Age | Commit message (Collapse) | Author | Files | Lines |
|
Add documentation
v3.2.3 (Jan Wolter - Feb 26, 2009)
-----------------------------------------------
* Added GroupExternalError directive, which allows you to specify the
HTTP error code to be returned if the group access check fails.
Defaut is 401, but you may want to return 403 if you want to show the
user an error page instead of asking him to login again. Thanks to
Peter Crawshaw <pcrawshaw@mta.ca> for this patch.
* In hopes of getting to a more consistantly named set of directives,
added new aliases for two old directives:
GroupExternalAuthoritative alias for AuthzExternalAuthoritative
GroupExternalManyAtOnce alias for AuthExternalGroupsAtOnce
Documentation updated to refer primarily to the new names.
v3.2.2 (Jan Wolter - Dec 1, 2008)
-----------------------------------------------
THIS RELEASE UPDATES DOCUMENTATION ONLY!
* Improved documentation of AuthExternalContext directive in the INSTALL
file.
* Added documentation to the UPGRADE file on interactions between multiple
Require directives.
|
|
* Added AuthExternalContext directive, which defines a string that will be
passed to the authenticator in the CONTEXT environment variable. This can
be set from the .htaccess file or the <Directory> block to give slightly
different behavior from the same authenticator in different directories.
Thanks to Olivier Thauvin <nanardon at mandriva dot org> for this patch.
* Rewrite external authenticator launching code to use Apache's cross-OS
process/thread library instead of directly calling Unix functions.
Theoretically this should get us much closer to being usable on non-
Unix platforms.
* Support alternate syntax for configuration, using DefineAuthExternal and
DefineAuthGroup commands.
* More detailed error logging.
* Much cleanup of documentation.
|
|
The Apache HTTP Daemon can be configured to require users to supply logins
and passwords before accessing pages in some directories. Authentication is
the process of checking if the password given is correct for a user. Apache
has standard modules for authenticating out of several different kinds of
databases. The external authentication module provides a flexible tool for
creating authentication systems based on other databases.
The module can be used in either of two somewhat divergent ways:
1) External Authentication:
When a user supplies a login and password, mod_auth*_external runs a program
you write, passing it the login and password. Your program does whatever
checking and logging it needs to, and then returns a Accept/Reject flag to
Apache.
2) Hardcoded Authentication:
Some hooks have been inserted into mod_auth*_external to make it easy to
replace the call to the external authentication program with a call to a
hardcoded internal authentication routine that you write.
|