2 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
3 <?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
4 <!-- $LastChangedRevision$ -->
7 Licensed to the Apache Software Foundation (ASF) under one or more
8 contributor license agreements. See the NOTICE file distributed with
9 this work for additional information regarding copyright ownership.
10 The ASF licenses this file to You under the Apache License, Version 2.0
11 (the "License"); you may not use this file except in compliance with
12 the License. You may obtain a copy of the License at
14 http://www.apache.org/licenses/LICENSE-2.0
16 Unless required by applicable law or agreed to in writing, software
17 distributed under the License is distributed on an "AS IS" BASIS,
18 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19 See the License for the specific language governing permissions and
20 limitations under the License.
23 <modulesynopsis metafile="mod_authn_core.xml.meta">
25 <name>mod_authn_core</name>
26 <description>Core Authentication</description>
28 <sourcefile>mod_authn_core.c</sourcefile>
29 <identifier>authn_core_module</identifier>
30 <compatibility>Available in Apache 2.3 and later</compatibility>
33 <p>This module provides core authentication capabilities to
34 allow or deny access to portions of the web site.
35 <module>mod_authn_core</module> provides directives that are
36 common to all authentication providers.</p>
39 <section id="authnalias"><title>Creating Authentication Provider Aliases</title>
41 <p>Extended authentication providers can be created
42 within the configuration file and assigned an alias name. The alias
43 providers can then be referenced through the directives
44 <directive module="mod_auth_basic">AuthBasicProvider</directive> or
45 <directive module="mod_auth_digest">AuthDigestProvider</directive> in
46 the same way as a base authentication provider. Besides the ability
47 to create and alias an extended provider, it also allows the same
48 extended authentication provider to be reference by multiple
51 <section id="example"><title>Examples</title>
53 <p>This example checks for passwords in two different text
56 <example><title>Checking multiple text password files</title>
58 # Check here first<br />
59 <AuthnProviderAlias file file1><br />
61 AuthUserFile /www/conf/passwords1<br />
63 </AuthnProviderAlias><br />
65 # Then check here<br />
66 <AuthnProviderAlias file file2> <br />
68 AuthUserFile /www/conf/passwords2<br />
70 </AuthnProviderAlias><br />
72 <Directory /var/web/pages/secure><br />
74 AuthBasicProvider file1 file2<br />
77 AuthName "Protected Area"<br />
78 Require valid-user<br />
80 </Directory><br />
83 <p>The example below creates two different ldap authentication
84 provider aliases based on the ldap provider. This allows
85 a single authenticated location to be serviced by multiple ldap
88 <example><title>Checking multiple LDAP servers</title>
89 <AuthnProviderAlias ldap ldap-alias1><br />
91 AuthLDAPBindDN cn=youruser,o=ctx<br />
92 AuthLDAPBindPassword yourpassword<br />
93 AuthLDAPURL ldap://ldap.host/o=ctx<br />
95 </AuthnProviderAlias><br /><br />
96 <AuthnProviderAlias ldap ldap-other-alias><br />
98 AuthLDAPBindDN cn=yourotheruser,o=dev<br />
99 AuthLDAPBindPassword yourotherpassword<br />
100 AuthLDAPURL ldap://other.ldap.host/o=dev?cn<br />
102 </AuthnProviderAlias><br /><br />
104 Alias /secure /webpages/secure<br />
105 <Directory /webpages/secure><br />
107 Order deny,allow<br />
108 Allow from all<br /><br />
110 AuthBasicProvider ldap-other-alias ldap-alias1<br /><br />
113 AuthName LDAP_Protected_Place<br />
114 Require valid-user<br />
116 </Directory><br />
124 <name>AuthName</name>
125 <description>Authorization realm for use in HTTP
126 authentication</description>
127 <syntax>AuthName <var>auth-domain</var></syntax>
128 <contextlist><context>directory</context><context>.htaccess</context>
130 <override>AuthConfig</override>
133 <p>This directive sets the name of the authorization realm for a
134 directory. This realm is given to the client so that the user
135 knows which username and password to send.
136 <directive>AuthName</directive> takes a single argument; if the
137 realm name contains spaces, it must be enclosed in quotation
138 marks. It must be accompanied by <directive
139 module="mod_authn_core">AuthType</directive> and <directive
140 module="mod_authz_core">Require</directive> directives, and directives such
141 as <directive module="mod_authn_file">AuthUserFile</directive> and
142 <directive module="mod_authz_groupfile">AuthGroupFile</directive> to
148 AuthName "Top Secret"
151 <p>The string provided for the <code>AuthName</code> is what will
152 appear in the password dialog provided by most browsers.</p>
155 href="../howto/auth.html">Authentication, Authorization, and
156 Access Control</a></seealso>
157 <seealso><module>mod_authz_core</module></seealso>
161 <name>AuthType</name>
162 <description>Type of user authentication</description>
163 <syntax>AuthType None|Basic|Digest|Form</syntax>
164 <contextlist><context>directory</context><context>.htaccess</context>
166 <override>AuthConfig</override>
169 <p>This directive selects the type of user authentication for a
170 directory. The authentication types available are <code>None</code>,
171 <code>Basic</code> (implemented by
172 <module>mod_auth_basic</module>), <code>Digest</code>
173 (implemented by <module>mod_auth_digest</module>), and
174 <code>Form</code> (implemented by <module>mod_auth_form</module>).</p>
176 <p>To implement authentication, you must also use the <directive
177 module="mod_authn_core">AuthName</directive> and <directive
178 module="mod_authz_core">Require</directive> directives. In addition, the
179 server must have an authentication-provider module such as
180 <module>mod_authn_file</module> and an authorization module such
181 as <module>mod_authz_user</module>.</p>
183 <p>The authentication type <code>None</code> disables authentication.
184 When authentication is enabled, it is normally inherited by each
185 subsequent <a href="../sections.html#mergin">configuration section</a>,
186 unless a different authentication type is specified. If no
187 authentication is desired for a subsection of an authenticated
188 section, the authentication type <code>None</code> may be used;
189 in the following example, clients may access the
190 <code>/www/docs/public</code> directory without authenticating:</p>
193 <Directory /www/docs>
196 AuthName Documents<br />
197 AuthBasicProvider file<br />
198 AuthUserFile /usr/local/apache/passwd/passwords<br />
201 </Directory><br />
203 <Directory /www/docs/public>
211 <note>When disabling authentication, note that clients which have
212 already authenticated against another portion of the server's document
213 tree will typically continue to send authentication HTTP headers
214 or cookies with each request, regardless of whether the server
215 actually requires authentication for every resource.</note>
218 <seealso><a href="../howto/auth.html">Authentication, Authorization,
219 and Access Control</a></seealso>
222 <directivesynopsis type="section">
223 <name>AuthnProviderAlias</name>
224 <description>Enclose a group of directives that represent an
225 extension of a base authentication provider and referenced by
226 the specified alias</description>
227 <syntax><AuthnProviderAlias <var>baseProvider Alias</var>>
228 ... </AuthnProviderAlias></syntax>
229 <contextlist><context>server config</context>
233 <p><code><AuthnProviderAlias></code> and
234 <code></AuthnProviderAlias></code> are used to enclose a group of
235 authentication directives that can be referenced by the alias name
236 using one of the directives <directive module="mod_auth_basic">
237 AuthBasicProvider</directive> or <directive module="mod_auth_digest">
238 AuthDigestProvider</directive>.</p>