httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matus UHLAR - fantomas <uh...@fantomas.sk>
Subject Re: [users@httpd] AuthName directive
Date Wed, 24 Oct 2007 09:25:22 GMT
> On 10/23/07, anon6565@hushmail.com <anon6565@hushmail.com> wrote:
> > AuthName directive: "This directive sets the name of the
> > authorization realm for a directory. This realm is given to the
> > client so that the user knows which username and password to send."
> >
> > I know how AuthName works in practise, but can someone please
> > explain what an "authorization realm" is? I take it it is not the
> > same as a directory?

On 23.10.07 12:56, Joshua Slive wrote:
> The realm is the area on the server that is accessible under a given
> set of credentials. In practice, it is usually a specific directory
> and its subdirectories. But the same realm name may be used for
> multiple independent directories, and the browser should supply the
> appropriate username/password without reprompting the user if it knows
> them for that realm. For security reasons (to prevent stealing
> passwords), a realm cannot span multiple hostnames.

Note that when you use different access rights (in subdirectories or
different paths), you must use different realms. Otherwise, the browser
(and the user) may get confused that once it can get to the area, once not.

OTOH, when usine the same privileges in more directories within the same
server, you may use the same realms.

So, when you have webserver with some public (unprotected) data, more
(protected) applications, each in the different subdirectory, and admin area
under each of them, where all applications have the same userlist (e.g.
valid_user with the same user database) and each admin area the same
list/group of admins, You can use one realm for applications and one realm
for admin areas.

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Depression is merely anger without enthusiasm. 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message