From: Bradley Nicholes Date: Fri, 6 Jan 2006 16:15:13 +0000 (+0000) Subject: Remove the references to all of the AuthzXXXAuthoritative directives in the documenta... X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5b9562f04b2395711fcf141b83742454f611c12f;p=thirdparty%2Fapache%2Fhttpd.git Remove the references to all of the AuthzXXXAuthoritative directives in the documentation since these directives no longer exist git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/authz-dev@366519 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/mod_authn_alias.xml b/docs/manual/mod/mod_authn_alias.xml index 6ba51d0c1b0..9bf23c09cac 100644 --- a/docs/manual/mod/mod_authn_alias.xml +++ b/docs/manual/mod/mod_authn_alias.xml @@ -76,7 +76,6 @@ AuthType Basic
AuthName LDAP_Protected_Place
- AuthzLDAPAuthoritative off
require valid-user
</Directory>
diff --git a/docs/manual/mod/mod_authnz_ldap.xml b/docs/manual/mod/mod_authnz_ldap.xml index 526de29f98c..f9f25dd4bf4 100644 --- a/docs/manual/mod/mod_authnz_ldap.xml +++ b/docs/manual/mod/mod_authnz_ldap.xml @@ -301,9 +301,7 @@ for HTTP Basic authentication.

If this directive exists, mod_authnz_ldap grants access to any user that has successfully authenticated during the search/bind phase. Requires that mod_authz_user be - loaded and that the - AuthzLDAPAuthoritative - directive be set to off.

+ loaded.

require ldap-user @@ -573,17 +571,10 @@ require valid-user that gets created in the web

 AuthLDAPURL            "the url"
-AuthzLDAPAuthoritative off
 AuthGroupFile mygroupfile
 require group mygroupfile
-

AuthzLDAPAuthoritative - must be off to allow mod_authnz_ldap to decline group - authentication so that Apache will fall back to file - authentication for checking group membership. This allows the - FrontPage-managed group file to be used.

-
How It Works

FrontPage restricts access to a web by adding the require @@ -643,25 +634,6 @@ require group mygroupfile

- -AuthzLDAPAuthoritative -Prevent other authentication modules from -authenticating the user if this one fails -AuthzLDAPAuthoritative on|off -AuthzLDAPAuthoritative on -directory.htaccess - -AuthConfig - - -

Set to off if this module should let other - authentication modules attempt to authenticate the user, should - authentication with this module fail. Control is only passed on - to lower modules if there is no DN or rule that matches the - supplied user name (as passed by the client).

- - - AuthLDAPBindDN Optional DN to use in binding to the LDAP server diff --git a/docs/manual/mod/mod_authz_dbd.xml b/docs/manual/mod/mod_authz_dbd.xml index 6002c86aee5..35f3b339aca 100644 --- a/docs/manual/mod/mod_authz_dbd.xml +++ b/docs/manual/mod/mod_authz_dbd.xml @@ -182,40 +182,4 @@ header is present - -AuthzDBDAuthoritative -Sets whether authorization will be passed on to lower level -modules -AuthzDBDAuthoritative On|Off -AuthzDBDAuthoritative On -directory - - -

Setting the AuthzDBDAuthoritative - directive explicitly to Off allows group authorization - to be handled by another authz module if the userID is not - in any authorized dbd-group. If there are any groups - specified, the usual checks will be applied and a failure will - give an Authentication Required reply.

- -

So if a userID appears in the database of more than one module; - or if a valid Require - directive applies to more than one module; then the first module - will verify the credentials; and no access is passed on; - regardless of the AuthAuthoritative setting.

- -

A common use for this is in conjunction with one of the - auth providers; such or - mod_authn_file. Whereas this DBD module supplies - the bulk of the user credential checking; a few (administrator) related - accesses fall through to a lower level with a well protected - .htpasswd file.

- -

By default, control is not passed on and an unknown group - will result in an Authentication Required reply. Not - setting it thus keeps the system secure and forces an NCSA - compliant behaviour.

- - - diff --git a/docs/manual/mod/mod_authz_dbm.xml b/docs/manual/mod/mod_authz_dbm.xml index 6d6ca04ff36..4732f307bc2 100644 --- a/docs/manual/mod/mod_authz_dbm.xml +++ b/docs/manual/mod/mod_authz_dbm.xml @@ -119,51 +119,4 @@ store list of user groups - -AuthzDBMAuthoritative -Sets whether authorization will be passed on to lower level -modules -AuthzDBMAuthoritative On|Off -AuthzDBMAuthoritative On -directory.htaccess - -AuthConfig - - -

Setting the AuthzDBMAuthoritative - directive explicitly to Off allows group authorization - to be passed on to lower level modules (as defined in the - modules.c file) if there is no group found - for the the supplied userID. If there are any groups - specified, the usual checks will be applied and a failure will - give an Authentication Required reply.

- -

So if a userID appears in the database of more than one module; - or if a valid Require - directive applies to more than one module; then the first module - will verify the credentials; and no access is passed on; - regardless of the AuthAuthoritative setting.

- -

A common use for this is in conjunction with one of the - auth providers; such as mod_authn_dbm or - mod_authn_file. Whereas this DBM module supplies - the bulk of the user credential checking; a few (administrator) related - accesses fall through to a lower level with a well protected - .htpasswd file.

- -

By default, control is not passed on and an unknown group - will result in an Authentication Required reply. Not - setting it thus keeps the system secure and forces an NCSA - compliant behaviour.

- - Security -

Do consider the implications of allowing a user to - allow fall-through in his .htaccess file; and verify that this - is really what you want; Generally it is easier to just secure - a single .htpasswd file, than it is to secure a - database which might have more access interfaces.

- - - - diff --git a/docs/manual/mod/mod_authz_groupfile.xml b/docs/manual/mod/mod_authz_groupfile.xml index d3aed88d664..13252b1b98d 100644 --- a/docs/manual/mod/mod_authz_groupfile.xml +++ b/docs/manual/mod/mod_authz_groupfile.xml @@ -75,36 +75,4 @@ of user groups for authorization - -AuthzGroupFileAuthoritative -Sets whether authorization will be passed on to lower level -modules -AuthzGroupFileAuthoritative On|Off -AuthzGroupFileAuthoritative On -directory.htaccess - -AuthConfig - - -

Setting the AuthzGroupFileAuthoritative - directive explicitly to Off allows for - group authorization to be passed on to lower level modules (as defined - in the modules.c files) if there is no - group matching the supplied userID.

- -

By default, control is not passed on and an unknown group - will result in an Authentication Required reply. Not - setting it thus keeps the system secure and forces an NCSA - compliant behaviour.

- - Security -

Do consider the implications of allowing a user to - allow fall-through in his .htaccess file; and verify - that this is really what you want; Generally it is easier to just - secure a single .htpasswd file, than it is to secure - a database which might have more access interfaces.

- - - - diff --git a/docs/manual/mod/mod_authz_owner.xml b/docs/manual/mod/mod_authz_owner.xml index 66e68954fe6..0478626cba5 100644 --- a/docs/manual/mod/mod_authz_owner.xml +++ b/docs/manual/mod/mod_authz_owner.xml @@ -132,39 +132,4 @@ - -AuthzOwnerAuthoritative -Sets whether authorization will be passed on to lower level -modules -AuthzOwnerAuthoritative On|Off -AuthzOwnerAuthoritative On -directory.htaccess - -AuthConfig - - -

Setting the AuthzOwnerAuthoritative - directive explicitly to Off allows for - user authorization to be passed on to lower level modules (as defined - in the modules.c files) if:

- -
    -
  • in the case of file-owner the file-system owner does not - match the supplied web-username or could not be determined, or
    • - -
  • in the case of file-group the file-system group does not - contain the supplied web-username or could not be determined.
    • -
- -

Note that setting the value to Off also allows the - combination of file-owner and file-group, so - access will be allowed if either one or the other (or both) match.

- -

By default, control is not passed on and an authorization failure - will result in an "Authentication Required" reply. Not - setting it to Off thus keeps the system secure and forces - an NCSA compliant behaviour.

- - - diff --git a/docs/manual/mod/mod_authz_user.xml b/docs/manual/mod/mod_authz_user.xml index c9d006971b6..e854225b31d 100644 --- a/docs/manual/mod/mod_authz_user.xml +++ b/docs/manual/mod/mod_authz_user.xml @@ -40,28 +40,4 @@ Require Satisfy - -AuthzUserAuthoritative -Sets whether authorization will be passed on to lower level -modules -AuthzUserAuthoritative On|Off -AuthzUserAuthoritative On -directory.htaccess - -AuthConfig - - -

Setting the AuthzUserAuthoritative - directive explicitly to Off allows for - user authorization to be passed on to lower level modules (as defined - in the modules.c files) if there is no - user matching the supplied userID.

- -

By default, control is not passed on and an unknown user - will result in an Authentication Required reply. Not - setting it to Off thus keeps the system secure and forces - an NCSA compliant behaviour.

- - - diff --git a/docs/manual/mod/mod_ldap.xml b/docs/manual/mod/mod_ldap.xml index a432341de14..b22cadb228b 100644 --- a/docs/manual/mod/mod_ldap.xml +++ b/docs/manual/mod/mod_ldap.xml @@ -81,7 +81,6 @@ by other LDAP modules Allow from yourdomain.example.com
AuthLDAPEnabled on
AuthLDAPURL ldap://127.0.0.1/dc=example,dc=com?uid?one
- AuthLDAPAuthoritative on
require valid-user
</Location> @@ -212,7 +211,6 @@ by other LDAP modules Allow from yourdomain.example.com
AuthLDAPEnabled on
AuthLDAPURL ldaps://127.0.0.1/dc=example,dc=com?uid?one
- AuthLDAPAuthoritative on
require valid-user
</Location> @@ -234,7 +232,6 @@ by other LDAP modules AuthLDAPEnabled on
LDAPTrustedMode TLS AuthLDAPURL ldap://127.0.0.1/dc=example,dc=com?uid?one
- AuthLDAPAuthoritative on
require valid-user
</Location> @@ -287,7 +284,6 @@ by other LDAP modules AuthLDAPEnabled on
LDAPTrustedClientCert CERT_NICKNAME <nickname> [password]
AuthLDAPURL ldaps://127.0.0.1/dc=example,dc=com?uid?one
- AuthLDAPAuthoritative on
require valid-user
</Location> @@ -355,7 +351,6 @@ by other LDAP modules LDAPTrustedClientCert CERT_BASE64 /certs/cert1.pem
LDAPTrustedClientCert KEY_BASE64 /certs/key1.pem
AuthLDAPURL ldaps://127.0.0.1/dc=example,dc=com?uid?one
- AuthLDAPAuthoritative on
require valid-user
</Location>