From 6e86db4b3192f8d230ce0f57a5e032ed966c7e7c Mon Sep 17 00:00:00 2001 From: Joshua Slive Date: Wed, 16 Nov 2005 16:43:33 +0000 Subject: [PATCH] Merge r345057 from trunk: Remove on/off from the argument list for AuthBasicProvider, attempt to clarify the discussion of AuthBasicAuthoritative, and add some extra clarifications in a few places. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@345059 13f79535-47bb-0310-9956-ffa450edef68 --- docs/manual/mod/mod_auth_basic.xml | 59 ++++++++++++++---------------- 1 file changed, 27 insertions(+), 32 deletions(-) diff --git a/docs/manual/mod/mod_auth_basic.xml b/docs/manual/mod/mod_auth_basic.xml index a3fa5af59ed..6c41b90c538 100644 --- a/docs/manual/mod/mod_auth_basic.xml +++ b/docs/manual/mod/mod_auth_basic.xml @@ -33,7 +33,10 @@

This module allows the use of HTTP Basic Authentication to restrict access by looking up users in the given providers. HTTP Digest Authentication is provided by - mod_auth_digest.

+ mod_auth_digest. This module should + usually be combined with at least one authentication module + such as mod_authn_file and one authorization + module such as mod_authz_user.

AuthName AuthType @@ -41,9 +44,9 @@ AuthBasicProvider Sets the authentication provider(s) for this location -AuthBasicProvider On|Off|provider-name +AuthBasicProvider provider-name [provider-name] ... -AuthBasicProvider On +AuthBasicProvider file directory.htaccess AuthConfig @@ -51,14 +54,14 @@

The AuthBasicProvider directive sets which provider is used to authenticate the users for this location. - Setting the value to On will choose the default provider - (file). Since the file provider is implemented - by the mod_authn_file module, you have to make sure, - that the module is present in the server.

+ The default file provider is implemented + by the mod_authn_file module. Make sure + that the chosen provider module is present in the server.

Example <Location /secure>
+ AuthType basic
AuthBasicProvider dbm
AuthDBMType SDBM
AuthDBMUserFile /www/etc/dbmpasswd
@@ -67,11 +70,9 @@ </Location> -

See mod_authn_dbm and mod_authn_file - for providers.

- -

The value Off clears the provider list and sets it back - to the default.

+

Providers are implemented by mod_authn_dbm, + mod_authn_file, mod_authn_dbd, + and mod_authnz_ldap.

 @@ -86,26 +87,20 @@ lower level modules AuthConfig -

Setting the AuthBasicAuthoritative directive - explicitly to Off allows for both - authentication and authorization to be passed on to lower level - modules (as defined in the modules.c files) if there is - no userID or rule matching the - supplied userID. If there is a userID and/or rule specified, the usual - password and access checks will be applied and a failure will give - an "Authentication Required" reply.

- -

So if a userID appears in the database of more than one module; - or if a valid Require - directive applies to more than one module; then the first module - will verify the credentials; and no access is passed on; - regardless of the AuthBasicAuthoritative - setting.

- -

By default control is not passed on and an unknown userID or - rule will result in an "Authentication Required" reply. Not setting - it thus keeps the system secure and forces an NCSA compliant - behaviour.

+

Normally, each authorization module listed in AuthBasicProvider will attempt + to verify the user, and if the user is not found in any provider, + access will be denied. Setting the + AuthBasicAuthoritative directive explicitly + to Off allows for both authentication and + authorization to be passed on to other non-provider-based modules + if there is no userID or rule + matching the supplied userID. This should only be necessary when + combining mod_auth_basic with third-party modules + that are not configured with the AuthBasicProvider + directive. When using such modules, the order of processing + is determined in the modules' source code and is not configurable.

 -- 2.47.2