diff options
Diffstat (limited to 'docs/manual/howto/auth.html.en')
| -rw-r--r-- | docs/manual/howto/auth.html.en | 76 |
1 files changed, 29 insertions, 47 deletions
diff --git a/docs/manual/howto/auth.html.en b/docs/manual/howto/auth.html.en index 7508170a..ceff2f56 100644 --- a/docs/manual/howto/auth.html.en +++ b/docs/manual/howto/auth.html.en @@ -9,7 +9,7 @@ <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> <link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> -<script src="../style/scripts/prettify.js" type="text/javascript"> +<script src="../style/scripts/prettify.min.js" type="text/javascript"> </script> <link href="../images/favicon.ico" rel="shortcut icon" /></head> @@ -215,14 +215,12 @@ module from each group.</p> placed in <code>httpd.conf</code> inside a <Directory /usr/local/apache/htdocs/secret> section.</p> - <pre class="prettyprint lang-config"> -AuthType Basic + <pre class="prettyprint lang-config">AuthType Basic AuthName "Restricted Files" # (Following line optional) AuthBasicProvider file AuthUserFile /usr/local/apache/passwd/passwords -Require user rbowen - </pre> +Require user rbowen</pre> <p>Let's examine each of those directives individually. The <code class="directive"><a href="../mod/mod_authn_core.html#authtype">AuthType</a></code> directive selects @@ -233,8 +231,8 @@ Require user rbowen the server unencrypted. This method should therefore not be used for highly sensitive data, unless accompanied by <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code>. Apache supports one other authentication method: - <code>AuthType Digest</code>. This method is implemented by <code class="module"><a href="../mod/mod_auth_digest.html">mod_auth_digest</a></code> and is much more secure. Most recent - browsers support Digest authentication.</p> + <code>AuthType Digest</code>. This method is implemented by <code class="module"><a href="../mod/mod_auth_digest.html">mod_auth_digest</a></code> and was intended to be more secure. This is no + longer the case and the connection should be encrypted with <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> instead.</p> <p>The <code class="directive"><a href="../mod/mod_authn_core.html#authname">AuthName</a></code> directive sets the <dfn>Realm</dfn> to be used in the authentication. The realm serves @@ -314,15 +312,13 @@ person in</a></h2> <code class="directive"><a href="../mod/core.html#directory"><Directory></a></code> block to look like the following:</p> - <pre class="prettyprint lang-config"> -AuthType Basic + <pre class="prettyprint lang-config">AuthType Basic AuthName "By Invitation Only" # Optional line: AuthBasicProvider file AuthUserFile /usr/local/apache/passwd/passwords AuthGroupFile /usr/local/apache/passwd/groups -Require group GroupName - </pre> +Require group GroupName</pre> <p>Now, anyone that is listed in the group <code>GroupName</code>, @@ -374,15 +370,13 @@ Require group GroupName <p>To select a dbm file rather than a text file, for example:</p> - <pre class="prettyprint lang-config"> -<Directory /www/docs/private> + <pre class="prettyprint lang-config"><Directory /www/docs/private> AuthName "Private" AuthType Basic AuthBasicProvider dbm AuthDBMUserFile /www/passwords/passwd.dbm Require valid-user -</Directory> - </pre> +</Directory></pre> <p>Other options are available. Consult the @@ -398,16 +392,14 @@ Require group GroupName scheme that meets your needs. In the following example, both the file and LDAP based authentication providers are being used.</p> - <pre class="prettyprint lang-config"> -<Directory /www/docs/private> + <pre class="prettyprint lang-config"><Directory /www/docs/private> AuthName "Private" AuthType Basic AuthBasicProvider file ldap AuthUserFile /usr/local/apache/passwd/passwords AuthLDAPURL ldap://ldaphost/o=yourorg Require valid-user -</Directory> - </pre> +</Directory></pre> <p>In this example the file provider will attempt to authenticate @@ -423,8 +415,7 @@ Require group GroupName authorization methods can also be used. In this example both file group authorization as well as LDAP group authorization is being used.</p> - <pre class="prettyprint lang-config"> -<Directory /www/docs/private> + <pre class="prettyprint lang-config"><Directory /www/docs/private> AuthName "Private" AuthType Basic AuthBasicProvider file @@ -433,8 +424,7 @@ Require group GroupName AuthGroupFile /usr/local/apache/passwd/groups Require group GroupName Require ldap-group cn=mygroup,o=yourorg -</Directory> - </pre> +</Directory></pre> <p>To take authorization a little further, authorization container @@ -499,13 +489,11 @@ Require group GroupName other than who they are. Something such as where they are coming from.</p> - <p>The authorization providers <code class="directive"><a href="../mod/mod_authz_host.html# all"> - all</a></code>, <code class="directive"><a href="../mod/mod_authz_host.html# env"> - env</a></code>, <code class="directive"><a href="../mod/mod_authz_host.html# host"> - host</a></code> and <code class="directive"><a href="../mod/mod_authz_host.html# ip"> - ip</a></code> let you allow or deny access based other host based - criteria such as host name or ip address of the machine requesting - a document.</p> + <p>The authorization providers <code>all</code>, + <code>env</code>, <code>host</code> and <code>ip</code> let you + allow or deny access based other host based criteria such as + host name or ip address of the machine requesting a + document.</p> <p>The usage of these providers is specified through the <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code> directive. @@ -530,37 +518,31 @@ Require group GroupName board, and you want to keep them out, you could do the following:</p> - <pre class="prettyprint lang-config"> -<RequireAll> + <pre class="prettyprint lang-config"><RequireAll> Require all granted Require not ip 10.252.46.165 -</RequireAll> - </pre> +</RequireAll></pre> <p>Visitors coming from that address will not be able to see the content covered by this directive. If, instead, you have a machine name, rather than an IP address, you can use that.</p> - <pre class="prettyprint lang-config"> -<RequireAll> + <pre class="prettyprint lang-config"><RequireAll> Require all granted Require not host host.example.com -</RequireAll> - </pre> +</RequireAll></pre> <p>And, if you'd like to block access from an entire domain, you can specify just part of an address or domain name:</p> - <pre class="prettyprint lang-config"> -<RequireAll> + <pre class="prettyprint lang-config"><RequireAll> Require all granted Require not ip 192.168.205 Require not host phishers.example.com moreidiots.example Require not host ke -</RequireAll> - </pre> +</RequireAll></pre> <p>Using <code class="directive"><a href="../mod/mod_authz_core.html#requireall"><RequireAll></a></code> @@ -595,10 +577,10 @@ Require group GroupName <div class="section"> <h2><a name="moreinformation" id="moreinformation">More information</a></h2> <p>You should also read the documentation for - <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code> and <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code> which - contain some more information about how this all works. - The directive <code class="directive"><a href="../mod/mod_authn_core.html#<authnprovideralias>"><AuthnProviderAlias></a></code> - can also help in simplifying certain authentication configurations.</p> + <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code> and <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code> + which contain some more information about how this all works. The + directive <code class="directive"><a href="../mod/mod_authn_core.html#authnprovideralias"><AuthnProviderAlias></a></code> can also help + in simplifying certain authentication configurations.</p> <p>The various ciphers supported by Apache for authentication data are explained in <a href="../misc/password_encryptions.html">Password @@ -632,7 +614,7 @@ var comments_identifier = 'http://httpd.apache.org/docs/2.4/howto/auth.html'; } })(window, document); //--><!]]></script></div><div id="footer"> -<p class="apache">Copyright 2013 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> +<p class="apache">Copyright 2014 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- if (typeof(prettyPrint) !== 'undefined') { prettyPrint(); |