httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n.@apache.org
Subject cvs commit: httpd-2.0/docs/manual/mod mod_authn_default.html.en mod_authz_default.html.en mod_authz_user.html.en directives.html.en index.html.en mod_auth_basic.html.en mod_auth_digest.html.en mod_authn_anon.html.en mod_authn_dbm.html.en mod_authn_file.html.en mod_authz_dbm.html.en mod_authz_groupfile.html.en mod_authz_host.html.en quickreference.html.en
Date Mon, 09 Dec 2002 22:27:20 GMT
nd          2002/12/09 14:27:19

  Modified:    docs/manual sitemap.html.en
               docs/manual/mod directives.html.en index.html.en
                        mod_auth_basic.html.en mod_auth_digest.html.en
                        mod_authn_anon.html.en mod_authn_dbm.html.en
                        mod_authn_file.html.en mod_authz_dbm.html.en
                        mod_authz_groupfile.html.en mod_authz_host.html.en
                        quickreference.html.en
  Added:       docs/manual/mod mod_authn_default.html.en
                        mod_authz_default.html.en mod_authz_user.html.en
  Log:
  update transformation
  
  Revision  Changes    Path
  1.26      +3 -0      httpd-2.0/docs/manual/sitemap.html.en
  
  Index: sitemap.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/sitemap.html.en,v
  retrieving revision 1.25
  retrieving revision 1.26
  diff -u -r1.25 -r1.26
  --- sitemap.html.en	5 Dec 2002 17:11:18 -0000	1.25
  +++ sitemap.html.en	9 Dec 2002 22:27:15 -0000	1.26
  @@ -98,10 +98,13 @@
   <li><a href="mod/mod_auth_ldap.html">Apache Module mod_auth_ldap</a></li>
   <li><a href="mod/mod_authn_anon.html">Apache Module mod_authn_anon</a></li>
   <li><a href="mod/mod_authn_dbm.html">Apache Module mod_authn_dbm</a></li>
  +<li><a href="mod/mod_authn_default.html">Apache Module mod_authn_default</a></li>
   <li><a href="mod/mod_authn_file.html">Apache Module mod_authn_file</a></li>
   <li><a href="mod/mod_authz_dbm.html">Apache Module mod_authz_dbm</a></li>
  +<li><a href="mod/mod_authz_default.html">Apache Module mod_authz_default</a></li>
   <li><a href="mod/mod_authz_groupfile.html">Apache Module mod_authz_groupfile</a></li>
   <li><a href="mod/mod_authz_host.html">Apache Module mod_authz_host</a></li>
  +<li><a href="mod/mod_authz_user.html">Apache Module mod_authz_user</a></li>
   <li><a href="mod/mod_autoindex.html">Apache Module mod_autoindex</a></li>
   <li><a href="mod/mod_cache.html">Apache Module mod_cache</a></li>
   <li><a href="mod/mod_cern_meta.html">Apache Module mod_cern_meta</a></li>
  
  
  
  1.32      +5 -3      httpd-2.0/docs/manual/mod/directives.html.en
  
  Index: directives.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/directives.html.en,v
  retrieving revision 1.31
  retrieving revision 1.32
  diff -u -r1.31 -r1.32
  --- directives.html.en	5 Dec 2002 15:18:34 -0000	1.31
  +++ directives.html.en	9 Dec 2002 22:27:15 -0000	1.32
  @@ -45,7 +45,6 @@
   <li><a href="mod_proxy.html#allowconnect">AllowCONNECT</a></li>
   <li><a href="core.html#allowoverride">AllowOverride</a></li>
   <li><a href="mod_authn_anon.html#anonymous">Anonymous</a></li>
  -<li><a href="mod_authn_anon.html#anonymous_authoritative">Anonymous_Authoritative</a></li>
   <li><a href="mod_authn_anon.html#anonymous_logemail">Anonymous_LogEmail</a></li>
   <li><a href="mod_authn_anon.html#anonymous_mustgiveemail">Anonymous_MustGiveEmail</a></li>
   <li><a href="mod_authn_anon.html#anonymous_nouserid">Anonymous_NoUserID</a></li>
  @@ -56,14 +55,15 @@
   <li><a href="mod_authz_dbm.html#authdbmgroupfile">AuthDBMGroupFile</a></li>
   <li><a href="mod_authn_dbm.html#authdbmtype">AuthDBMType</a></li>
   <li><a href="mod_authn_dbm.html#authdbmuserfile">AuthDBMUserFile</a></li>
  +<li><a href="mod_authn_default.html#authdefaultauthoritative">AuthDefaultAuthoritative</a></li>
   <li><a href="mod_auth_digest.html#authdigestalgorithm">AuthDigestAlgorithm</a></li>
   <li><a href="mod_auth_digest.html#authdigestdomain">AuthDigestDomain</a></li>
  -<li><a href="mod_auth_digest.html#authdigestfile">AuthDigestFile</a></li>
  -<li><a href="mod_auth_digest.html#authdigestgroupfile">AuthDigestGroupFile</a></li>
   <li><a href="mod_auth_digest.html#authdigestnccheck">AuthDigestNcCheck</a></li>
   <li><a href="mod_auth_digest.html#authdigestnonceformat">AuthDigestNonceFormat</a></li>
   <li><a href="mod_auth_digest.html#authdigestnoncelifetime">AuthDigestNonceLifetime</a></li>
  +<li><a href="mod_auth_digest.html#authdigestprovider">AuthDigestProvider</a></li>
   <li><a href="mod_auth_digest.html#authdigestqop">AuthDigestQop</a></li>
  +<li><a href="mod_auth_digest.html#authdigestshmemsize">AuthDigestShmemSize</a></li>
   <li><a href="mod_authz_groupfile.html#authgroupfile">AuthGroupFile</a></li>
   <li><a href="mod_auth_ldap.html#authldapauthoritative">AuthLDAPAuthoritative</a></li>
   <li><a href="mod_auth_ldap.html#authldapbinddn">AuthLDAPBindDN</a></li>
  @@ -82,7 +82,9 @@
   <li><a href="mod_authn_file.html#authuserfile">AuthUserFile</a></li>
   <li><a href="mod_authz_dbm.html#authzdbmauthoritative">AuthzDBMAuthoritative</a></li>
   <li><a href="mod_authz_dbm.html#authzdbmtype">AuthzDBMType</a></li>
  +<li><a href="mod_authz_default.html#authzdefaultauthoritative">AuthzDefaultAuthoritative</a></li>
   <li><a href="mod_authz_groupfile.html#authzgroupfileauthoritative">AuthzGroupFileAuthoritative</a></li>
  +<li><a href="mod_authz_user.html#authzuserauthoritative">AuthzUserAuthoritative</a></li>
   <li><a href="mod_setenvif.html#browsermatch" id="B" name="B">BrowserMatch</a></li>
   <li><a href="mod_setenvif.html#browsermatchnocase">BrowserMatchNoCase</a></li>
   <li><a href="mod_cache.html#cachedefaultexpire" id="C" name="C">CacheDefaultExpire</a></li>
  
  
  
  1.28      +3 -0      httpd-2.0/docs/manual/mod/index.html.en
  
  Index: index.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/index.html.en,v
  retrieving revision 1.27
  retrieving revision 1.28
  diff -u -r1.27 -r1.28
  --- index.html.en	5 Dec 2002 15:18:34 -0000	1.27
  +++ index.html.en	9 Dec 2002 22:27:16 -0000	1.28
  @@ -39,11 +39,14 @@
   <dt><a href="mod_authn_anon.html">mod_authn_anon</a></dt><dd>Allows "anonymous" user access to authenticated
       areas</dd>
   <dt><a href="mod_authn_dbm.html">mod_authn_dbm</a></dt><dd>User authentication using DBM files</dd>
  +<dt><a href="mod_authn_default.html">mod_authn_default</a></dt><dd>Authentication fallback module</dd>
   <dt><a href="mod_authn_file.html">mod_authn_file</a></dt><dd>User authentication using text files</dd>
   <dt><a href="mod_authz_dbm.html">mod_authz_dbm</a></dt><dd>Group authorization using DBM files</dd>
  +<dt><a href="mod_authz_default.html">mod_authz_default</a></dt><dd>Authorization fallback module</dd>
   <dt><a href="mod_authz_groupfile.html">mod_authz_groupfile</a></dt><dd>Group authorization using plaintext files</dd>
   <dt><a href="mod_authz_host.html">mod_authz_host</a></dt><dd>Group authorizations based on host (name or IP
   address)</dd>
  +<dt><a href="mod_authz_user.html">mod_authz_user</a></dt><dd>User Authorization</dd>
   <dt><a href="mod_autoindex.html">mod_autoindex</a></dt><dd>Generates directory indexes,
       automatically, similar to the Unix <code>ls</code> command or the
       Win32 <code>dir</code> shell command</dd>
  
  
  
  1.7       +33 -19    httpd-2.0/docs/manual/mod/mod_auth_basic.html.en
  
  Index: mod_auth_basic.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_auth_basic.html.en,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- mod_auth_basic.html.en	5 Dec 2002 17:04:11 -0000	1.6
  +++ mod_auth_basic.html.en	9 Dec 2002 22:27:16 -0000	1.7
  @@ -10,30 +10,27 @@
                     </a></th><td>auth_basic_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File:
                     </a></th><td>mod_auth_basic.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
                     </a></th><td>Available in Apache 2.1 and later</td></tr></table><h3>Summary</h3>
  -
       <p>This module allows the use of HTTP Basic Authentication to
       restrict access by looking up users in the given providers.
       HTTP Digest Authentication is provided by
       <code class="module"><a href="../mod/mod_auth_digest.html">mod_auth_digest</a></code>.</p>
  -
   </div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authbasicauthoritative">AuthBasicAuthoritative</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#authbasicprovider">AuthBasicProvider</a></li>
   </ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthBasicAuthoritative" id="AuthBasicAuthoritative">AuthBasicAuthoritative</a> <a name="authbasicauthoritative" id="authbasicauthoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
  -              </a></th><td>Sets whether authorization and authentication are
  -passed to lower level modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
  -              </a></th><td><code>AuthBasicAuthoritative on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
  -              </a></th><td><code>AuthBasicAuthoritative on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
  +              </a></th><td>Sets whether authorization and authentication are passed to
  +lower level modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
  +              </a></th><td><code>AuthBasicAuthoritative On|Off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
  +              </a></th><td><code>AuthBasicAuthoritative On</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                 </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                 </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                 </a></th><td>Base</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                 </a></th><td>mod_auth_basic</td></tr></table>
       <p>Setting the <code class="directive">AuthBasicAuthoritative</code> directive
  -    explicitly to <strong>'off'</strong> allows for both
  +    explicitly to <code>Off</code> allows for both
       authentication and authorization to be passed on to lower level
  -    modules (as defined in the <code>Configuration</code> and
  -    <code>modules.c</code> files) if there is <strong>no
  -    userID</strong> or <strong>rule</strong> matching the supplied
  -    userID. If there is a userID and/or rule specified; the usual
  +    modules (as defined in the <code>modules.c</code> files) if there is
  +    <strong>no userID</strong> or <strong>rule</strong> matching the
  +    supplied userID. If there is a userID and/or rule specified, the usual
       password and access checks will be applied and a failure will give
       an Authorization Required reply.</p>
   
  @@ -43,22 +40,39 @@
       will verify the credentials; and no access is passed on;
       regardless of the AuthAuthoritative setting.</p>
   
  -    <p>By default; control is not passed on; and an unknown userID or
  +    <p>By default control is not passed on and an unknown userID or
       rule will result in an Authorization Required reply. Not setting
  -    it thus keeps the system secure; and forces an NCSA compliant
  +    it thus keeps the system secure and forces an NCSA compliant
       behaviour.</p>
  -
   </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthBasicProvider" id="AuthBasicProvider">AuthBasicProvider</a> <a name="authbasicprovider" id="authbasicprovider">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                 </a></th><td>Sets the authentication provider(s) for this location</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
  -              </a></th><td><code>AuthBasicProvider <em>provider-name</em></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
  -              </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
  -              </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
  +              </a></th><td><code>AuthBasicProvider On|Off|<var>provider-name</var>
  +[<var>provider-name</var>] ...</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
  +              </a></th><td><code>AuthBasicProvider On</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
  +              </a></th><td>directory</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                 </a></th><td>Base</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                 </a></th><td>mod_auth_basic</td></tr></table>
       <p>The <code class="directive">AuthBasicProvider</code> directive sets 
  -    which provider is used to authenticate the users for this location.</p>
  +    which provider is used to authenticate the users for this location.
  +    Setting the value to <code>On</code> will choose the default provider
  +    (<code>file</code>). Since the <code>file</code> provider is implemented
  +    by the <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code> module, you have to make sure,
  +    that the module is present in the server.</p>
  +
  +    <div class="example"><h3>Example</h3><p><code>
  +      &lt;Location /secure&gt;<br />
  +      <span class="indent">
  +        AuthBasicProvider  dbm<br />
  +        AuthDBMType        SDBM<br />
  +        AuthDBMUserFile    /www/etc/dbmpasswd<br />
  +        Require            valid-user<br />
  +      </span>
  +      &lt;/Location&gt;
  +    </code></p></div>
   
  -    <p>See <code class="module"><a href="../mod/mod_authn_dbm.html">mod_authn_dbm</a></code>, <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code>
  +    <p>See <code class="module"><a href="../mod/mod_authn_dbm.html">mod_authn_dbm</a></code> and <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code>
       for providers.</p>
   
  +    <p>The value <code>Off</code> clears the provider list and sets it back
  +    to the default.</p>
   </div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
  
  
  
  1.15      +71 -60    httpd-2.0/docs/manual/mod/mod_auth_digest.html.en
  
  Index: mod_auth_digest.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_auth_digest.html.en,v
  retrieving revision 1.14
  retrieving revision 1.15
  diff -u -r1.14 -r1.15
  --- mod_auth_digest.html.en	5 Dec 2002 15:18:34 -0000	1.14
  +++ mod_auth_digest.html.en	9 Dec 2002 22:27:16 -0000	1.15
  @@ -10,34 +10,39 @@
                     </a></th><td>Experimental</td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:
                     </a></th><td>auth_digest_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File:
                     </a></th><td>mod_auth_digest.c</td></tr></table><h3>Summary</h3>
  -    <p>This module implements HTTP Digest Authentication.  However, it
  +    <p>This module implements HTTP Digest Authentication. However, it
       has not been extensively tested and is therefore marked
       experimental.</p>
   </div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authdigestalgorithm">AuthDigestAlgorithm</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#authdigestdomain">AuthDigestDomain</a></li>
  -<li><img alt="" src="../images/down.gif" /> <a href="#authdigestfile">AuthDigestFile</a></li>
  -<li><img alt="" src="../images/down.gif" /> <a href="#authdigestgroupfile">AuthDigestGroupFile</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#authdigestnccheck">AuthDigestNcCheck</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#authdigestnonceformat">AuthDigestNonceFormat</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#authdigestnoncelifetime">AuthDigestNonceLifetime</a></li>
  +<li><img alt="" src="../images/down.gif" /> <a href="#authdigestprovider">AuthDigestProvider</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#authdigestqop">AuthDigestQop</a></li>
  +<li><img alt="" src="../images/down.gif" /> <a href="#authdigestshmemsize">AuthDigestShmemSize</a></li>
   </ul><h3>Topics</h3><ul id="topics"><li><img alt="" src="../images/down.gif" /> <a href="#using">Using Digest Authentication</a></li></ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="using" id="using">Using Digest Authentication</a></h2>
   
       <p>Using MD5 Digest authentication is very simple. Simply set
  -    up authentication normally, using "AuthType Digest" and
  -    "AuthDigestFile" instead of the normal "AuthType Basic" and
  -    "AuthUserFile"; also, replace any "AuthGroupFile" with
  -    "AuthDigestGroupFile". Then add a "AuthDigestDomain" directive
  -    containing at least the root URI(s) for this protection space.
  -    Example:</p>
  +    up authentication normally, using <code>AuthType Digest</code> and
  +    <code class="directive"><a href="#authdigestprovider">AuthDigestProvider</a></code>
  +    instead of the normal <code>AuthType Basic</code> and
  +    <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code>.
  +    Then add a <code class="directive"><a href="#authdigestdomain">AuthDigestDomain</a></code> directive containing at least the root
  +    URI(s) for this protection space.</p>
   
  -    <div class="example"><p><code>
  +    <p>Appropriate user (text) files can be created using the
  +    <a href="../programs/htdigest.html">htdigest</a> tool.</p>
  +
  +    <div class="example"><h3>Example:</h3><p><code>
         &lt;Location /private/&gt;<br />
         <span class="indent">
           AuthType Digest<br />
           AuthName "private area"<br />
           AuthDigestDomain /private/ http://mirror.my.dom/private2/<br />
  -        AuthDigestFile /web/auth/.digest_pw<br />
  +	<br />
  +	AuthDigestProvider file<br />
  +        AuthUserFile /web/auth/.digest_pw<br />
           Require valid-user<br />
         </span>
         &lt;/Location&gt;
  @@ -46,11 +51,11 @@
       <div class="note"><h3>Note</h3> 
       <p>Digest authentication provides a more secure password system
       than Basic authentication, but only works with supporting
  -    browsers. As of July 2002, the major browsers that support digest
  +    browsers. As of November 2002, the major browsers that support digest
       authentication are <a href="http://www.opera.com/">Opera</a>, <a href="http://www.microsoft.com/windows/ie/">MS Internet
  -    Explorer</a> (fails when used with a query string), <a href="http://www.w3.org/Amaya/">Amaya</a> and <a href="http://www.mozilla.org">Mozilla</a>.  Since digest
  +    Explorer</a> (fails when used with a query string), <a href="http://www.w3.org/Amaya/">Amaya</a>, <a href="http://www.mozilla.org">Mozilla</a> and <a href="http://channels.netscape.com/ns/browsers/download.jsp">Netscape</a> since version 7. Since digest
       authentication is not as widely implemented as basic
  -    authentication, you should use it only in controlled settings.</p>
  +    authentication, you should use it only in controlled environments.</p>
       </div>
   </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestAlgorithm" id="AuthDigestAlgorithm">AuthDigestAlgorithm</a> <a name="authdigestalgorithm" id="authdigestalgorithm">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                 </a></th><td>Selects the algorithm used to calculate the challenge and
  @@ -97,48 +102,6 @@
       which case clients (which understand this) will then share
       username/password info across multiple servers without
       prompting the user each time. </p>
  -</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestFile" id="AuthDigestFile">AuthDigestFile</a> <a name="authdigestfile" id="authdigestfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
  -              </a></th><td>Location of the text file containing the list
  -of users and encoded passwords for digest authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
  -              </a></th><td><code>AuthDigestFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
  -              </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
  -              </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
  -              </a></th><td>Experimental</td></tr><tr><th><a href="directive-dict.html#Module">Module:
  -              </a></th><td>mod_auth_digest</td></tr></table>
  -    <p>The <code class="directive">AuthDigestFile</code> directive sets the
  -    name of a textual file containing the list of users and encoded
  -    passwords for digest authentication. <var>File-path</var> is the
  -    absolute path to the user file.</p>
  -
  -    <p>The digest file uses a special format. Files in this format
  -    can be created using the <a href="../programs/htdigest.html">htdigest</a> utility found in
  -    the support/ subdirectory of the Apache distribution.</p>
  -</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestGroupFile" id="AuthDigestGroupFile">AuthDigestGroupFile</a> <a name="authdigestgroupfile" id="authdigestgroupfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
  -              </a></th><td>Name of the text file containing the list of groups
  -for digest authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
  -              </a></th><td><code>AuthDigestGroupFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
  -              </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
  -              </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
  -              </a></th><td>Experimental</td></tr><tr><th><a href="directive-dict.html#Module">Module:
  -              </a></th><td>mod_auth_digest</td></tr></table>
  -    <p>The <code class="directive">AuthDigestGroupFile</code> directive sets
  -    the name of a textual file containing the list of groups and their
  -    members (user names). <var>File-path</var> is the absolute path to
  -    the group file.</p>
  -
  -    <p>Each line of the group file contains a groupname followed by
  -    a colon, followed by the member usernames separated by spaces.
  -    Example:</p>
  -
  -    <div class="example"><p><code>mygroup: bob joe anne</code></p></div>
  -
  -    <p>Note that searching large text files is <em>very</em>
  -    inefficient.</p>
  -
  -    <p>Security: make sure that the AuthGroupFile is stored outside
  -    the document tree of the web-server; do <em>not</em> put it in
  -    the directory that it protects. Otherwise, clients will be able
  -    to download the AuthGroupFile.</p>
   </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestNcCheck" id="AuthDigestNcCheck">AuthDigestNcCheck</a> <a name="authdigestnccheck" id="authdigestnccheck">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                 </a></th><td>Enables or disables checking of the nonce-count sent by the
   server</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
  @@ -158,8 +121,8 @@
                 </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                 </a></th><td>Experimental</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                 </a></th><td>mod_auth_digest</td></tr></table>
  -    <p><strong>Not implemented yet.</strong> 
  -    </p>
  +    <div class="note">Not implemented yet.</div>
  +    
   </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestNonceLifetime" id="AuthDigestNonceLifetime">AuthDigestNonceLifetime</a> <a name="authdigestnoncelifetime" id="authdigestnoncelifetime">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                 </a></th><td>How long the server nonce is valid</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
                 </a></th><td><code>AuthDigestNonceLifetime <var>seconds</var></code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
  @@ -177,6 +140,26 @@
       seconds. If <var>seconds</var> is less than 0 then the nonce never
       expires. 
       </p>
  +</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestProvider" id="AuthDigestProvider">AuthDigestProvider</a> <a name="authdigestprovider" id="authdigestprovider">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
  +              </a></th><td>Sets the authentication provider(s) for this location</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
  +              </a></th><td><code>AuthDigestProvider On|Off|<var>provider-name</var>
  +[<var>provider-name</var>] ...</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
  +              </a></th><td><code>AuthBasicProvider On</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
  +              </a></th><td>directory</td></tr><tr><th><a href="directive-dict.html#Status">Status:
  +              </a></th><td>Experimental</td></tr><tr><th><a href="directive-dict.html#Module">Module:
  +              </a></th><td>mod_auth_digest</td></tr></table>
  +    <p>The <code class="directive">AuthDigestProvider</code> directive sets 
  +    which provider is used to authenticate the users for this location.
  +    Setting the value to <code>On</code> will choose the default provider
  +    (<code>file</code>). Since the <code>file</code> provider is implemented
  +    by the <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code> module, you have to make sure,
  +    that the module is present in the server.</p>
  +
  +    <p>See <code class="module"><a href="../mod/mod_authn_dbm.html">mod_authn_dbm</a></code> and <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code>
  +    for providers.</p>
  +
  +    <p>The value <code>Off</code> clears the provider list and sets it back
  +    to the default.</p>
   </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestQop" id="AuthDigestQop">AuthDigestQop</a> <a name="authdigestqop" id="authdigestqop">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                 </a></th><td>Determines the quality-of-protection to use in digest
   authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
  @@ -187,8 +170,8 @@
                 </a></th><td>Experimental</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                 </a></th><td>mod_auth_digest</td></tr></table>
       <p>The <code class="directive">AuthDigestQop</code> directive determines
  -    the quality-of-protection to use. <code>auth</code> will only do
  -    authentication (username/password); <code>auth-int</code> is
  +    the <dfn>quality-of-protection</dfn> to use. <code>auth</code> will
  +    only do authentication (username/password); <code>auth-int</code> is
       authentication plus integrity checking (an MD5 hash of the entity
       is also computed and checked); <code>none</code> will cause the module
       to use the old RFC-2069 digest algorithm (which does not include
  @@ -200,4 +183,32 @@
       <div class="note">
         <code>auth-int</code> is not implemented yet.
       </div>
  +</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestShmemSize" id="AuthDigestShmemSize">AuthDigestShmemSize</a> <a name="authdigestshmemsize" id="authdigestshmemsize">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
  +              </a></th><td>The amount of shared memory to allocate for keeping track
  +of clients</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
  +              </a></th><td><code>AuthDigestShmemSize <var>size</var></code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
  +              </a></th><td><code>AuthDigestShmemSize 1000</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
  +              </a></th><td>server config</td></tr><tr><th><a href="directive-dict.html#Status">Status:
  +              </a></th><td>Experimental</td></tr><tr><th><a href="directive-dict.html#Module">Module:
  +              </a></th><td>mod_auth_digest</td></tr></table>
  +    <p>The <code class="directive">AuthDigestShmemSize</code> directive defines
  +    the amount of shared memory, that will be allocated at the server
  +    startup for keeping track of clients. Note that the shared memory
  +    segment cannot be set less than the space that is neccessary for
  +    tracking at least <em>one</em> client. This value is dependant on your
  +    system. If you want to find out the exact value, you may simply
  +    set <code class="directive">AuthDigestShmemSize</code> to the value of
  +    <code>0</code> and read the error message after trying to start the
  +    server.</p>
  +
  +    <p>The <var>size</var> is normally expressed in Bytes, but you
  +    may let the number follow a <code>K</code> or an <code>M</code> to
  +    express your value as KBytes or MBytes. For example, the following
  +    directives are all equivalent:</p>
  +
  +    <div class="example"><p><code>
  +      AuthDigestShmemSize 1048576<br />
  +      AuthDigestShmemSize 1024K<br />
  +      AuthDigestShmemSize 1M<br />
  +    </code></p></div>
   </div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
  
  
  
  1.6       +56 -75    httpd-2.0/docs/manual/mod/mod_authn_anon.html.en
  
  Index: mod_authn_anon.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_authn_anon.html.en,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- mod_authn_anon.html.en	5 Dec 2002 17:04:11 -0000	1.5
  +++ mod_authn_anon.html.en	9 Dec 2002 22:27:16 -0000	1.6
  @@ -11,8 +11,9 @@
                     </a></th><td>authn_anon_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File:
                     </a></th><td>mod_authn_anon.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
                     </a></th><td>Available in Apache 2.1 and later</td></tr></table><h3>Summary</h3>
  -    <p>This module does access control in a manner similar to
  -    anonymous-ftp sites; <em>i.e.</em> have a 'magic' user id
  +    <p>This module provides authentication front-ends such as
  +    <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code> to authenticate users similar
  +    to anonymous-ftp sites, <em>i.e.</em> have a 'magic' user id
       'anonymous' and the email address as a password. These email
       addresses can be logged.</p>
   
  @@ -23,29 +24,30 @@
       tracking is that, unlike magic-cookies and funny URL
       pre/postfixes, it is completely browser independent and it
       allows users to share URLs.</p>
  +
  +    <p>When using <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code>, this module is invoked
  +    via the <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code>
  +    directive with the <code>anon</code> value.</p>
   </div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#anonymous">Anonymous</a></li>
  -<li><img alt="" src="../images/down.gif" /> <a href="#anonymous_authoritative">Anonymous_Authoritative</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#anonymous_logemail">Anonymous_LogEmail</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#anonymous_mustgiveemail">Anonymous_MustGiveEmail</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#anonymous_nouserid">Anonymous_NoUserID</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#anonymous_verifyemail">Anonymous_VerifyEmail</a></li>
  -</ul><h3>Topics</h3><ul id="topics"><li><img alt="" src="../images/down.gif" /> Example</li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2>Example</h2>
  -
  -    <p>The example below (when combined with the Auth directives of a
  -    htpasswd-file based (or GDM, mSQL <em>etc.</em>) base access
  -    control system allows users in as 'guests' with the following
  -    properties:</p>
  +</ul><h3>Topics</h3><ul id="topics"><li><img alt="" src="../images/down.gif" /> <a href="#example">Example</a></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="example" id="example">Example</a></h2>
  +    <p>The example below is combined with "normal" htpasswd-file based
  +    authentication and allows users in additionally as 'guests' with the
  +    following properties:</p>
   
       <ul>
         <li>It insists that the user enters a userId.
  -      (<code>Anonymous_NoUserId</code>)</li>
  +      (<code class="directive"><a href="#anonymous_nouserid">Anonymous_NoUserId</a></code>)</li>
   
         <li>It insists that the user enters a password.
  -      (<code>Anonymous_MustGiveEmail</code>)</li>
  +      (<code class="directive"><a href="#anonymous_mustgiveemail">Anonymous_MustGiveEmail</a></code>)</li>
   
  -      <li>The password entered must be a valid email address, ie.
  +      <li>The password entered must be a valid email address, <em>i.e.</em>
         contain at least one '@' and a '.'.
  -      (<code>Anonymous_VerifyEmail</code>)</li>
  +      (<code class="directive"><a href="#anonymous_verifyemail">Anonymous_VerifyEmail</a></code>)</li>
   
         <li>The userID must be one of <code>anonymous guest www test
         welcome</code> and comparison is <strong>not</strong> case
  @@ -53,38 +55,34 @@
   
         <li>And the Email addresses entered in the passwd field are
         logged to the error log file
  -      (<code>Anonymous_LogEmail</code>)</li>
  +      (<code class="directive"><a href="#anonymous_logemail">Anonymous_LogEmail</a></code>)</li>
       </ul>
   
  -    <p>Excerpt of httpd.conf:</p>
  -
  -<div class="example"><p><code>
  -       Anonymous_NoUserId off<br />
  -       Anonymous_MustGiveEmail on<br />
  -       Anonymous_VerifyEmail on<br />
  -       Anonymous_LogEmail on<br />
  -       Anonymous anonymous guest www test welcome<br />
  -<br />
  -      AuthName "Use 'anonymous' &amp; Email address for
  -      guest entry"<br />
  -      AuthType basic<br />
  -<br />
  -       # An
  -      AuthUserFile/AuthDBMUserFile<br />
  -       # directive must be specified, or use<br />
  -       # Anonymous_Authoritative for public access.<br />
  -       # In the .htaccess for the public directory, add:<br />
  -       &lt;Files *&gt;<br />
  -       Order Deny,Allow<br />
  -       Allow from all<br />
  -<br />
  -       Require valid-user<br />
  -       &lt;/Files&gt;<br />
  -</code></p></div>
  +    <div class="example"><h3>Example</h3><p><code>
  +      &lt;Directory /foo&gt;
  +      <span class="indent">
  +        AuthName "Use 'anonymous' &amp; Email address for guest entry"<br />
  +        AuthType Basic<br />
  +        AuthBasicProvider file anon<br />
  +        AuthUserFile /path/to/your/.htpasswd<br />
  +	<br />
  +        Anonymous_NoUserId off<br />
  +        Anonymous_MustGiveEmail on<br />
  +        Anonymous_VerifyEmail on<br />
  +        Anonymous_LogEmail on<br />
  +        Anonymous anonymous guest www test welcome<br />
  +        <br />
  +        Order Deny,Allow<br />
  +        Allow from all<br />
  +        <br />
  +        Require valid-user<br />
  +      </span>
  +      &lt;/Directory&gt;
  +    </code></p></div>
   </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous" id="Anonymous">Anonymous</a> <a name="anonymous" id="anonymous">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                 </a></th><td>Specifies userIDs that areallowed access without
   password verification</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
  -              </a></th><td><code>Anonymous <em>user</em> [<em>user</em>] ...</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
  +              </a></th><td><code>Anonymous <var>user</var> [<var>user</var>] ...</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                 </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                 </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                 </a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:
  @@ -96,50 +94,33 @@
   
       <p>Please note that the comparison is
       <strong>case-IN-sensitive</strong>.<br />
  -     I strongly suggest that the magic username
  +    It's strongly recommended that the magic username
       '<code>anonymous</code>' is always one of the allowed
       userIDs.</p>
   
  -    <p>Example:</p>
  -<div class="example"><p><code>Anonymous anonymous "Not Registered" 'I don\'t know'</code></p></div>
  +    <div class="example"><h3>Example:</h3><p><code>
  +      Anonymous anonymous "Not Registered" "I don't know"
  +    </code></p></div>
   
       <p>This would allow the user to enter without password
  -    verification by using the userId's 'anonymous',
  -    'AnonyMous','Not Registered' and 'I Don't Know'.</p>
  -</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous_Authoritative" id="Anonymous_Authoritative">Anonymous_Authoritative</a> <a name="anonymous_authoritative" id="anonymous_authoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
  -              </a></th><td>Configures if authorization will fall-through
  -to other methods</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
  -              </a></th><td><code>Anonymous_Authoritative on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
  -              </a></th><td><code>Anonymous_Authoritative off</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
  -              </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
  -              </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
  -              </a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:
  -              </a></th><td>mod_authn_anon</td></tr></table>
  -    <p>When set 'on', there is no fall-through to other authorization
  -    methods. So if a userID does not match the values specified in the
  -    <code class="directive"><a href="#anonymous">Anonymous</a></code> directive,
  -    access is denied.</p>
  -
  -    <p>Be sure you know what you are doing when you decide to
  -    switch it on. And remember that it is the linking order of the
  -    modules (in the Configuration / Make file) which details the
  -    order in which the Authorization modules are queried.</p>
  +    verification by using the userIDs "anonymous",
  +    "AnonyMous", "Not Registered" and "I Don't Know".</p>
   </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous_LogEmail" id="Anonymous_LogEmail">Anonymous_LogEmail</a> <a name="anonymous_logemail" id="anonymous_logemail">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                 </a></th><td>Sets whether the password entered will be logged in the
   error log</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
  -              </a></th><td><code>Anonymous_LogEmail on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
  -              </a></th><td><code>Anonymous_LogEmail on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
  +              </a></th><td><code>Anonymous_LogEmail On|Off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
  +              </a></th><td><code>Anonymous_LogEmail On</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                 </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                 </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                 </a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                 </a></th><td>mod_authn_anon</td></tr></table>
  -    <p>When set <code>on</code>, the default, the 'password' entered
  +    <p>When set <code>On</code>, the default, the 'password' entered
       (which hopefully contains a sensible email address) is logged in
       the error log.</p>
   </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous_MustGiveEmail" id="Anonymous_MustGiveEmail">Anonymous_MustGiveEmail</a> <a name="anonymous_mustgiveemail" id="anonymous_mustgiveemail">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                 </a></th><td>Specifies whether blank passwords are allowed</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
  -              </a></th><td><code>Anonymous_MustGiveEmail on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
  -              </a></th><td><code>Anonymous_MustGiveEmail on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
  +              </a></th><td><code>Anonymous_MustGiveEmail On|Off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
  +              </a></th><td><code>Anonymous_MustGiveEmail On</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                 </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                 </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                 </a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:
  @@ -148,26 +129,26 @@
       the password. This prohibits blank passwords.</p>
   </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous_NoUserID" id="Anonymous_NoUserID">Anonymous_NoUserID</a> <a name="anonymous_nouserid" id="anonymous_nouserid">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                 </a></th><td>Sets whether the userID field may be empty</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
  -              </a></th><td><code>Anonymous_NoUserID on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
  -              </a></th><td><code>Anonymous_NoUserID off</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
  +              </a></th><td><code>Anonymous_NoUserID On|Off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
  +              </a></th><td><code>Anonymous_NoUserID Off</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                 </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                 </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                 </a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                 </a></th><td>mod_authn_anon</td></tr></table>
  -    <p>When set <code>on</code>, users can leave the userID (and
  +    <p>When set <code>On</code>, users can leave the userID (and
       perhaps the password field) empty. This can be very convenient for
       MS-Explorer users who can just hit return or click directly on the
       OK button; which seems a natural reaction.</p>
   </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Anonymous_VerifyEmail" id="Anonymous_VerifyEmail">Anonymous_VerifyEmail</a> <a name="anonymous_verifyemail" id="anonymous_verifyemail">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                 </a></th><td>Sets whether to check the password field for a correctly
   formatted email address</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
  -              </a></th><td><code>Anonymous_VerifyEmail on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
  -              </a></th><td><code>Anonymous_VerifyEmail off</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
  +              </a></th><td><code>Anonymous_VerifyEmail On|Off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
  +              </a></th><td><code>Anonymous_VerifyEmail Off</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                 </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                 </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                 </a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                 </a></th><td>mod_authn_anon</td></tr></table>
  -    <p>When set <code>on</code> the 'password' entered is checked for
  +    <p>When set <code>On</code> the 'password' entered is checked for
       at least one '@' and a '.' to encourage users to enter valid email
  -    addresses (see the above <code class="directive"><a href="#auth_logemail">Auth_LogEmail</a></code>).</p>
  +    addresses (see the above <code class="directive"><a href="#anonymous_logemail">Anonymous_LogEmail</a></code>).</p>
   </div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
  
  
  
  1.7       +15 -16    httpd-2.0/docs/manual/mod/mod_authn_dbm.html.en
  
  Index: mod_authn_dbm.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_authn_dbm.html.en,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- mod_authn_dbm.html.en	5 Dec 2002 17:04:11 -0000	1.6
  +++ mod_authn_dbm.html.en	9 Dec 2002 22:27:16 -0000	1.7
  @@ -12,14 +12,15 @@
                     </a></th><td>Available in Apache 2.1 and later</td></tr></table><h3>Summary</h3>
       <p>This module provides authentication front-ends such as
       <code class="module"><a href="../mod/mod_auth_digest.html">mod_auth_digest</a></code> and <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code>
  -    to authenticate users by looking up users in plain text password files.
  -    Similar functionality is provided by <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code>.</p>
  +    to authenticate users by looking up users in <dfn>dbm</dfn> password
  +    files. Similar functionality is provided by
  +    <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code>.</p>
   
       <p>When using <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code> or
       <code class="module"><a href="../mod/mod_auth_digest.html">mod_auth_digest</a></code>, this module is invoked via the
       <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code> or
       <code class="directive"><a href="../mod/mod_auth_digest.html#authdigestprovider">AuthDigestProvider</a></code>
  -    with the 'dbm' value.</p>
  +    with the <code>dbm</code> value.</p>
   </div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authdbmtype">AuthDBMType</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#authdbmuserfile">AuthDBMUserFile</a></li>
   </ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li><li>
  @@ -34,27 +35,25 @@
                 </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                 </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                 </a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:
  -              </a></th><td>mod_authn_dbm</td></tr><tr><th><a href="directive-dict.html#Compatibility">Compatibility:
  -              </a></th><td>Available in version 2.0.30 and later.</td></tr></table>
  -
  -<p>Sets the type of database file that is used to store the passwords.
  -The default database type is determined at compile time.  The
  -availability of other types of database files also depends on
  -<a href="../install.html#dbm">compile-time settings</a>.</p>
  +              </a></th><td>mod_authn_dbm</td></tr></table>
  +    <p>Sets the type of database file that is used to store the passwords.
  +    The default database type is determined at compile time.  The
  +    availability of other types of database files also depends on
  +    <a href="../install.html#dbm">compile-time settings</a>.</p>
   
  -<p>It is crucial that whatever program you use to create your password
  -files is configured to use the same type of database.</p>
  +    <p>It is crucial that whatever program you use to create your password
  +    files is configured to use the same type of database.</p>
   </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDBMUserFile" id="AuthDBMUserFile">AuthDBMUserFile</a> <a name="authdbmuserfile" id="authdbmuserfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                 </a></th><td>Sets the name of a database file containing the list of users and
   passwords for authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
  -              </a></th><td><code>AuthDBMUserFile <em>file-path</em></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
  +              </a></th><td><code>AuthDBMUserFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                 </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                 </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                 </a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                 </a></th><td>mod_authn_dbm</td></tr></table>
       <p>The <code class="directive">AuthDBMUserFile</code> directive sets the
       name of a DBM file containing the list of users and passwords for
  -    user authentication. <em>File-path</em> is the absolute path to
  +    user authentication. <var>File-path</var> is the absolute path to
       the user file.</p>
   
       <p>The user file is keyed on the username. The value for a user is
  @@ -69,8 +68,8 @@
       download the <code class="directive">AuthDBMUserFile</code>.</p>
   
       <p>Important compatibility note: The implementation of
  -    "dbmopen" in the apache modules reads the string length of the
  -    hashed values from the DBM data structures, rather than relying
  +    <code>dbmopen</code> in the apache modules reads the string length of
  +    the hashed values from the DBM data structures, rather than relying
       upon the string being NULL-appended. Some applications, such as
       the Netscape web server, rely upon the string being
       NULL-appended, so if you are having trouble using DBM files
  
  
  
  1.7       +39 -26    httpd-2.0/docs/manual/mod/mod_authn_file.html.en
  
  Index: mod_authn_file.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_authn_file.html.en,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- mod_authn_file.html.en	5 Dec 2002 17:04:11 -0000	1.6
  +++ mod_authn_file.html.en	9 Dec 2002 22:27:16 -0000	1.7
  @@ -10,7 +10,6 @@
                     </a></th><td>authn_file_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File:
                     </a></th><td>mod_authn_file.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
                     </a></th><td>Available in Apache 2.1 and later</td></tr></table><h3>Summary</h3>
  -
       <p>This module provides authentication front-ends such as
       <code class="module"><a href="../mod/mod_auth_digest.html">mod_auth_digest</a></code> and <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code>
       to authenticate users by looking up users in plain text password files.
  @@ -20,53 +19,67 @@
       <code class="module"><a href="../mod/mod_auth_digest.html">mod_auth_digest</a></code>, this module is invoked via the
       <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code> or
       <code class="directive"><a href="../mod/mod_auth_digest.html#authdigestprovider">AuthDigestProvider</a></code>
  -    with the 'file' value.</p>
  -
  +    with the <code>file</code> value.</p>
   </div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authuserfile">AuthUserFile</a></li>
  -</ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li><li>
  +</ul><h3>See also</h3><ul class="seealso"><li>
     <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code>
   </li><li>
     <code class="directive"><a href="../mod/mod_auth_digest.html#authdigestprovider">AuthDigestProvider</a></code>
  -</li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthUserFile" id="AuthUserFile">AuthUserFile</a> <a name="authuserfile" id="authuserfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
  +</li><li><a href="../programs/htpasswd.html">htpasswd</a></li><li><a href="../programs/htdigest.html">htdigest</a></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthUserFile" id="AuthUserFile">AuthUserFile</a> <a name="authuserfile" id="authuserfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                 </a></th><td>Sets the name of a text file containing the list of users and
   passwords for authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
  -              </a></th><td><code>AuthUserFile <em>file-path</em></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
  +              </a></th><td><code>AuthUserFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                 </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                 </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                 </a></th><td>Base</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                 </a></th><td>mod_authn_file</td></tr></table>
       <p>The <code class="directive">AuthUserFile</code> directive sets the name
       of a textual file containing the list of users and passwords for
  -    user authentication. <em>File-path</em> is the path to the user
  -    file. If it is not absolute (<em>i.e.</em>, if it doesn't begin
  -    with a slash), it is treated as relative to the <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.</p>
  +    user authentication. <var>File-path</var> is the path to the user
  +    file. If it is not absolute, it is treated as relative to the
  +    <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.</p>
   
       <p>Each line of the user file contains a username followed by
  -    a colon, followed by the <code>crypt()</code> encrypted
  -    password. The behavior of multiple occurrences of the same user is
  -    undefined.</p>
  +    a colon, followed by the encrypted password. If the same user
  +    ID is defined multiple times, <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code> will
  +    use the first occurrence to verify the password.</p>
   
       <p>The utility <a href="../programs/htpasswd.html">htpasswd</a>
       which is installed as part of the binary distribution, or which
       can be found in <code>src/support</code>, is used to maintain
  -    this password file. See the <code>man</code> page for more
  -    details. In short:</p>
  -
  -    <p>Create a password file 'Filename' with 'username' as the
  -    initial ID. It will prompt for the password:</p>
  -    <div class="example"><p><code>htpasswd -c Filename username</code></p></div>
  -
  -    <p>Add or modify 'username2' in the password file 'Filename':</p>
  -    <div class="example"><p><code>htpasswd Filename username2</code></p></div>
  +    the password file for <em>HTTP Basic Authentication</em>. See the
  +    <a href="../programs/htpasswd.html">man page</a> for more details.
  +    In short:</p>
  +
  +    <p>Create a password file <code>Filename</code> with
  +    <code>username</code> as the initial ID. It will prompt for
  +    the password:</p>
  +
  +    <div class="example"><p><code>
  +      htpasswd -c Filename username
  +    </code></p></div>
  +
  +    <p>Add or modify <code>username2</code> in the password file
  +    <code>Filename</code>:</p>
  +
  +    <div class="example"><p><code>
  +      htpasswd Filename username2
  +    </code></p></div>
   
       <p>Note that searching large text files is <em>very</em>
       inefficient; <code class="directive"><a href="../mod/mod_authn_dbm.html#authdbmuserfile">AuthDBMUserFile</a></code> should be used
       instead.</p>
   
  -    <div class="note"><h3>Security</h3>
  -    <p>Make sure that the <code class="directive">AuthUserFile</code> is
  -	stored outside the document tree of the web-server; do <em>not</em>
  -	put it in the directory that it protects. Otherwise, clients will
  -	be able to download the <code class="directive">AuthUserFile</code>.</p>
  +    <p>If you are using <em>HTTP Digest Authentication</em>, the <a href="../programs/htpasswd.html">htpasswd</a> tool is not sufficient.
  +    You have to use <a href="../programs/htdigest.html">htdigest</a>
  +    instead. Note that you cannot mix user data for Digest Authentication
  +    and Basic Authentication within the same file.</p>
  +
  +    <div class="warning"><h3>Security</h3>
  +      <p>Make sure that the <code class="directive">AuthUserFile</code> is
  +      stored outside the document tree of the web-server. Do
  +      <strong>not</strong> put it in the directory that it protects.
  +      Otherwise, clients may be able to download the
  +      <code class="directive">AuthUserFile</code>.</p>
       </div>
   </div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
  
  
  
  1.6       +49 -47    httpd-2.0/docs/manual/mod/mod_authz_dbm.html.en
  
  Index: mod_authz_dbm.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_authz_dbm.html.en,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- mod_authz_dbm.html.en	5 Dec 2002 17:04:11 -0000	1.5
  +++ mod_authz_dbm.html.en	9 Dec 2002 22:27:16 -0000	1.6
  @@ -20,14 +20,14 @@
   </ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDBMGroupFile" id="AuthDBMGroupFile">AuthDBMGroupFile</a> <a name="authdbmgroupfile" id="authdbmgroupfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                 </a></th><td>Sets the name of the database file containing the list
   of user groups for authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
  -              </a></th><td><code>AuthDBMGroupFile <em>file-path</em></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
  +              </a></th><td><code>AuthDBMGroupFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                 </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                 </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                 </a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                 </a></th><td>mod_authz_dbm</td></tr></table>
       <p>The <code class="directive">AuthDBMGroupFile</code> directive sets the
       name of a DBM file containing the list of user groups for user
  -    authentication.  <em>File-path</em> is the absolute path to the
  +    authentication.  <var>File-path</var> is the absolute path to the
       group file.</p>
   
       <p>The group file is keyed on the username. The value for a
  @@ -35,12 +35,14 @@
       belongs. There must be no whitespace within the value, and it
       must never contain any colons.</p>
   
  -    <p>Security: make sure that the
  -    <code class="directive">AuthDBMGroupFile</code> is stored outside the
  -    document tree of the web-server; do <em>not</em> put it in the
  -    directory that it protects. Otherwise, clients will be able to
  -    download the <code class="directive">AuthDBMGroupFile</code> unless
  -    otherwise protected.</p>
  +    <div class="warning"><h3>Security</h3>
  +      <p>Make sure that the <code class="directive">AuthDBMGroupFile</code> is
  +      stored outside the document tree of the web-server. Do
  +      <strong>not</strong> put it in the directory that it protects.
  +      Otherwise, clients will be able to download the
  +      <code class="directive">AuthDBMGroupFile</code> unless otherwise
  +      protected.</p>
  +    </div>
   
       <p>Combining Group and Password DBM files: In some cases it is
       easier to manage a single database which contains both the
  @@ -50,41 +52,40 @@
       accomplished by first setting the group and password files to
       point to the same DBM:</p>
   
  -<div class="example"><p><code>
  -AuthDBMGroupFile /www/userbase<br />
  -AuthDBMUserFile /www/userbase
  -</code></p></div>
  +    <div class="example"><p><code>
  +      AuthDBMGroupFile /www/userbase<br />
  +      AuthDBMUserFile /www/userbase
  +    </code></p></div>
   
       <p>The key for the single DBM is the username. The value consists
       of</p>
   
  -<div class="example"><p><code>Unix Crypt-ed Password : List of Groups [ : (ignored)
  -      ]</code></p></div>
  +    <div class="example"><p><code>
  +      Encrypted Password : List of Groups [ : (ignored) ]
  +    </code></p></div>
   
  -    <p>The password section contains the Unix <code>crypt()</code>
  +    <p>The password section contains the encrypted
       password as before. This is followed by a colon and the comma
       separated list of groups. Other data may optionally be left in the
       DBM file after another colon; it is ignored by the authentication
       module. This is what www.telescope.org uses for its combined
       password and group database.</p>
   </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthzDBMAuthoritative" id="AuthzDBMAuthoritative">AuthzDBMAuthoritative</a> <a name="authzdbmauthoritative" id="authzdbmauthoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
  -              </a></th><td>Sets whether authorization will be passed on to lower level modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
  -              </a></th><td><code>AuthzDBMAuthoritative on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
  -              </a></th><td><code>AuthzDBMAuthoritative on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
  +              </a></th><td>Sets whether authorization will be passed on to lower level
  +modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
  +              </a></th><td><code>AuthzDBMAuthoritative On|Off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
  +              </a></th><td><code>AuthzDBMAuthoritative On</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                 </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                 </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                 </a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                 </a></th><td>mod_authz_dbm</td></tr></table>
  -
       <p>Setting the <code class="directive">AuthzDBMAuthoritative</code>
  -    directive explicitly to <strong>'off'</strong> allows for both
  -    authentication and authorization to be passed on to lower level
  -    modules (as defined in the <code>Configuration</code> and
  -    <code>modules.c</code> file if there is <strong>no userID</strong>
  -    or <strong>rule</strong> matching the supplied userID. If there is
  -    a userID and/or rule specified; the usual password and access
  -    checks will be applied and a failure will give an Authorization
  -    Required reply.</p>
  +    directive explicitly to <code>Off</code> allows group authorization
  +    to be passed on to lower level modules (as defined in the
  +    <code>modules.c</code> file) if there is no group found
  +    for the the supplied userID. If there are any groups
  +    specified, the usual checks will be applied and a failure will
  +    give an Authentication Required reply.</p>
   
       <p>So if a userID appears in the database of more than one module;
       or if a valid <code class="directive"><a href="../mod/core.html#require">Require</a></code>
  @@ -93,21 +94,24 @@
       regardless of the <code class="directive">AuthAuthoritative</code> setting.</p>
   
       <p>A common use for this is in conjunction with one of the
  -    auth providers; such as <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code>. Whereas this
  -    DBM module supplies the bulk of the user credential checking; a
  -    few (administrator) related accesses fall through to a lower
  -    level with a well protected .htpasswd file.</p>
  +    auth providers; such as <code class="module"><a href="../mod/mod_authn_dbm.html">mod_authn_dbm</a></code> or
  +    <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code>. Whereas this DBM module supplies
  +    the bulk of the user credential checking; a few (administrator) related
  +    accesses fall through to a lower level with a well protected
  +    <code>.htpasswd</code> file.</p>
   
  -    <p>By default, control is not passed on and an unknown userID
  -    or rule will result in an Authorization Required reply. Not
  +    <p>By default, control is not passed on and an unknown group
  +    will result in an Authentication Required reply. Not
       setting it thus keeps the system secure and forces an NCSA
       compliant behaviour.</p>
   
  -    <p>Security: Do consider the implications of allowing a user to
  -    allow fall-through in his .htaccess file; and verify that this
  -    is really what you want; Generally it is easier to just secure
  -    a single .htpasswd file, than it is to secure a database which
  -    might have more access interfaces.</p>
  +    <div class="warning"><h3>Security</h3>
  +      <p>Do consider the implications of allowing a user to
  +      allow fall-through in his .htaccess file; and verify that this
  +      is really what you want; Generally it is easier to just secure
  +      a single <code>.htpasswd</code> file, than it is to secure a
  +      database which might have more access interfaces.</p>
  +    </div>
   </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthzDBMType" id="AuthzDBMType">AuthzDBMType</a> <a name="authzdbmtype" id="authzdbmtype">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                 </a></th><td>Sets the type of database file that is used to
   store passwords</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
  @@ -116,14 +120,12 @@
                 </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                 </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                 </a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:
  -              </a></th><td>mod_authz_dbm</td></tr><tr><th><a href="directive-dict.html#Compatibility">Compatibility:
  -              </a></th><td>Available in version 2.0.30 and later.</td></tr></table>
  -
  -<p>Sets the type of database file that is used to store the passwords.
  -The default database type is determined at compile time.  The
  -availability of other types of database files also depends on
  -<a href="../install.html#dbm">compile-time settings</a>.</p>
  +              </a></th><td>mod_authz_dbm</td></tr></table>
  +    <p>Sets the type of database file that is used to store the passwords.
  +    The default database type is determined at compile time.  The
  +    availability of other types of database files also depends on
  +    <a href="../install.html#dbm">compile-time settings</a>.</p>
   
  -<p>It is crucial that whatever program you use to create your password
  -files is configured to use the same type of database.</p>
  +    <p>It is crucial that whatever program you use to create your password
  +    files is configured to use the same type of database.</p>
   </div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
  
  
  
  1.6       +36 -44    httpd-2.0/docs/manual/mod/mod_authz_groupfile.html.en
  
  Index: mod_authz_groupfile.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_authz_groupfile.html.en,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- mod_authz_groupfile.html.en	5 Dec 2002 17:04:11 -0000	1.5
  +++ mod_authz_groupfile.html.en	9 Dec 2002 22:27:16 -0000	1.6
  @@ -6,78 +6,70 @@
           XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
         --><title>mod_authz_groupfile - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.1</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs-project/">Documentation</a> &gt; <a href="../">Version 2.1</a> &gt; <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Apache Module mod_authz_groupfile</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description:
                     </a></th><td>Group authorization using plaintext files</td></tr><tr><th><a href="module-dict.html#Status">Status:
  -                  </a></th><td>Extension</td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:
  +                  </a></th><td>Base</td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:
                     </a></th><td>authz_groupfile_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File:
                     </a></th><td>mod_authz_groupfile.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
                     </a></th><td>Available in Apache 2.1 and later</td></tr></table><h3>Summary</h3>
       <p>This module provides authorization capabilities so that
  -       authenticated users can be allowed or denied access to portions
  -       of the web site by group membership. Similar functionality is
  -       provided by <code class="module"><a href="../mod/mod_authz_dbm.html">mod_authz_dbm</a></code>.</p>
  +    authenticated users can be allowed or denied access to portions
  +    of the web site by group membership. Similar functionality is
  +    provided by <code class="module"><a href="../mod/mod_authz_dbm.html">mod_authz_dbm</a></code>.</p>
   </div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authgroupfile">AuthGroupFile</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#authzgroupfileauthoritative">AuthzGroupFileAuthoritative</a></li>
   </ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthGroupFile" id="AuthGroupFile">AuthGroupFile</a> <a name="authgroupfile" id="authgroupfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                 </a></th><td>Sets the name of a text file containing the list
   of user groups for authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
  -              </a></th><td><code>AuthGroupFile <em>file-path</em></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
  +              </a></th><td><code>AuthGroupFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                 </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                 </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
  -              </a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:
  +              </a></th><td>Base</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                 </a></th><td>mod_authz_groupfile</td></tr></table>
       <p>The <code class="directive">AuthGroupFile</code> directive sets the
       name of a textual file containing the list of user groups for user
  -    authentication.  <em>File-path</em> is the path to the group
  -    file. If it is not absolute (<em>i.e.</em>, if it doesn't begin
  -    with a slash), it is treated as relative to the <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.</p>
  +    authentication. <var>File-path</var> is the path to the group
  +    file. If it is not absolute, it is treated as relative to the <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.</p>
   
       <p>Each line of the group file contains a groupname followed by a
  -    colon, followed by the member usernames separated by spaces.
  -    Example:</p> 
  +    colon, followed by the member usernames separated by spaces.</p>
   
  -    <div class="example"><p><code>mygroup: bob joe anne</code></p></div> 
  +    <div class="example"><h3>Example:</h3><p><code>
  +      mygroup: bob joe anne
  +    </code></p></div> 
   
       <p>Note that searching large text files is <em>very</em>
  -    inefficient; <code class="directive"><a href="../mod/mod_authz_dbm.html#authdbmgroupfile">AuthDBMGroupFile</a></code> should be used
  -    instead.</p>
  +    inefficient; <code class="directive"><a href="../mod/mod_authz_dbm.html#authdbmgroupfile">AuthDBMGroupFile</a></code> provides a much better performance.</p>
   
  -    <div class="note"><h3>Security</h3>
  -    <p>Make sure that the <code class="directive">AuthGroupFile</code> is
  -	stored outside the document tree of the web-server; do <em>not</em>
  -	put it in the directory that it protects. Otherwise, clients will
  -	be able to download the <code class="directive">AuthGroupFile</code>.</p>
  +    <div class="warning"><h3>Security</h3>
  +      <p>Make sure that the <code class="directive">AuthGroupFile</code> is
  +      stored outside the document tree of the web-server; do <em>not</em>
  +      put it in the directory that it protects. Otherwise, clients may
  +      be able to download the <code class="directive">AuthGroupFile</code>.</p>
       </div>
   </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthzGroupFileAuthoritative" id="AuthzGroupFileAuthoritative">AuthzGroupFileAuthoritative</a> <a name="authzgroupfileauthoritative" id="authzgroupfileauthoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
  -              </a></th><td>Sets whether authorization will be passed on to lower level modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
  -              </a></th><td><code>AuthzGroupFileAuthoritative on|off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
  -              </a></th><td><code>AuthzGroupFileAuthoritative on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
  +              </a></th><td>Sets whether authorization will be passed on to lower level
  +modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
  +              </a></th><td><code>AuthzGroupFileAuthoritative On|Off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
  +              </a></th><td><code>AuthzGroupFileAuthoritative On</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                 </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                 </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
  -              </a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module:
  +              </a></th><td>Base</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                 </a></th><td>mod_authz_groupfile</td></tr></table>
  -
       <p>Setting the <code class="directive">AuthzGroupFileAuthoritative</code>
  -    directive explicitly to <strong>'off'</strong> allows for
  -    authorization to be passed on to lower level modules (as defined in
  -    the <code>Configuration</code> and <code>modules.c</code> file if
  -    there is <strong>no userID</strong> or <strong>rule</strong> matching
  -    the supplied userID. If there is a userID and/or rule specified; the
  -    usual password and access checks will be applied and a failure will
  -    give an Authorization Required reply.</p>
  -
  -    <p>So if a valid <code class="directive"><a href="../mod/core.html#require">Require</a></code>
  -    directive applies to more than one module; then the first module
  -    will verify the credentials; and no access is passed on;
  -    regardless of the <code class="directive">AuthzGroupFileAuthoritative</code>
  -    setting.</p>
  +    directive explicitly to <code>Off</code> allows for
  +    group authorization to be passed on to lower level modules (as defined
  +    in the <code>modules.c</code> files) if there is <strong>no
  +    group</strong> matching the supplied userID.</p>
   
  -    <p>By default, control is not passed on and an unknown userID
  -    or rule will result in an Authorization Required reply. Not
  +    <p>By default, control is not passed on and an unknown group
  +    will result in an Authentication Required reply. Not
       setting it thus keeps the system secure and forces an NCSA
       compliant behaviour.</p>
   
  -    <p>Security: Do consider the implications of allowing a user to
  -    allow fall-through in his .htaccess file; and verify that this
  -    is really what you want; Generally it is easier to just secure
  -    a single .htpasswd file, than it is to secure a database which
  -    might have more access interfaces.</p>
  +    <div class="warning"><h3>Security</h3>
  +      <p>Do consider the implications of allowing a user to
  +      allow fall-through in his <code>.htaccess</code> file; and verify
  +      that this is really what you want; Generally it is easier to just
  +      secure a single <code>.htpasswd</code> file, than it is to secure
  +      a database which might have more access interfaces.</p>
  +    </div>
   </div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
  
  
  
  1.6       +67 -54    httpd-2.0/docs/manual/mod/mod_authz_host.html.en
  
  Index: mod_authz_host.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_authz_host.html.en,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- mod_authz_host.html.en	5 Dec 2002 17:04:11 -0000	1.5
  +++ mod_authz_host.html.en	9 Dec 2002 22:27:16 -0000	1.6
  @@ -42,14 +42,12 @@
   </ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Allow" id="Allow">Allow</a> <a name="allow" id="allow">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                 </a></th><td>Controls which hosts can access an area of the
   server</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
  -              </a></th><td><code> Allow from
  -    all|<em>host</em>|env=<em>env-variable</em>
  -    [<em>host</em>|env=<em>env-variable</em>] ...</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
  +              </a></th><td><code> Allow from all|<var>host</var>|env=<var>env-variable</var>
  +[<var>host</var>|env=<var>env-variable</var>] ...</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                 </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                 </a></th><td>Limit</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                 </a></th><td>Base</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                 </a></th><td>mod_authz_host</td></tr></table>
  -
       <p>The <code class="directive">Allow</code> directive affects which hosts can
       access an area of the server. Access can be controlled by
       hostname, IP Address, IP Address range, or by other
  @@ -68,38 +66,52 @@
       <dl>
         <dt>A (partial) domain-name</dt>
   
  -      <dd>Example: <code>Allow from apache.org</code><br />
  -       Hosts whose names match, or end in, this string are allowed
  +      <dd>
  +      <div class="example"><h3>Example:</h3><p><code>
  +        Allow from apache.org
  +      </code></p></div>
  +      <p>Hosts whose names match, or end in, this string are allowed
         access. Only complete components are matched, so the above
         example will match <code>foo.apache.org</code> but it will
         not match <code>fooapache.org</code>. This configuration will
         cause the server to perform a reverse DNS lookup on the
         client IP address, regardless of the setting of the <code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code>
  -      directive.</dd>
  +      directive.</p></dd>
   
         <dt>A full IP address</dt>
   
  -      <dd>Example: <code>Allow from 10.1.2.3</code><br />
  -       An IP address of a host allowed access</dd>
  +      <dd>
  +      <div class="example"><h3>Example:</h3><p><code>
  +        Allow from 10.1.2.3
  +      </code></p></div>
  +      <p>An IP address of a host allowed access</p></dd>
   
         <dt>A partial IP address</dt>
   
  -      <dd>Example: <code>Allow from 10.1</code><br />
  -       The first 1 to 3 bytes of an IP address, for subnet
  -      restriction.</dd>
  +      <dd>
  +      <div class="example"><h3>Example:</h3><p><code>
  +        Allow from 10.1
  +      </code></p></div>
  +      <p>The first 1 to 3 bytes of an IP address, for subnet
  +      restriction.</p></dd>
   
         <dt>A network/netmask pair</dt>
   
  -      <dd>Example: <code>Allow from
  -      10.1.0.0/255.255.0.0</code><br />
  -       A network a.b.c.d, and a netmask w.x.y.z. For more
  -      fine-grained subnet restriction.</dd>
  +      <dd>
  +      <div class="example"><h3>Example:</h3><p><code>
  +        Allow from 10.1.0.0/255.255.0.0
  +      </code></p></div>
  +      <p>A network a.b.c.d, and a netmask w.x.y.z. For more
  +      fine-grained subnet restriction.</p></dd>
   
         <dt>A network/nnn CIDR specification</dt>
   
  -      <dd>Example: <code>Allow from 10.1.0.0/16</code><br />
  -       Similar to the previous case, except the netmask consists of
  -      nnn high-order 1 bits.</dd>
  +      <dd>
  +      <div class="example"><h3>Example:</h3><p><code>
  +        Allow from 10.1.0.0/16
  +      </code></p></div>
  +      <p>Similar to the previous case, except the netmask consists of
  +      nnn high-order 1 bits.</p></dd>
       </dl>
   
       <p>Note that the last three examples above match exactly the
  @@ -116,25 +128,26 @@
       <p>The third format of the arguments to the
       <code class="directive">Allow</code> directive allows access to the server
       to be controlled based on the existence of an <a href="../env.html">environment variable</a>. When <code>Allow from
  -    env=</code><em>env-variable</em> is specified, then the request is
  -    allowed access if the environment variable <em>env-variable</em>
  +    env=<var>env-variable</var></code> is specified, then the request is
  +    allowed access if the environment variable <var>env-variable</var>
       exists. The server provides the ability to set environment
       variables in a flexible way based on characteristics of the client
       request using the directives provided by
  -    <code class="module"><a href="../mod/mod_setenvif.html">mod_setenvif</a></code>.  Therefore, this directive can be
  +    <code class="module"><a href="../mod/mod_setenvif.html">mod_setenvif</a></code>. Therefore, this directive can be
       used to allow access based on such factors as the clients
       <code>User-Agent</code> (browser type), <code>Referer</code>, or
       other HTTP request header fields.</p>
   
  -<div class="example"><h3>Example:</h3><p><code>
  -
  -SetEnvIf User-Agent ^KnockKnock/2.0 let_me_in<br />
  -&lt;Directory /docroot&gt;<br />
  -      Order Deny,Allow<br />
  -      Deny from all<br />
  -      Allow from env=let_me_in<br />
  -&lt;/Directory&gt;
  -</code></p></div>
  +    <div class="example"><h3>Example:</h3><p><code>
  +      SetEnvIf User-Agent ^KnockKnock/2.0 let_me_in<br />
  +      &lt;Directory /docroot&gt;<br />
  +      <span class="indent">
  +        Order Deny,Allow<br />
  +        Deny from all<br />
  +        Allow from env=let_me_in<br />
  +      </span>
  +      &lt;/Directory&gt;
  +    </code></p></div>
   
       <p>In this case, browsers with a user-agent string beginning
       with <code>KnockKnock/2.0</code> will be allowed access, and all
  @@ -142,9 +155,8 @@
   </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="Deny" id="Deny">Deny</a> <a name="deny" id="deny">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                 </a></th><td>Controls which hosts are denied access to the
   server</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
  -              </a></th><td><code> Deny from
  -    all|<em>host</em>|env=<em>env-variable</em>
  -    [<em>host</em>|env=<em>env-variable</em>] ...</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
  +              </a></th><td><code> Deny from all|<var>host</var>|env=<var>env-variable</var>
  +[<var>host</var>|env=<var>env-variable</var>] ...</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                 </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                 </a></th><td>Limit</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                 </a></th><td>Base</td></tr><tr><th><a href="directive-dict.html#Module">Module:
  @@ -157,28 +169,27 @@
                 </a></th><td>Controls the default access state and the order in which
   Allow and Deny are
   evaluated.</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
  -              </a></th><td><code> Order <em>ordering</em></code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
  +              </a></th><td><code> Order <var>ordering</var></code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
                 </a></th><td><code>Order Deny,Allow</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                 </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                 </a></th><td>Limit</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                 </a></th><td>Base</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                 </a></th><td>mod_authz_host</td></tr></table>
  -
       <p>The <code class="directive">Order</code> directive controls the default
       access state and the order in which <code class="directive"><a href="#allow">Allow</a></code> and <code class="directive"><a href="#deny">Deny</a></code> directives are evaluated.
  -    <em>Ordering</em> is one of</p>
  +    <var>Ordering</var> is one of</p>
   
       <dl>
  -      <dt>Deny,Allow</dt>
  +      <dt><code>Deny,Allow</code></dt>
   
         <dd>The <code class="directive"><a href="#deny">Deny</a></code> directives
         are evaluated before the <code class="directive"><a href="#allow">Allow</a></code> directives. Access is
  -      allowed by default.  Any client which does not match a
  +      allowed by default. Any client which does not match a
         <code class="directive"><a href="#deny">Deny</a></code> directive or does
         match an <code class="directive"><a href="#allow">Allow</a></code>
         directive will be allowed access to the server.</dd>
   
  -      <dt>Allow,Deny</dt>
  +      <dt><code>Allow,Deny</code></dt>
   
         <dd>The <code class="directive"><a href="#allow">Allow</a></code>
         directives are evaluated before the <code class="directive"><a href="#deny">Deny</a></code> directives. Access is denied
  @@ -186,7 +197,7 @@
         <code class="directive"><a href="#deny">Deny</a></code> directive will be
         denied access to the server.</dd>
   
  -      <dt>Mutual-failure</dt>
  +      <dt><code>Mutual-failure</code></dt>
   
         <dd>Only those hosts which appear on the <code class="directive"><a href="#allow">Allow</a></code> list and do not appear on
         the <code class="directive"><a href="#deny">Deny</a></code> list are
  @@ -195,17 +206,17 @@
         configuration.</dd>
       </dl>
   
  -    <p>Keywords may only be separated by a comma; no whitespace is
  +    <p>Keywords may only be separated by a comma; <em>no whitespace</em> is
       allowed between them. Note that in all cases every <code class="directive"><a href="#allow">Allow</a></code> and <code class="directive"><a href="#deny">Deny</a></code> statement is evaluated.</p>
   
       <p>In the following example, all hosts in the apache.org domain
       are allowed access; all other hosts are denied access.</p>
   
  -<div class="example"><p><code>
  +    <div class="example"><p><code>
         Order Deny,Allow<br />
         Deny from all<br />
  -      Allow from apache.org<br />
  -</code></p></div>
  +      Allow from apache.org
  +    </code></p></div>
   
       <p>In the next example, all hosts in the apache.org domain are
       allowed access, except for the hosts which are in the
  @@ -213,11 +224,11 @@
       in the apache.org domain are denied access because the default
       state is to deny access to the server.</p>
   
  -<div class="example"><p><code>
  -       Order Allow,Deny<br />
  -       Allow from apache.org<br />
  -       Deny from foo.apache.org<br />
  -</code></p></div>
  +    <div class="example"><p><code>
  +      Order Allow,Deny<br />
  +      Allow from apache.org<br />
  +      Deny from foo.apache.org
  +    </code></p></div>
   
       <p>On the other hand, if the <code class="directive">Order</code> in the last
       example is changed to <code>Deny,Allow</code>, all hosts will
  @@ -232,13 +243,15 @@
       <p>The presence of an <code class="directive">Order</code> directive can affect
       access to a part of the server even in the absence of accompanying
       <code class="directive"><a href="#allow">Allow</a></code> and <code class="directive"><a href="#deny">Deny</a></code> directives because of its effect
  -    on the default access state.  For example,</p>
  +    on the default access state. For example,</p>
   
  -<div class="example"><p><code>
  +    <div class="example"><p><code>
         &lt;Directory /www&gt;<br />
  -        Order Allow,Deny<br />
  +      <span class="indent">
  +        Order Allow,Deny<br />
  +      </span>
         &lt;/Directory&gt;
  -</code></p></div>
  +    </code></p></div>
   
       <p>will deny all access to the <code>/www</code> directory
       because the default access state will be set to
  
  
  
  1.51      +35 -30    httpd-2.0/docs/manual/mod/quickreference.html.en
  
  Index: quickreference.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/quickreference.html.en,v
  retrieving revision 1.50
  retrieving revision 1.51
  diff -u -r1.50 -r1.51
  --- quickreference.html.en	5 Dec 2002 15:18:36 -0000	1.50
  +++ quickreference.html.en	9 Dec 2002 22:27:16 -0000	1.51
  @@ -90,50 +90,50 @@
   <tr><td><a href="mod_alias.html#aliasmatch">AliasMatch <var>regex</var>
   <var>file-path</var>|<var>directory-path</var></a></td><td /><td>sv</td><td>B</td></tr><tr><td class="descr" colspan="4">Maps URLs to filesystem locations using regular 
   expressions</td></tr>
  -<tr class="odd"><td><a href="mod_authz_host.html#allow"> Allow from
  -    all|<em>host</em>|env=<em>env-variable</em>
  -    [<em>host</em>|env=<em>env-variable</em>] ...</a></td><td /><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Controls which hosts can access an area of the
  +<tr class="odd"><td><a href="mod_authz_host.html#allow"> Allow from all|<var>host</var>|env=<var>env-variable</var>
  +[<var>host</var>|env=<var>env-variable</var>] ...</a></td><td /><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Controls which hosts can access an area of the
   server</td></tr>
   <tr><td><a href="mod_proxy.html#allowconnect">AllowCONNECT <em>port</em> [<em>port</em>] ...</a></td><td> 443 563 </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Ports that are allowed to <code>CONNECT</code> through
   the proxy</td></tr>
   <tr class="odd"><td><a href="core.html#allowoverride">AllowOverride All|None|<var>directive-type</var> 
   [<var>directive-type</var>] ...</a></td><td> All </td><td>d</td><td>C</td></tr><tr class="odd"><td class="descr" colspan="4">Types of directives that are allowed in
   .htaccess files</td></tr>
  -<tr><td><a href="mod_authn_anon.html#anonymous">Anonymous <em>user</em> [<em>user</em>] ...</a></td><td /><td>dh</td><td>E</td></tr><tr><td class="descr" colspan="4">Specifies userIDs that areallowed access without
  +<tr><td><a href="mod_authn_anon.html#anonymous">Anonymous <var>user</var> [<var>user</var>] ...</a></td><td /><td>dh</td><td>E</td></tr><tr><td class="descr" colspan="4">Specifies userIDs that areallowed access without
   password verification</td></tr>
  -<tr class="odd"><td><a href="mod_authn_anon.html#anonymous_authoritative">Anonymous_Authoritative on|off</a></td><td> off </td><td>dh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Configures if authorization will fall-through
  -to other methods</td></tr>
  -<tr><td><a href="mod_authn_anon.html#anonymous_logemail">Anonymous_LogEmail on|off</a></td><td> on </td><td>dh</td><td>E</td></tr><tr><td class="descr" colspan="4">Sets whether the password entered will be logged in the
  +<tr class="odd"><td><a href="mod_authn_anon.html#anonymous_logemail">Anonymous_LogEmail On|Off</a></td><td> On </td><td>dh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Sets whether the password entered will be logged in the
   error log</td></tr>
  -<tr class="odd"><td><a href="mod_authn_anon.html#anonymous_mustgiveemail">Anonymous_MustGiveEmail on|off</a></td><td> on </td><td>dh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Specifies whether blank passwords are allowed</td></tr>
  -<tr><td><a href="mod_authn_anon.html#anonymous_nouserid">Anonymous_NoUserID on|off</a></td><td> off </td><td>dh</td><td>E</td></tr><tr><td class="descr" colspan="4">Sets whether the userID field may be empty</td></tr>
  -<tr class="odd"><td><a href="mod_authn_anon.html#anonymous_verifyemail">Anonymous_VerifyEmail on|off</a></td><td> off </td><td>dh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Sets whether to check the password field for a correctly
  +<tr><td><a href="mod_authn_anon.html#anonymous_mustgiveemail">Anonymous_MustGiveEmail On|Off</a></td><td> On </td><td>dh</td><td>E</td></tr><tr><td class="descr" colspan="4">Specifies whether blank passwords are allowed</td></tr>
  +<tr class="odd"><td><a href="mod_authn_anon.html#anonymous_nouserid">Anonymous_NoUserID On|Off</a></td><td> Off </td><td>dh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Sets whether the userID field may be empty</td></tr>
  +<tr><td><a href="mod_authn_anon.html#anonymous_verifyemail">Anonymous_VerifyEmail On|Off</a></td><td> Off </td><td>dh</td><td>E</td></tr><tr><td class="descr" colspan="4">Sets whether to check the password field for a correctly
   formatted email address</td></tr>
  -<tr><td><a href="perchild.html#assignuserid">AssignUserID <var>user_id</var> <var>group_id</var></a></td><td /><td>v</td><td>M</td></tr><tr><td class="descr" colspan="4">-</td></tr>
  -<tr class="odd"><td><a href="mod_auth_basic.html#authbasicauthoritative">AuthBasicAuthoritative on|off</a></td><td> on </td><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Sets whether authorization and authentication are
  -passed to lower level modules</td></tr>
  -<tr><td><a href="mod_auth_basic.html#authbasicprovider">AuthBasicProvider <em>provider-name</em></a></td><td /><td>dh</td><td>B</td></tr><tr><td class="descr" colspan="4">Sets the authentication provider(s) for this location</td></tr>
  -<tr class="odd"><td><a href="mod_authz_dbm.html#authdbmgroupfile">AuthDBMGroupFile <em>file-path</em></a></td><td /><td>dh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Sets the name of the database file containing the list
  +<tr class="odd"><td><a href="perchild.html#assignuserid">AssignUserID <var>user_id</var> <var>group_id</var></a></td><td /><td>v</td><td>M</td></tr><tr class="odd"><td class="descr" colspan="4">-</td></tr>
  +<tr><td><a href="mod_auth_basic.html#authbasicauthoritative">AuthBasicAuthoritative On|Off</a></td><td> On </td><td>dh</td><td>B</td></tr><tr><td class="descr" colspan="4">Sets whether authorization and authentication are passed to
  +lower level modules</td></tr>
  +<tr class="odd"><td><a href="mod_auth_basic.html#authbasicprovider">AuthBasicProvider On|Off|<var>provider-name</var>
  +[<var>provider-name</var>] ...</a></td><td> On </td><td>d</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Sets the authentication provider(s) for this location</td></tr>
  +<tr><td><a href="mod_authz_dbm.html#authdbmgroupfile">AuthDBMGroupFile <var>file-path</var></a></td><td /><td>dh</td><td>E</td></tr><tr><td class="descr" colspan="4">Sets the name of the database file containing the list
   of user groups for authentication</td></tr>
  -<tr><td><a href="mod_authn_dbm.html#authdbmtype">AuthDBMType default|SDBM|GDBM|NDBM|DB</a></td><td> default </td><td>dh</td><td>E</td></tr><tr><td class="descr" colspan="4">Sets the type of database file that is used to
  +<tr class="odd"><td><a href="mod_authn_dbm.html#authdbmtype">AuthDBMType default|SDBM|GDBM|NDBM|DB</a></td><td> default </td><td>dh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Sets the type of database file that is used to
   store passwords</td></tr>
  -<tr class="odd"><td><a href="mod_authn_dbm.html#authdbmuserfile">AuthDBMUserFile <em>file-path</em></a></td><td /><td>dh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Sets the name of a database file containing the list of users and
  +<tr><td><a href="mod_authn_dbm.html#authdbmuserfile">AuthDBMUserFile <var>file-path</var></a></td><td /><td>dh</td><td>E</td></tr><tr><td class="descr" colspan="4">Sets the name of a database file containing the list of users and
   passwords for authentication</td></tr>
  +<tr class="odd"><td><a href="mod_authn_default.html#authdefaultauthoritative">AuthDefaultAuthoritative On|Off</a></td><td> On </td><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Sets whether authentication is passed to lower level
  +modules</td></tr>
   <tr><td><a href="mod_auth_digest.html#authdigestalgorithm">AuthDigestAlgorithm MD5|MD5-sess</a></td><td> MD5 </td><td>dh</td><td>X</td></tr><tr><td class="descr" colspan="4">Selects the algorithm used to calculate the challenge and
   response hases in digest authentication</td></tr>
   <tr class="odd"><td><a href="mod_auth_digest.html#authdigestdomain">AuthDigestDomain <var>URI</var> [<var>URI</var>] ...</a></td><td /><td>dh</td><td>X</td></tr><tr class="odd"><td class="descr" colspan="4">URIs that are in the same protection space for digest
   authentication</td></tr>
  -<tr><td><a href="mod_auth_digest.html#authdigestfile">AuthDigestFile <var>file-path</var></a></td><td /><td>dh</td><td>X</td></tr><tr><td class="descr" colspan="4">Location of the text file containing the list
  -of users and encoded passwords for digest authentication</td></tr>
  -<tr class="odd"><td><a href="mod_auth_digest.html#authdigestgroupfile">AuthDigestGroupFile <var>file-path</var></a></td><td /><td>dh</td><td>X</td></tr><tr class="odd"><td class="descr" colspan="4">Name of the text file containing the list of groups
  -for digest authentication</td></tr>
   <tr><td><a href="mod_auth_digest.html#authdigestnccheck">AuthDigestNcCheck On|Off</a></td><td> Off </td><td>s</td><td>X</td></tr><tr><td class="descr" colspan="4">Enables or disables checking of the nonce-count sent by the
   server</td></tr>
   <tr class="odd"><td><a href="mod_auth_digest.html#authdigestnonceformat">AuthDigestNonceFormat <var>format</var></a></td><td /><td>dh</td><td>X</td></tr><tr class="odd"><td class="descr" colspan="4">Determines how the nonce is generated</td></tr>
   <tr><td><a href="mod_auth_digest.html#authdigestnoncelifetime">AuthDigestNonceLifetime <var>seconds</var></a></td><td> 300 </td><td>dh</td><td>X</td></tr><tr><td class="descr" colspan="4">How long the server nonce is valid</td></tr>
  -<tr class="odd"><td><a href="mod_auth_digest.html#authdigestqop">AuthDigestQop none|auth|auth-int [auth|auth-int]</a></td><td> auth </td><td>dh</td><td>X</td></tr><tr class="odd"><td class="descr" colspan="4">Determines the quality-of-protection to use in digest
  +<tr class="odd"><td><a href="mod_auth_digest.html#authdigestprovider">AuthDigestProvider On|Off|<var>provider-name</var>
  +[<var>provider-name</var>] ...</a></td><td /><td>d</td><td>X</td></tr><tr class="odd"><td class="descr" colspan="4">Sets the authentication provider(s) for this location</td></tr>
  +<tr><td><a href="mod_auth_digest.html#authdigestqop">AuthDigestQop none|auth|auth-int [auth|auth-int]</a></td><td> auth </td><td>dh</td><td>X</td></tr><tr><td class="descr" colspan="4">Determines the quality-of-protection to use in digest
   authentication</td></tr>
  -<tr><td><a href="mod_authz_groupfile.html#authgroupfile">AuthGroupFile <em>file-path</em></a></td><td /><td>dh</td><td>E</td></tr><tr><td class="descr" colspan="4">Sets the name of a text file containing the list
  +<tr class="odd"><td><a href="mod_auth_digest.html#authdigestshmemsize">AuthDigestShmemSize <var>size</var></a></td><td> 1000 </td><td>s</td><td>X</td></tr><tr class="odd"><td class="descr" colspan="4">The amount of shared memory to allocate for keeping track
  +of clients</td></tr>
  +<tr><td><a href="mod_authz_groupfile.html#authgroupfile">AuthGroupFile <var>file-path</var></a></td><td /><td>dh</td><td>B</td></tr><tr><td class="descr" colspan="4">Sets the name of a text file containing the list
   of user groups for authentication</td></tr>
   <tr class="odd"><td><a href="mod_auth_ldap.html#authldapauthoritative">AuthLDAPAuthoritative on|off</a></td><td> on </td><td>dh</td><td>X</td></tr><tr class="odd"><td class="descr" colspan="4">Prevent other authentication modules from
   authenticating the user if this one fails</td></tr>
  @@ -153,12 +153,18 @@
   <tr class="odd"><td><a href="core.html#authname">AuthName <var>auth-domain</var></a></td><td /><td>dh</td><td>C</td></tr><tr class="odd"><td class="descr" colspan="4">Authorization realm for use in HTTP
   authentication</td></tr>
   <tr><td><a href="core.html#authtype">AuthType Basic|Digest</a></td><td /><td>dh</td><td>C</td></tr><tr><td class="descr" colspan="4">Type of user authentication</td></tr>
  -<tr class="odd"><td><a href="mod_authn_file.html#authuserfile">AuthUserFile <em>file-path</em></a></td><td /><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Sets the name of a text file containing the list of users and
  +<tr class="odd"><td><a href="mod_authn_file.html#authuserfile">AuthUserFile <var>file-path</var></a></td><td /><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Sets the name of a text file containing the list of users and
   passwords for authentication</td></tr>
  -<tr><td><a href="mod_authz_dbm.html#authzdbmauthoritative">AuthzDBMAuthoritative on|off</a></td><td> on </td><td>dh</td><td>E</td></tr><tr><td class="descr" colspan="4">Sets whether authorization will be passed on to lower level modules</td></tr>
  +<tr><td><a href="mod_authz_dbm.html#authzdbmauthoritative">AuthzDBMAuthoritative On|Off</a></td><td> On </td><td>dh</td><td>E</td></tr><tr><td class="descr" colspan="4">Sets whether authorization will be passed on to lower level
  +modules</td></tr>
   <tr class="odd"><td><a href="mod_authz_dbm.html#authzdbmtype">AuthzDBMType default|SDBM|GDBM|NDBM|DB</a></td><td> default </td><td>dh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Sets the type of database file that is used to
   store passwords</td></tr>
  -<tr><td><a href="mod_authz_groupfile.html#authzgroupfileauthoritative">AuthzGroupFileAuthoritative on|off</a></td><td> on </td><td>dh</td><td>E</td></tr><tr><td class="descr" colspan="4">Sets whether authorization will be passed on to lower level modules</td></tr>
  +<tr><td><a href="mod_authz_default.html#authzdefaultauthoritative">AuthzDefaultAuthoritative On|Off</a></td><td> On </td><td>dh</td><td>B</td></tr><tr><td class="descr" colspan="4">Sets whether authorization is passed to lower level
  +modules</td></tr>
  +<tr class="odd"><td><a href="mod_authz_groupfile.html#authzgroupfileauthoritative">AuthzGroupFileAuthoritative On|Off</a></td><td> On </td><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Sets whether authorization will be passed on to lower level
  +modules</td></tr>
  +<tr><td><a href="mod_authz_user.html#authzuserauthoritative">AuthzUserAuthoritative On|Off</a></td><td> On </td><td>dh</td><td>B</td></tr><tr><td class="descr" colspan="4">Sets whether authorization will be passed on to lower level
  +modules</td></tr>
   <tr class="odd"><td><a href="mod_setenvif.html#browsermatch" id="B" name="B">BrowserMatch <em>regex [!]env-variable</em>[=<em>value</em>]
   [[!]<em>env-variable</em>[=<em>value</em>]] ...</a></td><td /><td>svdh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Sets environment variables conditional on HTTP User-Agent
   </td></tr>
  @@ -245,9 +251,8 @@
   <tr><td><a href="mod_deflate.html#deflatefilternote">DeflateFilterNote <var>notename</var></a></td><td /><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Places the compression ratio in a note for logging</td></tr>
   <tr class="odd"><td><a href="mod_deflate.html#deflatememlevel">DeflateMemLevel <var>value</var></a></td><td> 9 </td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">How much memory should be used by zlib for compression</td></tr>
   <tr><td><a href="mod_deflate.html#deflatewindowsize">DeflateWindowSize <var>value</var></a></td><td> 15 </td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Zlib compression window size</td></tr>
  -<tr class="odd"><td><a href="mod_authz_host.html#deny"> Deny from
  -    all|<em>host</em>|env=<em>env-variable</em>
  -    [<em>host</em>|env=<em>env-variable</em>] ...</a></td><td /><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Controls which hosts are denied access to the
  +<tr class="odd"><td><a href="mod_authz_host.html#deny"> Deny from all|<var>host</var>|env=<var>env-variable</var>
  +[<var>host</var>|env=<var>env-variable</var>] ...</a></td><td /><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Controls which hosts are denied access to the
   server</td></tr>
   <tr><td><a href="core.html#directory">&lt;Directory <var>directory-path</var>&gt;
   ... &lt;/Directory&gt;</a></td><td /><td>sv</td><td>C</td></tr><tr><td class="descr" colspan="4">Enclose a group of directives that apply only to the
  @@ -415,7 +420,7 @@
   <tr><td><a href="core.html#options" id="O" name="O">Options
       [+|-]<var>option</var> [[+|-]<var>option</var>] ...</a></td><td> All </td><td>svdh</td><td>C</td></tr><tr><td class="descr" colspan="4">Configures what features are available in a particular
   directory</td></tr>
  -<tr class="odd"><td><a href="mod_authz_host.html#order"> Order <em>ordering</em></a></td><td> Deny,Allow </td><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Controls the default access state and the order in which
  +<tr class="odd"><td><a href="mod_authz_host.html#order"> Order <var>ordering</var></a></td><td> Deny,Allow </td><td>dh</td><td>B</td></tr><tr class="odd"><td class="descr" colspan="4">Controls the default access state and the order in which
   <code class="directive">Allow</code> and <code class="directive">Deny</code> are
   evaluated.</td></tr>
   <tr><td><a href="mod_env.html#passenv" id="P" name="P">PassEnv <var>env-variable</var> [<var>env-variable</var>]
  
  
  
  1.1                  httpd-2.0/docs/manual/mod/mod_authn_default.html.en
  
  Index: mod_authn_default.html.en
  ===================================================================
  <?xml version="1.0" encoding="ISO-8859-1"?>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
                This file is generated from xml source: DO NOT EDIT
          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        --><title>mod_authn_default - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.1</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs-project/">Documentation</a> &gt; <a href="../">Version 2.1</a> &gt; <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Apache Module mod_authn_default</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description:
                    </a></th><td>Authentication fallback module</td></tr><tr><th><a href="module-dict.html#Status">Status:
                    </a></th><td>Base</td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:
                    </a></th><td>authn_default_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File:
                    </a></th><td>mod_authn_default.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
                    </a></th><td>Available in Apache 2.1 and later</td></tr></table><h3>Summary</h3>
      <p>This module is designed to be the fallback module, if you don't
      have configured an authentication module like
      <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code>. It simply rejects any
      credentials supplied by the user.</p>
  </div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authdefaultauthoritative">AuthDefaultAuthoritative</a></li>
  </ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDefaultAuthoritative" id="AuthDefaultAuthoritative">AuthDefaultAuthoritative</a> <a name="authdefaultauthoritative" id="authdefaultauthoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                </a></th><td>Sets whether authentication is passed to lower level
  modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
                </a></th><td><code>AuthDefaultAuthoritative On|Off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
                </a></th><td><code>AuthDefaultAuthoritative On</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                </a></th><td>Base</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                </a></th><td>mod_authn_default</td></tr></table>
      <p>Setting the <code class="directive">AuthDefaultAuthoritative</code> directive
      explicitly to <code>Off</code> allows for authentication to be passed on
      to lower level modules (as defined in the <code>modules.c</code>
      files).</p>
  
      <div class="note"><h3>Note</h3>
        <p>Normally there are no lower level modules, since
        <code class="module"><a href="../mod/mod_authn_default.html">mod_authn_default</a></code> is defined to be already on
        a <em>very low</em> level. Therefore you should leave the value of
        <code class="directive">AuthDefaultAuthoritative</code> as default
        (<code>On</code>).</p>
      </div>
  </div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
  
  
  1.1                  httpd-2.0/docs/manual/mod/mod_authz_default.html.en
  
  Index: mod_authz_default.html.en
  ===================================================================
  <?xml version="1.0" encoding="ISO-8859-1"?>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
                This file is generated from xml source: DO NOT EDIT
          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        --><title>mod_authz_default - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.1</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs-project/">Documentation</a> &gt; <a href="../">Version 2.1</a> &gt; <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Apache Module mod_authz_default</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description:
                    </a></th><td>Authorization fallback module</td></tr><tr><th><a href="module-dict.html#Status">Status:
                    </a></th><td>Base</td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:
                    </a></th><td>authz_default_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File:
                    </a></th><td>mod_authz_default.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
                    </a></th><td>Available in Apache 2.1 and later</td></tr></table><h3>Summary</h3>
      <p>This module is designed to be the fallback module, if you don't
      have configured an authorization module like
      <code class="module"><a href="../mod/mod_authz_user.html">mod_authz_user</a></code> or <code class="module"><a href="../mod/mod_authz_groupfile.html">mod_authz_groupfile</a></code>.
      It simply rejects any authorization request.</p>
  </div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authzdefaultauthoritative">AuthzDefaultAuthoritative</a></li>
  </ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthzDefaultAuthoritative" id="AuthzDefaultAuthoritative">AuthzDefaultAuthoritative</a> <a name="authzdefaultauthoritative" id="authzdefaultauthoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                </a></th><td>Sets whether authorization is passed to lower level
  modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
                </a></th><td><code>AuthzDefaultAuthoritative On|Off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
                </a></th><td><code>AuthzDefaultAuthoritative On</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                </a></th><td>Base</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                </a></th><td>mod_authz_default</td></tr></table>
      <p>Setting the <code class="directive">AuthzDefaultAuthoritative</code> directive
      explicitly to <code>Off</code> allows for authorization to be passed on
      to lower level modules (as defined in the <code>modules.c</code>
      files).</p>
  
      <div class="note"><h3>Note</h3>
        <p>Normally there are no lower level modules, since
        <code class="module"><a href="../mod/mod_authz_default.html">mod_authz_default</a></code> is defined to be already on
        a <em>very low</em> level. Therefore you should leave the value of
        <code class="directive">AuthzDefaultAuthoritative</code> as default
        (<code>On</code>).</p>
      </div>
  </div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
  
  
  1.1                  httpd-2.0/docs/manual/mod/mod_authz_user.html.en
  
  Index: mod_authz_user.html.en
  ===================================================================
  <?xml version="1.0" encoding="ISO-8859-1"?>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
                This file is generated from xml source: DO NOT EDIT
          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
        --><title>mod_authz_user - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.1</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs-project/">Documentation</a> &gt; <a href="../">Version 2.1</a> &gt; <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Apache Module mod_authz_user</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description:
                    </a></th><td>User Authorization</td></tr><tr><th><a href="module-dict.html#Status">Status:
                    </a></th><td>Base</td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:
                    </a></th><td>authz_user_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File:
                    </a></th><td>mod_authz_user.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility:
                    </a></th><td>Available in Apache 2.1 and later</td></tr></table><h3>Summary</h3>
      <p>This module provides authorization capabilities so that
      authenticated users can be allowed or denied access to portions
      of the web site. <code class="module"><a href="../mod/mod_authz_user.html">mod_authz_user</a></code> grants
      access if the authenticated user is listed in a <code>Require user</code>
      directive. Alternatively <code>require valid-user</code> can be used to
      grant access to all successfully authenticated users.</p>
  </div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authzuserauthoritative">AuthzUserAuthoritative</a></li>
  </ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthzUserAuthoritative" id="AuthzUserAuthoritative">AuthzUserAuthoritative</a> <a name="authzuserauthoritative" id="authzuserauthoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: 
                </a></th><td>Sets whether authorization will be passed on to lower level
  modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax:
                </a></th><td><code>AuthzUserAuthoritative On|Off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: 
                </a></th><td><code>AuthzUserAuthoritative On</code></td></tr><tr><th><a href="directive-dict.html#Context">Context:
                </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override:
                </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status:
                </a></th><td>Base</td></tr><tr><th><a href="directive-dict.html#Module">Module:
                </a></th><td>mod_authz_user</td></tr></table>
      <p>Setting the <code class="directive">AuthzUserAuthoritative</code>
      directive explicitly to <code>Off</code> allows for
      user authorization to be passed on to lower level modules (as defined
      in the <code>modules.c</code> files) if there is <strong>no
      user</strong> matching the supplied userID.</p>
  
      <p>By default, control is not passed on and an unknown user
      will result in an Authentication Required reply. Not
      setting it to <code>Off</code> thus keeps the system secure and forces
      an NCSA compliant behaviour.</p>
  </div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
  
  

Mime
View raw message