Take me off this list. At 11:29 PM 9/7/99 +0100, you wrote: >Dirk-Willem van Gulik wrote: >> >> As a sequel on the previous question.. "has anyone parsed/recorded the >> apache documentation into a semantic format (such as one could use >> for the configurators) or automatic generation of, say a PDF version of >> the documents ??".. here is a followup: >> >> Does anyone see great error or fundamental wrongs with the attached >> strawman ? It is the result of half an hour of perl hacking and 10 minutes >> of touch up. The script more or less works for all module mod_*.html >> files. The example below should be complete; i.e. there is no information >> lost in the transformation; and the orignal HTML can be reconstructed. >> >> I'd like to hear some noice from people writing configurators, just to see >> where they are heading.. and from people thinking of improving the doc's, >> having multiple language variants, etc. >> >> Dw >> >> >> >> Apache module mod_auth >> >> >> This module is contained in the mod_auth.c file, and >> is compiled in by default. It provides for user authentication using >> textual files. >> >> >> De mod_auth module voorziet in toegangs controle op basis van text >> bestanden met gebruikersnaam en wachtwoord gegevens. >>

>> Deze code voor deze module bevindt zich in het bestand mod_auth.c >> en maakt deel uit van de groep die standaard mee gecompileerd >> wordt. >>

>> >> >> AuthGroupFile >> >> >> >> >> AuthGroupFile filename >> > >This can't be right: the description for the whole line is nested within >a single argument. > >> >> >> directory, .htaccess >> >> >> AuthConfig >> >> >> Base >> >> >> mod_auth >> >> >> The AuthGroupFile directive sets the name of a textual file containing the list >> of user groups for user authentication. Filename is the path > >Filename should be a reference to the argument (forgot how you >do that in XML). Not sure about including things like at all, >anyway. > >> to the group file. If it is not absolute (i.e., if it >> doesn't begin with a slash), it is treated as relative to the ServerRoot. >>

>> Each line of the group file contains a groupname followed by a colon, followed >> by the member usernames separated by spaces. >> >> mygroup: bob joe anne >> >> Note that searching large text files is very inefficient; >> AuthName, > >XML refs, not HTML refs, surely? > >> AuthType >> AuthUserFile >> >> >> >> AuthUserFile >> >> >> >> AuthUserFile filename >> >> >> > >Same problem as above > >> >> directory, .htaccess >> >> >> AuthConfig >> >> >> Base >> >> >> mod_auth >> >> >> The AuthUserFile directive sets the name of a textual file containing >> the list of users and passwords for user >> authentication. Filename is the path to the user >> file. If it is not absolute (i.e., if it doesn't begin with a >> slash), it is treated as relative to the ServerRoot. >>

>> Each line of the user file file contains a username followed >> by a colon, followed by the crypt() encrypted password. The behavior >> of multiple occurrences of the same user is undefined. >>

>> The utility htpasswd which is installed as part of the >> binary distribution, or which can be found in src/support, >> is used to maintain this password file. See the man >> page for more details. >> >> htpasswd -c Filename username
>> Create a password file 'Filename' with 'username' >> as the initial ID. It will prompt for the password. >> htpasswd Filename username2
>> Adds or modifies in password file 'Filename' the 'username'. >>
>>

Note that >> searching large text files is very inefficient; >> should be used instead. >>

>> >> >> Make sure that the AuthUserFile is stored outside the >> document tree of the web-server; do not put it in the directory that >> it protects. Otherwise, clients will be able to download the AuthUserFile.

>> >> >> AuthName, >> AuthType >> AuthGroupFile >> >> >> >> >> AuthAuthoritative >> >> >> >> >> AuthAuthoritative < on(default) | off > >> >> >> >> >> directory, .htaccess >> >> >> AuthConfig >> >> >> Base >> >> >> mod_auth >> >> >> By default; control is not passed on; and an unknown >> userID or rule will result in an Authorization Required reply. Not >> setting it thus keeps the system secure; and forces an NCSA compliant >> behaviour. >> >> >> Setting the AuthAuthoritative directive explicitly to 'off' >> allows for both authentication and authorization to be passed on to >> lower level modules (as defined in the Configuration and >> modules.c files) if there is no userID or >> rule matching the supplied userID. If there is a userID and/or >> rule specified; the usual password and access checks will be applied >> and a failure will give an Authorization Required reply. >>

>> So if a userID appears in the database of more than one module; or if >> a valid require directive applies to more than one module; then the >> first module will verify the credentials; and no access is passed on; >> regardless of the AuthAuthoritative setting. >>

>> A common use for this is in conjunction with one of the database >> modules; such as > HREF="mod_auth_db.html">mod_auth_db.c, > HREF="mod_auth_dbm.html">mod_auth_dbm.c, >> mod_auth_msql.c, and > HREF="mod_auth_anon.html">mod_auth_anon.c. These modules >> supply the bulk of the user credential checking; but a few >> (administrator) related accesses fall through to a lower level with a >> well protected AuthUserFile. >>

>> >> >> Security: Do consider the implications of allowing a user to allow >> fall-through in his .htaccess file; and verify that this is really >> what you want; Generally it is easier to just secure a single >> .htpasswd file, than it is to secure a database such as mSQL. Make >> sure that the AuthUserFile is stored outside the document tree of the >> web-server; do not put it in the directory that it >> protects. Otherwise, clients will be able to download the >> AuthUserFile. >> >> >> AuthName, >> AuthType >> AuthGroupFile >> >> >> >> >> > >-- >http://www.apache-ssl.org/ben.html > >"My grandfather once told me that there are two kinds of people: those >who work and those who take the credit. He told me to try to be in the >first group; there was less competition there." > - Indira Gandhi > >