><a href="mod_vhost_alias.html">mod_vhost_alias</a></dt><dd>Provides for dynamically configured mass virtual
  -hosting</dd></dl></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
  \ No newline at end of file
  +</dd>
  +<dt><a href="mod_vhost_alias.html">mod_vhost_alias</a></dt><dd>Provides for dynamically configured mass virtual
  +hosting</dd>
  +</dl></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a id="obsolete" name="obsolete">Obsolete Modules</a></h2><dl><dt><a href="obs_mod_access.html">mod_access</a></dt><dd><em>(replaced by <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code> since 2.0.44)</em><br />Provides access control based on client hostname, IP
  +address, or other characteristics of the client request.</dd>
  +<dt><a href="obs_mod_auth.html">mod_auth</a></dt><dd><em>(obsolete since 2.0.44)</em><br />User authentication using text files</dd>
  +<dt><a href="obs_mod_auth_anon.html">mod_auth_anon</a></dt><dd><em>(replaced by <code class="module"><a href="../mod/mod_authn_anon.html">mod_authn_anon</a></code> since 2.0.44)</em><br />Allows "anonymous" user access to authenticated
  +    areas</dd>
  +<dt><a href="obs_mod_auth_dbm.html">mod_auth_dbm</a></dt><dd><em>(obsolete since 2.0.44)</em><br />Provides for user authentication using DBM
  +    files</dd>
  +<dt><a href="obs_mod_auth_digest.html">mod_auth_digest</a></dt><dd><em>(obsolete since 2.0.44)</em><br />User authentication using MD5
  +    Digest Authentication.</dd>
  +</dl></div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
  \ No newline at end of file
  
  
  
  1.1                  httpd-2.0/docs/manual/mod/obs_mod_access.html.en
  
  Index: obs_mod_access.html.en
  ===================================================================
  <?xml version="1.0" encoding="ISO-8859-1"?>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
                This file is generated from xml source: DO NOT EDIT
          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        --><title>mod_access - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs-project/">Documentation</a> &gt; <a href="../">Version 2.0</a> &gt; <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Obsolete Apache Module mod_access</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description:
                    </a></th><td>Provides access control based on client hostname, IP
  address, or other characteristics of the client request.</td></tr><tr><th><a href="module-dict.html#Status">Status:
                    </a></th><td>Obsolete<em> (replaced by <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code> since 2.0.44)</em><br /></td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:
                    </a></th><td>access_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File:
                    </a></th><td>mod_access.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
                    </a></th><td>Available only in versions up to 2.0.43</td></tr></table><h3>Summary</h3>
      <div class="warning"><h3>This module is obsolete!</h3>
      <p>Note, that this module has been marked as obsolete. A bunch
      of modules was introduced in Apache version 2.0.44 that
      support the new Authentication/Authorization provider mechnism.</p>
  
      <p>If you want to use host based access control, you have to invoke the
      <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code> module now.</p>
  
      <p>This document is kept only for historical reasons and no
      longer maintained.</p>
      </div>
  
      <p>The directives provided by mod_access are used in <code class="directive"><a href="../mod/core.html#directory">&lt;Directory&gt;</a></code>, <code class="directive"><a href="../mod/core.html#files">&lt;Files&gt;</a></code>, and <code class="directive"><a href="../mod/core.html#location">&lt;Location&gt;</a></code> sections as well as
      <code><a href="core.html#accessfilename">.htaccess</a></code>
      files to control access to particular parts of the server. Access
      can be controlled based on the client hostname, IP address, or
      other characteristics of the client request, as captured in <a href="../env.html">environment variables</a>. The <code class="directive"><a href="#allow">Allow</a></code> and <code class="directive"><a href="#deny">Deny</a></code> directives are used to
      specify which clients are or are not allowed access to the server,
      while the <code class="directive"><a href="#order">Order</a></code>
      directive sets the default access state, and configures how the
      <code class="directive"><a href="#allow">Allow</a></code> and <code class="directive"><a href="#deny">Deny</a></code> directives interact with each
      other.</p>
  
      <p>Both host-based access restrictions and password-based
      authentication may be implemented simultaneously. In that case,
      the <code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code> directive is used
      to determine how the two sets of restrictions interact.</p>
  
      <p>In general, access restriction directives apply to all
      access methods (<code>GET</code>, <code>PUT</code>,
      <code>POST</code>, etc). This is the desired behavior in most
      cases. However, it is possible to restrict some methods, while
      leaving other methods unrestricted, by enclosing the directives
      in a <code class="directive"><a href="../mod/core.html#limit">&lt;Limit&gt;</a></code> section.</p>
  </div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#allow">Allow</a></li>
  <li><img alt="" src="../images/down.gif" /> <a href="#deny">Deny</a></li>
  <li><img alt="" src="../images/down.gif" /> <a href="#order">Order</a></li>
  </ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Allow" id="Allow">Allow</a> <a name="allow" id="allow">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                </a></th><td>Controls which hosts can access an area of the
  server</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
                </a></th><td><code> Allow from
      all|<var>host</var>|env=<var>env-variable</var>
      [<var>host</var>|env=<var>env-variable</var>] ...</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                </a></th><td>Limit</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                </a></th><td>mod_access</td></tr></table>
  
      <p>The <code class="directive">Allow</code> directive affects which hosts can
      access an area of the server. Access can be controlled by
      hostname, IP Address, IP Address range, or by other
      characteristics of the client request captured in environment
      variables.</p>
  
      <p>The first argument to this directive is always
      <code>from</code>. The subsequent arguments can take three
      different forms. If <code>Allow from all</code> is specified, then
      all hosts are allowed access, subject to the configuration of the
      <code class="directive"><a href="#deny">Deny</a></code> and <code class="directive"><a href="#order">Order</a></code> directives as discussed
      below. To allow only particular hosts or groups of hosts to access
      the server, the <var>host</var> can be specified in any of the
      following formats:</p>
  
      <dl>
        <dt>A (partial) domain-name</dt>
  
        <dd>Example: <code>Allow from apache.org</code><br />
         Hosts whose names match, or end in, this string are allowed
        access. Only complete components are matched, so the above
        example will match <code>foo.apache.org</code> but it will
        not match <code>fooapache.org</code>. This configuration will
        cause the server to perform a reverse DNS lookup on the
        client IP address, regardless of the setting of the <code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code>
        directive.</dd>
  
        <dt>A full IP address</dt>
  
        <dd>Example: <code>Allow from 10.1.2.3</code><br />
         An IP address of a host allowed access</dd>
  
        <dt>A partial IP address</dt>
  
        <dd>Example: <code>Allow from 10.1</code><br />
         The first 1 to 3 bytes of an IP address, for subnet
        restriction.</dd>
  
        <dt>A network/netmask pair</dt>
  
        <dd>Example: <code>Allow from
        10.1.0.0/255.255.0.0</code><br />
         A network a.b.c.d, and a netmask w.x.y.z. For more
        fine-grained subnet restriction.</dd>
  
        <dt>A network/nnn CIDR specification</dt>
  
        <dd>Example: <code>Allow from 10.1.0.0/16</code><br />
         Similar to the previous case, except the netmask consists of
        nnn high-order 1 bits.</dd>
      </dl>
  
      <p>Note that the last three examples above match exactly the
      same set of hosts.</p>
  
      <p>IPv6 addresses and IPv6 subnets can be specified as shown
      below:</p>
  
      <div class="example"><p><code>
         Allow from fe80::a00:20ff:fea7:ccea<br />
         Allow from fe80::a00:20ff:fea7:ccea/10
      </code></p></div>
  
      <p>The third format of the arguments to the
      <code class="directive">Allow</code> directive allows access to the server
      to be controlled based on the existence of an <a href="../env.html">environment variable</a>. When <code>Allow from
      env=<var>env-variable</var></code> is specified, then the request is
      allowed access if the environment variable <var>env-variable</var>
      exists. The server provides the ability to set environment
      variables in a flexible way based on characteristics of the client
      request using the directives provided by
      <code class="module"><a href="../mod/mod_setenvif.html">mod_setenvif</a></code>.  Therefore, this directive can be
      used to allow access based on such factors as the clients
      <code>User-Agent</code> (browser type), <code>Referer</code>, or
      other HTTP request header fields.</p>
  
      <div class="example"><h3>Example:</h3><p><code>
        SetEnvIf User-Agent ^KnockKnock/2.0 let_me_in<br />
        &lt;Directory /docroot&gt;<br />
        <span class="indent">
          Order Deny,Allow<br />
          Deny from all<br />
          Allow from env=let_me_in<br />
        </span>
        &lt;/Directory&gt;
      </code></p></div>
  
      <p>In this case, browsers with a user-agent string beginning
      with <code>KnockKnock/2.0</code> will be allowed access, and all
      others will be denied.</p>
  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Deny" id="Deny">Deny</a> <a name="deny" id="deny">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                </a></th><td>Controls which hosts are denied access to the
  server</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
                </a></th><td><code> Deny from
      all|<var>host</var>|env=<var>env-variable</var>
      [<var>host</var>|env=<var>env-variable</var>] ...</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                </a></th><td>Limit</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                </a></th><td>mod_access</td></tr></table>
      <p>This directive allows access to the server to be restricted
      based on hostname, IP address, or environment variables. The
      arguments for the <code class="directive">Deny</code> directive are
      identical to the arguments for the <code class="directive"><a href="#allow">Allow</a></code> directive.</p>
  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Order" id="Order">Order</a> <a name="order" id="order">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                </a></th><td>Controls the default access state and the order in which
  Allow and Deny are
  evaluated.</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
                </a></th><td><code> Order <var>ordering</var></code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
                </a></th><td><code>Order Deny,Allow</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                </a></th><td>Limit</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                </a></th><td>mod_access</td></tr></table>
  
      <p>The <code class="directive">Order</code> directive controls the default
      access state and the order in which <code class="directive"><a href="#allow">Allow</a></code> and <code class="directive"><a href="#deny">Deny</a></code> directives are evaluated.
      <var>Ordering</var> is one of</p>
  
      <dl>
        <dt>Deny,Allow</dt>
  
        <dd>The <code class="directive"><a href="#deny">Deny</a></code> directives
        are evaluated before the <code class="directive"><a href="#allow">Allow</a></code> directives. Access is
        allowed by default.  Any client which does not match a
        <code class="directive"><a href="#deny">Deny</a></code> directive or does
        match an <code class="directive"><a href="#allow">Allow</a></code>
        directive will be allowed access to the server.</dd>
  
        <dt>Allow,Deny</dt>
  
        <dd>The <code class="directive"><a href="#allow">Allow</a></code>
        directives are evaluated before the <code class="directive"><a href="#deny">Deny</a></code> directives. Access is denied
        by default. Any client which does not match an <code class="directive"><a href="#allow">Allow</a></code> directive or does match a
        <code class="directive"><a href="#deny">Deny</a></code> directive will be
        denied access to the server.</dd>
  
        <dt>Mutual-failure</dt>
  
        <dd>Only those hosts which appear on the <code class="directive"><a href="#allow">Allow</a></code> list and do not appear on
        the <code class="directive"><a href="#deny">Deny</a></code> list are
        granted access. This ordering has the same effect as <code>Order
        Allow,Deny</code> and is deprecated in favor of that
        configuration.</dd>
      </dl>
  
      <p>Keywords may only be separated by a comma; no whitespace is
      allowed between them. Note that in all cases every <code class="directive"><a href="#allow">Allow</a></code> and <code class="directive"><a href="#deny">Deny</a></code> statement is evaluated.</p>
  
      <p>In the following example, all hosts in the apache.org domain
      are allowed access; all other hosts are denied access.</p>
  
      <div class="example"><p><code>
        Order Deny,Allow<br />
        Deny from all<br />
        Allow from apache.org
      </code></p></div>
  
      <p>In the next example, all hosts in the apache.org domain are
      allowed access, except for the hosts which are in the
      foo.apache.org subdomain, who are denied access. All hosts not
      in the apache.org domain are denied access because the default
      state is to deny access to the server.</p>
  
      <div class="example"><p><code>
        Order Allow,Deny<br />
        Allow from apache.org<br />
        Deny from foo.apache.org
      </code></p></div>
  
      <p>On the other hand, if the <code class="directive">Order</code> in the last
      example is changed to <code>Deny,Allow</code>, all hosts will
      be allowed access. This happens because, regardless of the
      actual ordering of the directives in the configuration file,
      the <code>Allow from apache.org</code> will be evaluated last
      and will override the <code>Deny from foo.apache.org</code>.
      All hosts not in the <code>apache.org</code> domain will also
      be allowed access because the default state will change to
      <var>allow</var>.</p>
  
      <p>The presence of an <code class="directive">Order</code> directive can affect
      access to a part of the server even in the absence of accompanying
      <code class="directive"><a href="#allow">Allow</a></code> and <code class="directive"><a href="#deny">Deny</a></code> directives because of its effect
      on the default access state.  For example,</p>
  
      <div class="example"><p><code>
        &lt;Directory /www&gt;<br />
        <span class="indent">
          Order Allow,Deny<br />
        </span>
        &lt;/Directory&gt;
      </code></p></div>
  
      <p>will deny all access to the <code>/www</code> directory
      because the default access state will be set to
      <var>deny</var>.</p>
  
      <p>The <code class="directive">Order</code> directive controls the order of access
      directive processing only within each phase of the server's
      configuration processing. This implies, for example, that an
      <code class="directive"><a href="#allow">Allow</a></code> or <code class="directive"><a href="#deny">Deny</a></code> directive occurring in a
      <code class="directive"><a href="../mod/core.html#location">&lt;Location&gt;</a></code> section will
      always be evaluated after an <code class="directive"><a href="#allow">Allow</a></code> or <code class="directive"><a href="#deny">Deny</a></code> directive occurring in a
      <code class="directive"><a href="../mod/core.html#directory">&lt;Directory&gt;</a></code> section or
      <code>.htaccess</code> file, regardless of the setting of the
      <code class="directive">Order</code> directive. For details on the merging
      of configuration sections, see the documentation on <a href="../sections.html">How Directory, Location and Files sections
      work</a>.</p>
  </div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
  
  
  1.1                  httpd-2.0/docs/manual/mod/obs_mod_auth.html.en
  
  Index: obs_mod_auth.html.en
  ===================================================================
  <?xml version="1.0" encoding="ISO-8859-1"?>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
                This file is generated from xml source: DO NOT EDIT
          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        --><title>mod_auth - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs-project/">Documentation</a> &gt; <a href="../">Version 2.0</a> &gt; <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Obsolete Apache Module mod_auth</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description:
                    </a></th><td>User authentication using text files</td></tr><tr><th><a href="module-dict.html#Status">Status:
                    </a></th><td>Obsolete<em> (obsolete since 2.0.44)</em><br /></td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:
                    </a></th><td>auth_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File:
                    </a></th><td>mod_auth.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
                    </a></th><td>Available only in versions up to 2.0.43</td></tr></table><h3>Summary</h3>
      <div class="warning"><h3>This module is obsolete!</h3>
      <p>Note, that this module has been marked as obsolete. A bunch
      of modules was introduced in Apache version 2.0.44 that
      support the new Authentication/Authorization provider mechnism.</p>
  
      <p>In order to get the ability of HTTP Basic Authentication, you have
      to use the <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code> module that implements
      the HTTP part. <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code> provides for user
      authentication based on plain text files. File based group
      authorization is now done by the <code class="module"><a href="../mod/mod_authz_groupfile.html">mod_authz_groupfile</a></code>
      module.</p>
  
      <p>This document is kept only for historical reasons and no
      longer maintained.</p>
      </div>
  
      <p>This module allows the use of HTTP Basic Authentication to
      restrict access by looking up users in plain text password and
      group files. Similar functionality and greater scalability is
      provided by <code class="module"><a href="../mod/obs_mod_auth_dbm.html">mod_auth_dbm</a></code>. HTTP Digest
      Authentication is provided by
      <code class="module"><a href="../mod/obs_mod_auth_digest.html">mod_auth_digest</a></code>.</p>
  
  </div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authauthoritative">AuthAuthoritative</a></li>
  <li><img alt="" src="../images/down.gif" /> <a href="#authgroupfile">AuthGroupFile</a></li>
  <li><img alt="" src="../images/down.gif" /> <a href="#authuserfile">AuthUserFile</a></li>
  </ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthAuthoritative" id="AuthAuthoritative">AuthAuthoritative</a> <a name="authauthoritative" id="authauthoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                </a></th><td>Sets whether authorization and authentication are
  passed to lower level modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
                </a></th><td><code>AuthAuthoritative on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
                </a></th><td><code>AuthAuthoritative on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                </a></th><td>mod_auth</td></tr></table>
      <div class="note">This information has not been updated for Apache 2.0, which
      uses a different system for module ordering.</div>
  
      <p>Setting the <code class="directive">AuthAuthoritative</code> directive
      explicitly to <strong>'off'</strong> allows for both
      authentication and authorization to be passed on to lower level
      modules (as defined in the <code>Configuration</code> and
      <code>modules.c</code> files) if there is <strong>no
      userID</strong> or <strong>rule</strong> matching the supplied
      userID. If there is a userID and/or rule specified; the usual
      password and access checks will be applied and a failure will give
      an Authorization Required reply.</p>
  
      <p>So if a userID appears in the database of more than one module;
      or if a valid <code class="directive"><a href="../mod/core.html#require">Require</a></code>
      directive applies to more than one module; then the first module
      will verify the credentials; and no access is passed on;
      regardless of the AuthAuthoritative setting.</p>
  
      <p>A common use for this is in conjunction with one of the
      database modules; such as <code class="module"><a href="../mod/obs_mod_auth_dbm.html">mod_auth_dbm</a></code>,
      <code>mod_auth_msql</code>, and <code class="module"><a href="../mod/obs_mod_auth_anon.html">mod_auth_anon</a></code>.
      These modules supply the bulk of the user credential checking; but
      a few (administrator) related accesses fall through to a lower
      level with a well protected <code class="directive"><a href="#authuserfile">AuthUserFile</a></code>.</p>
  
      <p>By default; control is not passed on; and an unknown userID or
      rule will result in an Authorization Required reply. Not setting
      it thus keeps the system secure; and forces an NCSA compliant
      behaviour.</p>
  
      <div class="note"><h3>Security</h3> Do consider the implications of
      allowing a user to allow fall-through in his .htaccess file; and
      verify that this is really what you want; Generally it is easier
      to just secure a single .htpasswd file, than it is to secure a
      database such as mSQL. Make sure that the <code class="directive"><a href="#authuserfile">AuthUserFile</a></code> and the <code class="directive"><a href="#authgroupfile">AuthGroupFile</a></code> are stored outside the
      document tree of the web-server; do <em>not</em> put them in the
      directory that they protect. Otherwise, clients will be able to
      download the <code class="directive"><a href="#authuserfile">AuthUserFile</a></code>
      and the <code class="directive"><a href="#authgroupfile">AuthGroupFile</a></code>.
      </div>
  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthGroupFile" id="AuthGroupFile">AuthGroupFile</a> <a name="authgroupfile" id="authgroupfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                </a></th><td>Sets the name of a text file containing the list
  of user groups for authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
                </a></th><td><code>AuthGroupFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                </a></th><td>mod_auth</td></tr></table>
      <p>The <code class="directive">AuthGroupFile</code> directive sets the
      name of a textual file containing the list of user groups for user
      authentication.  <var>File-path</var> is the path to the group
      file. If it is not absolute (<em>i.e.</em>, if it doesn't begin
      with a slash), it is treated as relative to the <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.</p>
  
      <p>Each line of the group file contains a groupname followed by a
      colon, followed by the member usernames separated by spaces.
      Example:</p> 
  
      <div class="example"><p><code>mygroup: bob joe anne</code></p></div> 
  
      <p>Note that searching large text files is <em>very</em>
      inefficient; <code class="directive"><a href="../mod/obs_mod_auth_dbm.html#authdbmgroupfile">AuthDBMGroupFile</a></code> should be used
      instead.</p>
  
      <div class="note"><h3>Security</h3>
      <p>Make sure that the <code class="directive">AuthGroupFile</code> is
  	stored outside the document tree of the web-server; do <em>not</em>
  	put it in the directory that it protects. Otherwise, clients will
  	be able to download the <code class="directive">AuthGroupFile</code>.</p>
      </div>
  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthUserFile" id="AuthUserFile">AuthUserFile</a> <a name="authuserfile" id="authuserfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                </a></th><td>Sets the name of a text file containing the list of users and
  passwords for authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
                </a></th><td><code>AuthUserFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                </a></th><td>mod_auth</td></tr></table>
      <p>The <code class="directive">AuthUserFile</code> directive sets the name
      of a textual file containing the list of users and passwords for
      user authentication. <var>File-path</var> is the path to the user
      file. If it is not absolute (<em>i.e.</em>, if it doesn't begin
      with a slash), it is treated as relative to the <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.</p>
  
      <p>Each line of the user file contains a username followed by
      a colon, followed by the <code>crypt()</code> encrypted
      password. The behavior of multiple occurrences of the same user is
      undefined.</p>
  
      <p>The utility <a href="../programs/htpasswd.html">htpasswd</a>
      which is installed as part of the binary distribution, or which
      can be found in <code>src/support</code>, is used to maintain
      this password file. See the <code>man</code> page for more
      details. In short:</p>
  
      <p>Create a password file 'Filename' with 'username' as the
      initial ID. It will prompt for the password:</p>
  
      <div class="example"><p><code>htpasswd -c Filename username</code></p></div>
  
      <p>Add or modify 'username2' in the password file 'Filename':</p>
  
      <div class="example"><p><code>htpasswd Filename username2</code></p></div>
  
      <p>Note that searching large text files is <em>very</em>
      inefficient; <code class="directive"><a href="../mod/obs_mod_auth_dbm.html#authdbmuserfile">AuthDBMUserFile</a></code> should be used
      instead.</p>
  
      <div class="note"><h3>Security</h3>
      <p>Make sure that the <code class="directive">AuthUserFile</code> is
  	stored outside the document tree of the web-server; do <em>not</em>
  	put it in the directory that it protects. Otherwise, clients will
  	be able to download the <code class="directive">AuthUserFile</code>.</p>
      </div>
  </div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
  
  
  1.1                  httpd-2.0/docs/manual/mod/obs_mod_auth_anon.html.en
  
  Index: obs_mod_auth_anon.html.en
  ===================================================================
  <?xml version="1.0" encoding="ISO-8859-1"?>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
                This file is generated from xml source: DO NOT EDIT
          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        --><title>mod_auth_anon - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs-project/">Documentation</a> &gt; <a href="../">Version 2.0</a> &gt; <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Obsolete Apache Module mod_auth_anon</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description:
                    </a></th><td>Allows "anonymous" user access to authenticated
      areas</td></tr><tr><th><a href="module-dict.html#Status">Status:
                    </a></th><td>Obsolete<em> (replaced by <code class="module"><a href="../mod/mod_authn_anon.html">mod_authn_anon</a></code> since 2.0.44)</em><br /></td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:
                    </a></th><td>auth_anon_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File:
                    </a></th><td>mod_auth_anon.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
                    </a></th><td>Available only in versions up to 2.0.43</td></tr></table><h3>Summary</h3>
      <div class="warning"><h3>This module is obsolete!</h3>
      <p>Note, that this module has been marked as obsolete. A bunch
      of modules was introduced in Apache version 2.0.44 that
      support the new Authentication/Authorization provider mechnism.</p>
  
      <p>In order to get the same functionality, you have to invoke the
      <code class="module"><a href="../mod/mod_authn_anon.html">mod_authn_anon</a></code> module now.</p>
  
      
      
  
      <p>This document is kept only for historical reasons and no
      longer maintained.</p>
      </div>
  
      <p>This module does access control in a manner similar to
      anonymous-ftp sites; <em>i.e.</em> have a 'magic' user id
      'anonymous' and the email address as a password. These email
      addresses can be logged.</p>
  
      <p>Combined with other (database) access control methods, this
      allows for effective user tracking and customization according
      to a user profile while still keeping the site open for
      'unregistered' users. One advantage of using Auth-based user
      tracking is that, unlike magic-cookies and funny URL
      pre/postfixes, it is completely browser independent and it
      allows users to share URLs.</p>
  </div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#anonymous">Anonymous</a></li>
  <li><img alt="" src="../images/down.gif" /> <a href="#anonymous_authoritative">Anonymous_Authoritative</a></li>
  <li><img alt="" src="../images/down.gif" /> <a href="#anonymous_logemail">Anonymous_LogEmail</a></li>
  <li><img alt="" src="../images/down.gif" /> <a href="#anonymous_mustgiveemail">Anonymous_MustGiveEmail</a></li>
  <li><img alt="" src="../images/down.gif" /> <a href="#anonymous_nouserid">Anonymous_NoUserID</a></li>
  <li><img alt="" src="../images/down.gif" /> <a href="#anonymous_verifyemail">Anonymous_VerifyEmail</a></li>
  </ul><h3>Topics</h3><ul id="topics"><li><img alt="" src="../images/down.gif" /> <a href="#example">Example</a></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="example" id="example">Example</a></h2>
  
      <p>The example below (when combined with the Auth directives of a
      htpasswd-file based (or GDM, mSQL etc.) base access
      control system allows users in as 'guests' with the following
      properties:</p>
  
      <ul>
        <li>It insists that the user enters a userId.
        (<code>Anonymous_NoUserId</code>)</li>
  
        <li>It insists that the user enters a password.
        (<code>Anonymous_MustGiveEmail</code>)</li>
  
        <li>The password entered must be a valid email address, ie.
        contain at least one '@' and a '.'.
        (<code>Anonymous_VerifyEmail</code>)</li>
  
        <li>The userID must be one of <code>anonymous guest www test
        welcome</code> and comparison is <strong>not</strong> case
        sensitive.</li>
  
        <li>And the Email addresses entered in the passwd field are
        logged to the error log file
        (<code>Anonymous_LogEmail</code>)</li>
      </ul>
  
      <p>Excerpt of httpd.conf:</p>
  
      <div class="example"><p><code>
        Anonymous_NoUserId off<br />
        Anonymous_MustGiveEmail on<br />
        Anonymous_VerifyEmail on<br />
        Anonymous_LogEmail on<br />
        Anonymous anonymous guest www test welcome<br />
        <br />
        AuthName "Use 'anonymous' &amp; Email address for guest entry"<br />
        AuthType basic<br />
        <br />
        # An
        AuthUserFile/AuthDBUserFile/AuthDBMUserFile<br />
        # directive must be specified, or use<br />
        # Anonymous_Authoritative for public access.<br />
        # In the .htaccess for the public directory, add:<br />
        &lt;Files *&gt;<br />
        <span class="indent">
          Order Deny,Allow<br />
          Allow from all<br />
          <br />
          Require valid-user<br />
        </span>
        &lt;/Files&gt;
      </code></p></div>
  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous" id="Anonymous">Anonymous</a> <a name="anonymous" id="anonymous">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                </a></th><td>Specifies userIDs that areallowed access without
  password verification</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
                </a></th><td><code>Anonymous <var>user</var> [<var>user</var>] ...</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                </a></th><td>mod_auth_anon</td></tr></table>
      <p>A list of one or more 'magic' userIDs which are allowed
      access without password verification. The userIDs are space
      separated. It is possible to use the ' and " quotes to allow a
      space in a userID as well as the \ escape character.</p>
  
      <p>Please note that the comparison is
      <strong>case-IN-sensitive</strong>.<br />
       I strongly suggest that the magic username
      '<code>anonymous</code>' is always one of the allowed
      userIDs.</p>
  
      <div class="example"><h3>Example:</h3><p><code>
        Anonymous anonymous "Not Registered" 'I don\'t know'
      </code></p></div>
  
      <p>This would allow the user to enter without password
      verification by using the userId's 'anonymous',
      'AnonyMous','Not Registered' and 'I Don't Know'.</p>
  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous_Authoritative" id="Anonymous_Authoritative">Anonymous_Authoritative</a> <a name="anonymous_authoritative" id="anonymous_authoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                </a></th><td>Configures if authorization will fall-through
  to other methods</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
                </a></th><td><code>Anonymous_Authoritative on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
                </a></th><td><code>Anonymous_Authoritative off</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                </a></th><td>mod_auth_anon</td></tr></table>
      <p>When set 'on', there is no fall-through to other authorization
      methods. So if a userID does not match the values specified in the
      <code class="directive"><a href="#anonymous">Anonymous</a></code> directive,
      access is denied.</p>
  
      <p>Be sure you know what you are doing when you decide to
      switch it on. And remember that it is the linking order of the
      modules (in the Configuration / Make file) which details the
      order in which the Authorization modules are queried.</p>
  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous_LogEmail" id="Anonymous_LogEmail">Anonymous_LogEmail</a> <a name="anonymous_logemail" id="anonymous_logemail">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                </a></th><td>Sets whether the password entered will be logged in the
  error log</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
                </a></th><td><code>Anonymous_LogEmail on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
                </a></th><td><code>Anonymous_LogEmail on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                </a></th><td>mod_auth_anon</td></tr></table>
      <p>When set <code>on</code>, the default, the 'password' entered
      (which hopefully contains a sensible email address) is logged in
      the error log.</p>
  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous_MustGiveEmail" id="Anonymous_MustGiveEmail">Anonymous_MustGiveEmail</a> <a name="anonymous_mustgiveemail" id="anonymous_mustgiveemail">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                </a></th><td>Specifies whether blank passwords are allowed</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
                </a></th><td><code>Anonymous_MustGiveEmail on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
                </a></th><td><code>Anonymous_MustGiveEmail on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                </a></th><td>mod_auth_anon</td></tr></table>
      <p>Specifies whether the user must specify an email address as
      the password. This prohibits blank passwords.</p>
  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous_NoUserID" id="Anonymous_NoUserID">Anonymous_NoUserID</a> <a name="anonymous_nouserid" id="anonymous_nouserid">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                </a></th><td>Sets whether the userID field may be empty</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
                </a></th><td><code>Anonymous_NoUserID on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
                </a></th><td><code>Anonymous_NoUserID off</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                </a></th><td>mod_auth_anon</td></tr></table>
      <p>When set <code>on</code>, users can leave the userID (and
      perhaps the password field) empty. This can be very convenient for
      MS-Explorer users who can just hit return or click directly on the
      OK button; which seems a natural reaction.</p>
  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous_VerifyEmail" id="Anonymous_VerifyEmail">Anonymous_VerifyEmail</a> <a name="anonymous_verifyemail" id="anonymous_verifyemail">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                </a></th><td>Sets whether to check the password field for a correctly
  formatted email address</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
                </a></th><td><code>Anonymous_VerifyEmail on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
                </a></th><td><code>Anonymous_VerifyEmail off</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                </a></th><td>mod_auth_anon</td></tr></table>
      <p>When set <code>on</code> the 'password' entered is checked for
      at least one '@' and a '.' to encourage users to enter valid email
      addresses (see the above <code class="directive"><a href="#auth_logemail">Auth_LogEmail</a></code>).</p>
  </div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
  
  
  1.1                  httpd-2.0/docs/manual/mod/obs_mod_auth_dbm.html.en
  
  Index: obs_mod_auth_dbm.html.en
  ===================================================================
  <?xml version="1.0" encoding="ISO-8859-1"?>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
                This file is generated from xml source: DO NOT EDIT
          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        --><title>mod_auth_dbm - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs-project/">Documentation</a> &gt; <a href="../">Version 2.0</a> &gt; <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Obsolete Apache Module mod_auth_dbm</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description:
                    </a></th><td>Provides for user authentication using DBM
      files</td></tr><tr><th><a href="module-dict.html#Status">Status:
                    </a></th><td>Obsolete<em> (obsolete since 2.0.44)</em><br /></td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:
                    </a></th><td>auth_dbm_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File:
                    </a></th><td>mod_auth_dbm.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
                    </a></th><td>Available only in versions up to 2.0.43</td></tr></table><h3>Summary</h3>
      <div class="warning"><h3>This module is obsolete!</h3>
      <p>Note, that this module has been marked as obsolete. A bunch
      of modules was introduced in Apache version 2.0.44 that
      support the new Authentication/Authorization provider mechnism.</p>
  
      <p>In order to get the ability of HTTP Basic Authentication, you have
      to use the <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code> module that implements
      the HTTP part. <code class="module"><a href="../mod/mod_authn_dbm.html">mod_authn_dbm</a></code> provides for user
      authentication based on DBM-files. DBM-File based group
      authorization is now done by the <code class="module"><a href="../mod/mod_authz_dbm.html">mod_authz_dbm</a></code>
      module.</p>
  
      <p>This document is kept only for historical reasons and no
      longer maintained.</p>
      </div>
  
      <p>This module provides for HTTP Basic Authentication, where
      the usernames and passwords are stored in DBM type database
      files. It is an alternative to the plain text password files
      provided by <code class="module"><a href="../mod/obs_mod_auth.html">mod_auth</a></code>.</p>
  </div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authdbmauthoritative">AuthDBMAuthoritative</a></li>
  <li><img alt="" src="../images/down.gif" /> <a href="#authdbmgroupfile">AuthDBMGroupFile</a></li>
  <li><img alt="" src="../images/down.gif" /> <a href="#authdbmtype">AuthDBMType</a></li>
  <li><img alt="" src="../images/down.gif" /> <a href="#authdbmuserfile">AuthDBMUserFile</a></li>
  </ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDBMAuthoritative" id="AuthDBMAuthoritative">AuthDBMAuthoritative</a> <a name="authdbmauthoritative" id="authdbmauthoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                </a></th><td>Sets whether authentication and authorization will be
  passwed on to lower level modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
                </a></th><td><code>AuthDBMAuthoritative on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
                </a></th><td><code>AuthDBMAuthoritative on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                </a></th><td>mod_auth_dbm</td></tr></table>
  
  <div class="note">This information has not been updated to take into account the
  new module ordering techniques in Apache 2.0</div>
  
      <p>Setting the <code class="directive">AuthDBMAuthoritative</code>
      directive explicitly to <strong>'off'</strong> allows for both
      authentication and authorization to be passed on to lower level
      modules (as defined in the <code>Configuration</code> and
      <code>modules.c</code> file if there is <strong>no userID</strong>
      or <strong>rule</strong> matching the supplied userID. If there is
      a userID and/or rule specified; the usual password and access
      checks will be applied and a failure will give an Authorization
      Required reply.</p>
  
      <p>So if a userID appears in the database of more than one module;
      or if a valid <code class="directive"><a href="../mod/core.html#require">Require</a></code>
      directive applies to more than one module; then the first module
      will verify the credentials; and no access is passed on;
      regardless of the <code class="directive">AuthAuthoritative</code> setting.</p>
  
      <p>A common use for this is in conjunction with one of the
      basic auth modules; such as <code class="module"><a href="../mod/obs_mod_auth.html">mod_auth</a></code>. Whereas this
      DBM module supplies the bulk of the user credential checking; a
      few (administrator) related accesses fall through to a lower
      level with a well protected .htpasswd file.</p>
  
      <p>By default, control is not passed on and an unknown userID
      or rule will result in an Authorization Required reply. Not
      setting it thus keeps the system secure and forces an NCSA
      compliant behaviour.</p>
  
      <p>Security: Do consider the implications of allowing a user to
      allow fall-through in his .htaccess file; and verify that this
      is really what you want; Generally it is easier to just secure
      a single .htpasswd file, than it is to secure a database which
      might have more access interfaces.</p>
  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDBMGroupFile" id="AuthDBMGroupFile">AuthDBMGroupFile</a> <a name="authdbmgroupfile" id="authdbmgroupfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                </a></th><td>Sets the name of the database file containing the list
  of user groups for authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
                </a></th><td><code>AuthDBMGroupFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                </a></th><td>mod_auth_dbm</td></tr></table>
      <p>The <code class="directive">AuthDBMGroupFile</code> directive sets the
      name of a DBM file containing the list of user groups for user
      authentication. <var>File-path</var> is the absolute path to the
      group file.</p>
  
      <p>The group file is keyed on the username. The value for a
      user is a comma-separated list of the groups to which the users
      belongs. There must be no whitespace within the value, and it
      must never contain any colons.</p>
  
      <p>Security: make sure that the
      <code class="directive">AuthDBMGroupFile</code> is stored outside the
      document tree of the web-server; do <em>not</em> put it in the
      directory that it protects. Otherwise, clients will be able to
      download the <code class="directive">AuthDBMGroupFile</code> unless
      otherwise protected.</p>
  
      <p>Combining Group and Password DBM files: In some cases it is
      easier to manage a single database which contains both the
      password and group details for each user. This simplifies any
      support programs that need to be written: they now only have to
      deal with writing to and locking a single DBM file. This can be
      accomplished by first setting the group and password files to
      point to the same DBM:</p>
  
      <div class="example"><p><code>
        AuthDBMGroupFile /www/userbase<br />
        AuthDBMUserFile /www/userbase
      </code></p></div>
  
      <p>The key for the single DBM is the username. The value consists
      of</p>
  
      <div class="example"><p><code>
        <var>Unix Crypt-ed Password</var>:<var>List of Groups</var>[:(ignored)]
      </code></p></div>
  
      <p>The password section contains the Unix <code>crypt()</code>
      password as before. This is followed by a colon and the comma
      separated list of groups. Other data may optionally be left in the
      DBM file after another colon; it is ignored by the authentication
      module. This is what www.telescope.org uses for its combined
      password and group database.</p>
  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDBMType" id="AuthDBMType">AuthDBMType</a> <a name="authdbmtype" id="authdbmtype">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                </a></th><td>Sets the type of database file that is used to
  store passwords</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
                </a></th><td><code>AuthDBMType default|SDBM|GDBM|NDBM|DB</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
                </a></th><td><code>AuthDBMType default</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                </a></th><td>mod_auth_dbm</td></tr><tr><th><a href="directive-dict.html#Compatibility">Compatibility:
                </a></th><td>Available in version 2.0.30 and later.</td></tr></table>
  
  <p>Sets the type of database file that is used to store the passwords.
  The default database type is determined at compile time.  The
  availability of other types of database files also depends on
  <a href="../install.html#dbm">compile-time settings</a>.</p>
  
  <p>It is crucial that whatever program you use to create your password
  files is configured to use the same type of database.</p>
  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDBMUserFile" id="AuthDBMUserFile">AuthDBMUserFile</a> <a name="authdbmuserfile" id="authdbmuserfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                </a></th><td>Sets thename of a database file containing the list of users and
  passwords for authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
                </a></th><td><code>AuthDBMUserFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                </a></th><td>mod_auth_dbm</td></tr></table>
      <p>The <code class="directive">AuthDBMUserFile</code> directive sets the
      name of a DBM file containing the list of users and passwords for
      user authentication. <var>File-path</var> is the absolute path to
      the user file.</p>
  
      <p>The user file is keyed on the username. The value for a user is
      the <code>crypt()</code> encrypted password, optionally followed
      by a colon and arbitrary data. The colon and the data following it
      will be ignored by the server.</p>
  
      <p>Security: make sure that the
      <code class="directive">AuthDBMUserFile</code> is stored outside the
      document tree of the web-server; do <em>not</em> put it in the
      directory that it protects. Otherwise, clients will be able to
      download the <code class="directive">AuthDBMUserFile</code>.</p>
  
      <p>Important compatibility note: The implementation of
      "dbmopen" in the apache modules reads the string length of the
      hashed values from the DBM data structures, rather than relying
      upon the string being NULL-appended. Some applications, such as
      the Netscape web server, rely upon the string being
      NULL-appended, so if you are having trouble using DBM files
      interchangeably between applications this may be a part of the
      problem.</p>
  
      <p>A perl script called
      <a href="../programs/dbmmanage.html">dbmmanage</a> is included with
      Apache. This program can be used to create and update DBM
      format password files for use with this module.</p>
  </div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
  
  
  1.1                  httpd-2.0/docs/manual/mod/obs_mod_auth_digest.html.en
  
  Index: obs_mod_auth_digest.html.en
  ===================================================================
  <?xml version="1.0" encoding="ISO-8859-1"?>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
                This file is generated from xml source: DO NOT EDIT
          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        --><title>mod_auth_digest - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs-project/">Documentation</a> &gt; <a href="../">Version 2.0</a> &gt; <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Obsolete Apache Module mod_auth_digest</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description:
                    </a></th><td>User authentication using MD5
      Digest Authentication.</td></tr><tr><th><a href="module-dict.html#Status">Status:
                    </a></th><td>Obsolete<em> (obsolete since 2.0.44)</em><br /></td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:
                    </a></th><td>auth_digest_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File:
                    </a></th><td>mod_auth_digest.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
                    </a></th><td>Available only in versions up to 2.0.43. The new module
  that unfortunately is also named <code class="module"><a href="../mod/mod_auth_digest.html">mod_auth_digest</a></code>
  includes support for the auth provider mechanism introduced
  in 2.0.44.</td></tr></table><h3>Summary</h3>
      <div class="warning"><h3>This module is obsolete!</h3>
      <p>Note, that this module has been marked as obsolete. A bunch
      of modules was introduced in Apache version 2.0.44 that
      support the new Authentication/Authorization provider mechnism.</p>
  
      <p>In order to get the ability of HTTP Digest Authentication, you have
      to use the new <code class="module"><a href="../mod/mod_auth_digest.html">mod_auth_digest</a></code> module that implements
      the HTTP part. The user and group data management is provided by the
      <code>mod_authn_*</code> and <code>mod_authz_*</code> modules. If you
      want to use your existing user files, have a look at <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code>.</p>
  
      <p>This document is kept only for historical reasons and no
      longer maintained.</p>
      </div>
  
      <p>This module implements HTTP Digest Authentication.  However, it
      has not been extensively tested and is therefore marked
      experimental.</p>
  </div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authdigestalgorithm">AuthDigestAlgorithm</a></li>
  <li><img alt="" src="../images/down.gif" /> <a href="#authdigestdomain">AuthDigestDomain</a></li>
  <li><img alt="" src="../images/down.gif" /> <a href="#authdigestfile">AuthDigestFile</a></li>
  <li><img alt="" src="../images/down.gif" /> <a href="#authdigestgroupfile">AuthDigestGroupFile</a></li>
  <li><img alt="" src="../images/down.gif" /> <a href="#authdigestnccheck">AuthDigestNcCheck</a></li>
  <li><img alt="" src="../images/down.gif" /> <a href="#authdigestnonceformat">AuthDigestNonceFormat</a></li>
  <li><img alt="" src="../images/down.gif" /> <a href="#authdigestnoncelifetime">AuthDigestNonceLifetime</a></li>
  <li><img alt="" src="../images/down.gif" /> <a href="#authdigestqop">AuthDigestQop</a></li>
  </ul><h3>Topics</h3><ul id="topics"><li><img alt="" src="../images/down.gif" /> <a href="#using">Using Digest Authentication</a></li></ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="using" id="using">Using Digest Authentication</a></h2>
  
      <p>Using MD5 Digest authentication is very simple. Simply set
      up authentication normally, using "AuthType Digest" and
      "AuthDigestFile" instead of the normal "AuthType Basic" and
      "AuthUserFile"; also, replace any "AuthGroupFile" with
      "AuthDigestGroupFile". Then add a "AuthDigestDomain" directive
      containing at least the root URI(s) for this protection space.
      Example:</p>
  
      <div class="example"><p><code>
        &lt;Location /private/&gt;<br />
        <span class="indent">
          AuthType Digest<br />
          AuthName "private area"<br />
          AuthDigestDomain /private/ http://mirror.my.dom/private2/<br />
          AuthDigestFile /web/auth/.digest_pw<br />
          Require valid-user<br />
        </span>
        &lt;/Location&gt;
      </code></p></div>
  
      <div class="note"><h3>Note</h3> 
      <p>Digest authentication provides a more secure password system
      than Basic authentication, but only works with supporting
      browsers. As of July 2002, the major browsers that support digest
      authentication are <a href="http://www.opera.com/">Opera</a>, <a href="http://www.microsoft.com/windows/ie/">MS Internet
      Explorer</a> (fails when used with a query string), <a href="http://www.w3.org/Amaya/">Amaya</a> and <a href="http://www.mozilla.org">Mozilla</a>.  Since digest
      authentication is not as widely implemented as basic
      authentication, you should use it only in controlled settings.</p>
      </div>
  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestAlgorithm" id="AuthDigestAlgorithm">AuthDigestAlgorithm</a> <a name="authdigestalgorithm" id="authdigestalgorithm">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                </a></th><td>Selects the algorithm used to calculate the challenge and
  response hases in digest authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
                </a></th><td><code>AuthDigestAlgorithm MD5|MD5-sess</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
                </a></th><td><code>AuthDigestAlgorithm MD5</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                </a></th><td>mod_auth_digest</td></tr></table>
      <p>The <code class="directive">AuthDigestAlgorithm</code> directive
      selects the algorithm used to calculate the challenge and response
      hashes.</p>
  
      <div class="note">
        <code>MD5-sess</code> is not correctly implemented yet.
      </div>
      
  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestDomain" id="AuthDigestDomain">AuthDigestDomain</a> <a name="authdigestdomain" id="authdigestdomain">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                </a></th><td>URIs that are in the same protection space for digest
  authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
                </a></th><td><code>AuthDigestDomain <var>URI</var> [<var>URI</var>] ...</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                </a></th><td>mod_auth_digest</td></tr></table>
      <p>The <code class="directive">AuthDigestDomain</code> directive allows
      you to specify one or more URIs which are in the same protection
      space (i.e. use the same realm and username/password info). The
      specified URIs are prefixes, i.e. the client will assume that all
      URIs "below" these are also protected by the same
      username/password. The URIs may be either absolute URIs
      (i.e. inluding a scheme, host, port, etc) or relative URIs.</p>
  
      <p>This directive <em>should</em> always be specified and
      contain at least the (set of) root URI(s) for this space.
      Omitting to do so will cause the client to send the
      Authorization header for <em>every request</em> sent to this
      server. Apart from increasing the size of the request, it may
      also have a detrimental effect on performance if
      "AuthDigestNcCheck" is on.</p>
  
      <p>The URIs specified can also point to different servers, in
      which case clients (which understand this) will then share
      username/password info across multiple servers without
      prompting the user each time. </p>
  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestFile" id="AuthDigestFile">AuthDigestFile</a> <a name="authdigestfile" id="authdigestfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                </a></th><td>Location of the text file containing the list
  of users and encoded passwords for digest authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
                </a></th><td><code>AuthDigestFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                </a></th><td>mod_auth_digest</td></tr></table>
      <p>The <code class="directive">AuthDigestFile</code> directive sets the
      name of a textual file containing the list of users and encoded
      passwords for digest authentication. <var>File-path</var> is the
      absolute path to the user file.</p>
  
      <p>The digest file uses a special format. Files in this format
      can be created using the <a href="../programs/htdigest.html">htdigest</a> utility found in
      the support/ subdirectory of the Apache distribution.</p>
  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestGroupFile" id="AuthDigestGroupFile">AuthDigestGroupFile</a> <a name="authdigestgroupfile" id="authdigestgroupfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                </a></th><td>Name of the text file containing the list of groups
  for digest authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
                </a></th><td><code>AuthDigestGroupFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                </a></th><td>mod_auth_digest</td></tr></table>
      <p>The <code class="directive">AuthDigestGroupFile</code> directive sets
      the name of a textual file containing the list of groups and their
      members (user names). <var>File-path</var> is the absolute path to
      the group file.</p>
  
      <p>Each line of the group file contains a groupname followed by
      a colon, followed by the member usernames separated by spaces.
      Example:</p>
  
      <div class="example"><p><code>mygroup: bob joe anne</code></p></div>
  
      <p>Note that searching large text files is <em>very</em>
      inefficient.</p>
  
      <p>Security: make sure that the AuthGroupFile is stored outside
      the document tree of the web-server; do <em>not</em> put it in
      the directory that it protects. Otherwise, clients will be able
      to download the AuthGroupFile.</p>
  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestNcCheck" id="AuthDigestNcCheck">AuthDigestNcCheck</a> <a name="authdigestnccheck" id="authdigestnccheck">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                </a></th><td>Enables or disables checking of the nonce-count sent by the
  server</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
                </a></th><td><code>AuthDigestNcCheck On|Off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
                </a></th><td><code>AuthDigestNcCheck Off</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                </a></th><td>server config</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                </a></th><td>mod_auth_digest</td></tr></table>
      <div class="note">
        Not implemented yet.
      </div>
      
  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestNonceFormat" id="AuthDigestNonceFormat">AuthDigestNonceFormat</a> <a name="authdigestnonceformat" id="authdigestnonceformat">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                </a></th><td>Determines how the nonce is generated</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
                </a></th><td><code>AuthDigestNonceFormat <var>format</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                </a></th><td>mod_auth_digest</td></tr></table>
      <p><strong>Not implemented yet.</strong> 
      </p>
  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestNonceLifetime" id="AuthDigestNonceLifetime">AuthDigestNonceLifetime</a> <a name="authdigestnoncelifetime" id="authdigestnoncelifetime">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                </a></th><td>How long the server nonce is valid</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
                </a></th><td><code>AuthDigestNonceLifetime <var>seconds</var></code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
                </a></th><td><code>AuthDigestNonceLifetime 300</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                </a></th><td>mod_auth_digest</td></tr></table>
      <p>The <code class="directive">AuthDigestNonceLifetime</code> directive
      controls how long the server nonce is valid. When the client
      contacts the server using an expired nonce the server will send
      back a 401 with <code>stale=true</code>. If <var>seconds</var> is
      greater than 0 then it specifies the amount of time for which the
      nonce is valid; this should probably never be set to less than 10
      seconds. If <var>seconds</var> is less than 0 then the nonce never
      expires. 
      </p>
  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestQop" id="AuthDigestQop">AuthDigestQop</a> <a name="authdigestqop" id="authdigestqop">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                </a></th><td>Determines the quality-of-protection to use in digest
  authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
                </a></th><td><code>AuthDigestQop none|auth|auth-int [auth|auth-int]</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
                </a></th><td><code>AuthDigestQop auth</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                </a></th><td>mod_auth_digest</td></tr></table>
      <p>The <code class="directive">AuthDigestQop</code> directive determines
      the quality-of-protection to use. <code>auth</code> will only do
      authentication (username/password); <code>auth-int</code> is
      authentication plus integrity checking (an MD5 hash of the entity
      is also computed and checked); <code>none</code> will cause the module
      to use the old RFC-2069 digest algorithm (which does not include
      integrity checking). Both <code>auth</code> and <code>auth-int</code> may
      be specified, in which the case the browser will choose which of
      these to use. <code>none</code> should only be used if the browser for
      some reason does not like the challenge it receives otherwise.</p>
  
      <div class="note">
        <code>auth-int</code> is not implemented yet.
      </div>
  </div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
  
  

Mime
View raw message