httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rbo...@apache.org
Subject svn commit: r1533199 - in /httpd/httpd/branches/2.4.x/docs/manual/mod: mod_auth_basic.html.en mod_macro.html.en mod_macro.xml mod_proxy_html.html.en mod_session_crypto.html.en
Date Thu, 17 Oct 2013 18:24:54 GMT
Author: rbowen
Date: Thu Oct 17 18:24:53 2013
New Revision: 1533199

URL: http://svn.apache.org/r1533199
Log:
Broken markup in example

Modified:
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_auth_basic.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_macro.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_macro.xml
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy_html.html.en
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_session_crypto.html.en

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_auth_basic.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_auth_basic.html.en?rev=1533199&r1=1533198&r2=1533199&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_auth_basic.html.en (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_auth_basic.html.en Thu Oct 17 18:24:53
2013
@@ -49,6 +49,7 @@
 <li><img alt="" src="../images/down.gif" /> <a href="#authbasicauthoritative">AuthBasicAuthoritative</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#authbasicfake">AuthBasicFake</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#authbasicprovider">AuthBasicProvider</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#authbasicusedigestalgorithm">AuthBasicUseDigestAlgorithm</a></li>
 </ul>
 <h3>See also</h3>
 <ul class="seealso">
@@ -190,6 +191,78 @@ username and password</td></tr>
     <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code>
and <code class="module"><a href="../mod/mod_authn_socache.html">mod_authn_socache</a></code>.</p>
 
 </div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
+<div class="directive-section"><h2><a name="AuthBasicUseDigestAlgorithm" id="AuthBasicUseDigestAlgorithm">AuthBasicUseDigestAlgorithm</a>
<a name="authbasicusedigestalgorithm" id="authbasicusedigestalgorithm">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Check
passwords against the authentication providers as if
+Digest Authentication was in force instead of Basic Authentication.
+</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthBasicUseDigestAlgorithm
MD5|Off</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthBasicUseDigestAlgorithm
Off</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory,
.htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_basic</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Apache
HTTP Server 2.4.7 and later</td></tr>
+</table>
+    <p>Normally, when using Basic Authentication, the providers listed in
+    <code class="directive"><a href="#authbasicprovider">AuthBasicProvider</a></code>
+    attempt to verify a user by checking their data stores for
+    a matching username and associated password.  The stored passwords
+    are usually encrypted, but not necessarily so; each provider may
+    choose its own storage scheme for passwords.</p>
+
+    <p>When using <code class="directive"><a href="../mod/mod_auth_digest.html#authdigestprovider">AuthDigestProvider</a></code>
and Digest
+    Authentication, providers perform a similar check to find a matching
+    username in their data stores.  However, unlike in the Basic
+    Authentication case, the value associated with each stored username
+    must be an encrypted string composed from the username, realm name,
+    and password.  (See
+    <a href="http://tools.ietf.org/html/rfc2617#section-3.2.2.2">
+    RFC 2617, Section 3.2.2.2</a> for more details on the format used
+    for this encrypted string.)</p>
+
+    <p>As a consequence of the difference in the stored values between
+    Basic and Digest Authentication, converting from Digest
+    Authentication to Basic Authentication generally requires that all
+    users be assigned new passwords, as their existing passwords cannot
+    be recovered from the password storage scheme imposed on those
+    providers which support Digest Authentication.</p>
+
+    <p>Setting the <code class="directive"><a href="#authbasicusedigestalgorithm">AuthBasicUseDigestAlgorithm</a></code>
directive
+    to <code>MD5</code> will cause the user's Basic Authentication password
+    to be checked using the same encrypted format as for Digest
+    Authentication.  First a string composed from the username, realm name,
+    and password is hashed with MD5; then the username and this encrypted
+    string are passed to the providers listed in
+    <code class="directive"><a href="#authbasicprovider">AuthBasicProvider</a></code>
+    as if
+    <code class="directive"><a href="../mod/mod_authn_core.html#authtype">AuthType</a></code>
+    was set to <code>Digest</code> and Digest Authentication was in force.
+    </p>
+
+    <p>Through the use of <code class="directive"><a href="#authbasicusedigestalgorithm">AuthBasicUseDigestAlgorithm</a></code>
+    a site may switch from Digest to Basic Authentication without
+    requiring users to be assigned new passwords.</p>
+
+    <div class="note">
+      The inverse process of switching from Basic to Digest
+      Authentication without assigning new passwords is generally
+      not possible.  Only if the Basic Authentication passwords
+      have been stored in plain text or with a reversable encryption
+      scheme will it be possible to recover them and generate a
+      new data store following the Digest Authentication password
+      storage scheme.
+    </div>
+
+    <div class="note">
+      Only providers which support Digest Authentication will be able
+      to authenticate users when <code class="directive"><a href="#authbasicusedigestalgorithm">AuthBasicUseDigestAlgorithm</a></code>
+      is set to <code>MD5</code>.  Use of other providers will result
+      in an error response and the client will be denied access.
+    </div>
+
+</div>
 </div>
 <div class="bottomlang">
 <p><span>Available Languages: </span><a href="../en/mod/mod_auth_basic.html"
title="English">&nbsp;en&nbsp;</a> |

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_macro.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_macro.html.en?rev=1533199&r1=1533198&r2=1533199&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_macro.html.en (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_macro.html.en Thu Oct 17 18:24:53 2013
@@ -73,7 +73,7 @@ multiple similar virtual hosts:</p>
     DocumentRoot /var/www/vhosts/$name
     ErrorLog /var/log/httpd/$name.error_log
     CustomLog /var/log/httpd/$name.access_log combined
-&gt;/VirtualHost&gt;
+&lt;/VirtualHost&gt;
 &lt;/Macro&gt;
 </pre>
 

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_macro.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_macro.xml?rev=1533199&r1=1533198&r2=1533199&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_macro.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_macro.xml Thu Oct 17 18:24:53 2013
@@ -58,7 +58,7 @@ multiple similar virtual hosts:</p>
     DocumentRoot /var/www/vhosts/$name
     ErrorLog /var/log/httpd/$name.error_log
     CustomLog /var/log/httpd/$name.access_log combined
-&gt;/VirtualHost&gt;
+&lt;/VirtualHost&gt;
 &lt;/Macro&gt;
 </highlight>
 

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy_html.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy_html.html.en?rev=1533199&r1=1533198&r2=1533199&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy_html.html.en (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_proxy_html.html.en Thu Oct 17 18:24:53
2013
@@ -36,9 +36,21 @@ from Clients' networks in a proxy contex
 for earlier 2.x versions</td></tr></table>
 <h3>Summary</h3>
 
-    <p>This module provides an output filter to rewrite HTML links in a proxy situation,
to ensure that links work for users outside the proxy. It serves the same purpose as Apache's
ProxyPassReverse directive does for HTTP headers, and is an essential component of a reverse
proxy.</p>
-
-<p>For example, if a company has an application server at appserver.example.com that
is only visible from within the company's internal network, and a public webserver <code>www.example.com</code>,
they may wish to provide a gateway to the application server at <code>http://www.example.com/appserver/</code>.
When the application server links to itself, those links need to be rewritten to work through
the gateway. mod_proxy_html serves to rewrite <code>&lt;a href="http://appserver.example.com/foo/bar.html"&gt;foobar&lt;/a&gt;</code>
to <code>&lt;a href="http://www.example.com/appserver/foo/bar.html"&gt;foobar&lt;/a&gt;</code>
making it accessible from outside.</p>
+<p>This module provides an output filter to rewrite HTML links in a
+proxy situation, to ensure that links work for users outside the proxy.
+It serves the same purpose as Apache's ProxyPassReverse directive does
+for HTTP headers, and is an essential component of a reverse proxy.</p>
+
+<p>For example, if a company has an application server at
+<code>appserver.example.com</code> that is only visible from within
+the company's internal network, and a public webserver
+<code>www.example.com</code>, they may wish to provide a gateway to the
+application server at <code>http://www.example.com/appserver/</code>.
+When the application server links to itself, those links need to be
+rewritten to work through the gateway. mod_proxy_html serves to rewrite
+<code>&lt;a href="http://appserver.example.com/foo/bar.html"&gt;foobar&lt;/a&gt;</code>
to
+<code>&lt;a href="http://www.example.com/appserver/foo/bar.html"&gt;foobar&lt;/a&gt;</code>
+making it accessible from outside.</p>
 
 <p>mod_proxy_html was originally developed at Web├×ing, whose
 extensive <a href="http://apache.webthing.com/mod_proxy_html/">documentation</a>
may be useful to users.</p>

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_session_crypto.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_session_crypto.html.en?rev=1533199&r1=1533198&r2=1533199&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_session_crypto.html.en (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_session_crypto.html.en Thu Oct 17 18:24:53
2013
@@ -203,6 +203,19 @@ SessionCryptoPassphrase secret
     secret to the end of the list, and once rolled out completely to all servers, remove
     the first key from the start of the list.</p>
 
+    <p>If the value begins with exec: the resulting command will be executed and the
+    first line returned to standard output by the program will be used as the key.</p>
+<div class="example"><pre>
+#key used as-is
+SessionCryptoPassphrase secret
+
+#Run /path/to/program to get key
+SessionCryptoPassphrase exec:/path/to/program
+
+#Run /path/to/otherProgram and provide arguments
+SessionCryptoPassphrase "exec:/path/to/otherProgram argument1"
+</pre></div>
+
 
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>



Mime
View raw message