From e8ec7aa8e38a93f5b034ac74cebce5de23710317 Mon Sep 17 00:00:00 2001 From: hongbotian Date: Mon, 30 Nov 2015 01:45:08 -0500 Subject: upload http JIRA: BOTTLENECK-10 Change-Id: I7598427ff904df438ce77c2819ee48ac75ffa8da Signed-off-by: hongbotian --- .../httpd-2.0.64/docs/manual/mod/mod_auth.html.en | 201 +++++++++++++++++++++ 1 file changed, 201 insertions(+) create mode 100644 rubbos/app/httpd-2.0.64/docs/manual/mod/mod_auth.html.en (limited to 'rubbos/app/httpd-2.0.64/docs/manual/mod/mod_auth.html.en') diff --git a/rubbos/app/httpd-2.0.64/docs/manual/mod/mod_auth.html.en b/rubbos/app/httpd-2.0.64/docs/manual/mod/mod_auth.html.en new file mode 100644 index 00000000..fc3c91bb --- /dev/null +++ b/rubbos/app/httpd-2.0.64/docs/manual/mod/mod_auth.html.en @@ -0,0 +1,201 @@ + + + +mod_auth - Apache HTTP Server + + + + + +
+

Modules | Directives | FAQ | Glossary | Sitemap

+

Apache HTTP Server Version 2.0

+
+
<-
+ +
+

Apache Module mod_auth

+
+

Available Languages:  en  | + ja 

+
+ + + + +
Description:User authentication using text files
Status:Base
Module Identifier:auth_module
Source File:mod_auth.c
Compatibility:Available only in versions prior to 2.1
+

Summary

+ +

This module allows the use of HTTP Basic Authentication to + restrict access by looking up users in plain text password and + group files. Similar functionality and greater scalability is + provided by mod_auth_dbm. HTTP Digest + Authentication is provided by mod_auth_digest.

+
+ + +
top
+

AuthAuthoritative Directive

+ + + + + + + + +
Description:Sets whether authorization and authentication are +passed to lower level modules
Syntax:AuthAuthoritative On|Off
Default:AuthAuthoritative On
Context:directory, .htaccess
Override:AuthConfig
Status:Base
Module:mod_auth
+

Setting the AuthAuthoritative directive + explicitly to Off allows for both authentication and + authorization to be passed on to lower level modules (as defined in the + modules.c files) if there is no userID + or rule matching the supplied userID. If there is a + userID and/or rule specified; the usual password and access checks + will be applied and a failure will give an "Authentication Required" + reply.

+ +

So if a userID appears in the database of more than one module; + or if a valid Require + directive applies to more than one module; then the first module + will verify the credentials; and no access is passed on; + regardless of the AuthAuthoritative setting.

+ +

A common use for this is in conjunction with one of the + database modules; such as mod_auth_dbm, + mod_auth_msql, and mod_auth_anon. + These modules supply the bulk of the user credential checking; but + a few (administrator) related accesses fall through to a lower + level with a well protected AuthUserFile.

+ +

By default control is not passed on and an unknown userID or + rule will result in an "Authentication Required" reply. Not setting + it thus keeps the system secure and forces an NCSA compliant + behaviour.

+ +

Security

+

Do consider the implications of allowing a user to allow + fall-through in his .htaccess file; and verify that this is really + what you want; Generally it is easier to just secure a single + .htpasswd file, than it is to secure a database such as mSQL. + Make sure that the AuthUserFile and the AuthGroupFile are stored outside the document tree of + the web-server; do not put them in the directory that they + protect. Otherwise, clients will be able to download the AuthUserFile and the AuthGroupFile.

+
+ +
+
top
+

AuthGroupFile Directive

+ + + + + + + +
Description:Sets the name of a text file containing the list +of user groups for authentication
Syntax:AuthGroupFile file-path
Context:directory, .htaccess
Override:AuthConfig
Status:Base
Module:mod_auth
+

The AuthGroupFile directive sets the + name of a textual file containing the list of user groups for user + authentication. File-path is the path to the group + file. If it is not absolute, it is treated as relative to the ServerRoot.

+ +

Each line of the group file contains a groupname followed by a + colon, followed by the member usernames separated by spaces.

+ +

Example:

+ mygroup: bob joe anne +

+ +

Note that searching large text files is very + inefficient; AuthDBMGroupFile provides a much better performance.

+ +

Security

+

Make sure that the AuthGroupFile is + stored outside the document tree of the web-server; do not + put it in the directory that it protects. Otherwise, clients may + be able to download the AuthGroupFile.

+
+ +
+
top
+

AuthUserFile Directive

+ + + + + + + +
Description:Sets the name of a text file containing the list of users and +passwords for authentication
Syntax:AuthUserFile file-path
Context:directory, .htaccess
Override:AuthConfig
Status:Base
Module:mod_auth
+

The AuthUserFile directive sets the name + of a textual file containing the list of users and passwords for + user authentication. File-path is the path to the user + file. If it is not absolute (i.e., if it doesn't begin + with a slash), it is treated as relative to the ServerRoot.

+ +

Each line of the user file contains a username followed by + a colon, followed by the encrypted password. If the same user + ID is defined multiple times, mod_auth will + use the first occurrence to verify the password.

+ +

The utility htpasswd + which is installed as part of the binary distribution, or which + can be found in src/support, is used to maintain + this password file. See the man + page for more details. In short:

+ +

Create a password file Filename with + username as the initial ID. It will prompt for the + password:

+ +

+ htpasswd -c Filename username +

+ +

Add or modify username2 in the password file + Filename:

+ +

+ htpasswd Filename username2 +

+ +

Note that searching large text files is very + inefficient; AuthDBMUserFile should be used + instead.

+ +

Security

+

Make sure that the AuthUserFile is + stored outside the document tree of the web-server. Do + not put it in the directory that it protects. + Otherwise, clients may be able to download the + AuthUserFile.

+
+ +
+
+
+

Available Languages:  en  | + ja 

+
+ \ No newline at end of file -- cgit 1.2.3-korg