slive 00/09/25 16:59:29
Modified: htdocs/manual/mod mod_auth_anon.html mod_auth_db.html
mod_auth_dbm.html mod_auth_digest.html index.html
index-bytype.html
Log:
Style updates.
Revision Changes Path
1.25 +72 -66 httpd-docs-2.0/htdocs/manual/mod/mod_auth_anon.html
Index: mod_auth_anon.html
===================================================================
RCS file: /home/cvs/httpd-docs-2.0/htdocs/manual/mod/mod_auth_anon.html,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- mod_auth_anon.html 2000/09/12 15:16:52 1.24
+++ mod_auth_anon.html 2000/09/25 23:59:28 1.25
@@ -14,28 +14,38 @@
<!--#include virtual="header.html" -->
<H1 ALIGN="CENTER">Module mod_auth_anon</H1>
-This module is contained in the <CODE>mod_auth_anon.c</CODE> file and
-is not compiled in by default. It is only available in Apache 1.1 and
-later. It allows "anonymous" user access to authenticated areas.
+This module allows "anonymous" user access to authenticated areas.
+<P><A
+HREF="module-dict.html#Status"
+REL="Help"
+><STRONG>Status:</STRONG></A> Extension
+<BR>
+<A
+HREF="module-dict.html#SourceFile"
+REL="Help"
+><STRONG>Source File:</STRONG></A> mod_auth_anon.c
+<BR>
+<A
+HREF="module-dict.html#ModuleIdentifier"
+REL="Help"
+><STRONG>Module Identifier:</STRONG></A> anon_auth_module
+</P>
+
+
<H2>Summary</H2>
-It does access control in a manner similar to anonymous-ftp sites; <EM>i.e.</EM>
-have a 'magic' user id 'anonymous' and the email address as a password.
-These email addresses can be logged.
-<P>
-Combined with other (database) access control methods, this allows for
+<P>This module does access control in a manner similar to
+anonymous-ftp sites; <EM>i.e.</EM> have a 'magic' user id 'anonymous'
+and the email address as a password. These email addresses can be
+logged.</p>
+
+<p>Combined with other (database) access control methods, this allows for
effective user tracking and customization according to a user profile
while still keeping the site open for 'unregistered' users. One advantage
of using Auth-based user tracking is that, unlike magic-cookies and
funny URL pre/postfixes, it is completely browser independent and it
-allows users to share URLs.
-<P>
-
-<A HREF="#Directives">Directives</A> /
-<A HREF="#Example">Example</A> /
-<A HREF="#CompileTimeOptions">Compile time options</A> /
-<P>
+allows users to share URLs.</p>
<H2><A NAME="Directives">Directives</A></H2>
<UL>
@@ -47,6 +57,53 @@
<LI><A HREF="#VerifyEmail">Anonymous_VerifyEmail</A>
</UL>
+<H2><A NAME="Example">Example</A></H2>
+
+The example below (when combined with the Auth directives
+of a htpasswd-file based (or GDM, mSQL <EM>etc.</EM>) base access
+control system allows users in as 'guests' with the
+following properties:
+<UL>
+<LI>
+It insists that the user enters a userId. (<CODE>Anonymous_NoUserId</CODE>)
+<LI>
+It insists that the user enters a password.
+(<CODE>Anonymous_MustGiveEmail</CODE>)
+<LI>
+The password entered must be a valid email address, ie. contain at least one
+'@' and a '.'. (<CODE>Anonymous_VerifyEmail</CODE>)
+<LI>
+The userID must be one of <CODE>anonymous guest www test welcome</CODE>
+and comparison is <STRONG>not</STRONG> case sensitive.
+<LI>
+And the Email addresses entered in the passwd field are logged to
+the error log file
+(<CODE>Anonymous_LogEmail</CODE>)
+</UL>
+<P>
+Excerpt of access.conf:
+<BLOCKQUOTE><CODE>
+Anonymous_NoUserId off<BR>
+Anonymous_MustGiveEmail on<BR>
+Anonymous_VerifyEmail on<BR>
+Anonymous_LogEmail on<BR>
+Anonymous anonymous guest www test welcome<P>
+<P>
+AuthName "Use 'anonymous' & Email address for guest entry"<BR>
+AuthType basic
+<P>
+# An AuthUserFile/AuthDBUserFile/AuthDBMUserFile<BR>
+# directive must be specified, or use<BR>
+# Anonymous_Authoritative for public access.<BR>
+# In the .htaccess for the public directory, add:<BR>
+<Files *><BR>
+Order Deny,Allow <BR>
+Allow from all <BR>
+<P>
+Require valid-user <BR>
+</Files><BR>
+</CODE></BLOCKQUOTE>
+
<HR>
<H2><A NAME="anonymous">Anonymous directive</A></H2>
@@ -258,58 +315,7 @@
checked for at least one '@' and a '.' to encourage users to enter
valid email addresses (see the above <CODE>Auth_LogEmail</CODE>).
-<HR>
-<H2><A NAME="Example">Example</A></H2>
-
-The example below (when combined with the Auth directives
-of a htpasswd-file based (or GDM, mSQL <EM>etc.</EM>) base access
-control system allows users in as 'guests' with the
-following properties:
-<UL>
-<LI>
-It insists that the user enters a userId. (<CODE>Anonymous_NoUserId</CODE>)
-<LI>
-It insists that the user enters a password.
-(<CODE>Anonymous_MustGiveEmail</CODE>)
-<LI>
-The password entered must be a valid email address, ie. contain at least one
-'@' and a '.'. (<CODE>Anonymous_VerifyEmail</CODE>)
-<LI>
-The userID must be one of <CODE>anonymous guest www test welcome</CODE>
-and comparison is <STRONG>not</STRONG> case sensitive.
-<LI>
-And the Email addresses entered in the passwd field are logged to
-the error log file
-(<CODE>Anonymous_LogEmail</CODE>)
-</UL>
-<P>
-Excerpt of access.conf:
-<BLOCKQUOTE><CODE>
-Anonymous_NoUserId off<BR>
-Anonymous_MustGiveEmail on<BR>
-Anonymous_VerifyEmail on<BR>
-Anonymous_LogEmail on<BR>
-Anonymous anonymous guest www test welcome<P>
-<P>
-AuthName "Use 'anonymous' & Email address for guest entry"<BR>
-AuthType basic
-<P>
-# An AuthUserFile/AuthDBUserFile/AuthDBMUserFile<BR>
-# directive must be specified, or use<BR>
-# Anonymous_Authoritative for public access.<BR>
-# In the .htaccess for the public directory, add:<BR>
-<Files *><BR>
-Order Deny,Allow <BR>
-Allow from all <BR>
-<P>
-Require valid-user <BR>
-</Files><BR>
-</CODE></BLOCKQUOTE>
-
-<HR>
-<H2><A NAME="CompileTimeOptions">Compile Time Options</A></H2>
-Currently there are no Compile options.
<!--#include virtual="footer.html" -->
</BODY>
1.19 +53 -27 httpd-docs-2.0/htdocs/manual/mod/mod_auth_db.html
Index: mod_auth_db.html
===================================================================
RCS file: /home/cvs/httpd-docs-2.0/htdocs/manual/mod/mod_auth_db.html,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- mod_auth_db.html 2000/09/12 15:16:52 1.18
+++ mod_auth_db.html 2000/09/25 23:59:28 1.19
@@ -15,32 +15,57 @@
<!--#include virtual="header.html" -->
<H1 ALIGN="CENTER">Module mod_auth_db</H1>
-This module is contained in the <CODE>mod_auth_db.c</CODE> file, and
-is not compiled in by default. It provides for user authentication using
-Berkeley DB files. It is an alternative to <A HREF="mod_auth_dbm.html">DBM</A>
-files for those systems which support DB and not DBM. It is only
-available in Apache 1.1 and later.
+<p>This module provides for user authentication using Berkeley DB
+files. </p>
-<P>
-On some BSD systems (<EM>e.g.</EM>, FreeBSD and NetBSD) dbm is automatically mapped to
-Berkeley DB. You can use either <A HREF="mod_auth_dbm.html">mod_auth_dbm</A>
-or mod_auth_db. The latter makes it more obvious that it's Berkeley DB. On
-other platforms where you want to use the DB library you usually have to
-install it first. See
-<A HREF="http://www.sleepycat.com/">http://www.sleepycat.com/</A> for the
-distribution. The interface this module uses is the one from DB version 1.85
-and 1.86, but DB version 2.x can also be used when compatibility mode is
-enabled.
+<P><A
+HREF="module-dict.html#Status"
+REL="Help"
+><STRONG>Status:</STRONG></A> Extension
+<BR>
+<A
+HREF="module-dict.html#SourceFile"
+REL="Help"
+><STRONG>Source File:</STRONG></A> mod_auth_db.c
+<BR>
+<A
+HREF="module-dict.html#ModuleIdentifier"
+REL="Help"
+><STRONG>Module Identifier:</STRONG></A> db_auth_module
+</P>
+
+<h2>Summary</h2>
+
+<p>This module provides an alternative to <A
+HREF="mod_auth_dbm.html">DBM</A> files for those systems which support
+DB and not DBM. It is only available in Apache 1.1 and later.</p>
+
+<p>On some BSD systems (<EM>e.g.</EM>, FreeBSD and NetBSD) dbm is
+automatically mapped to Berkeley DB. You can use either <A
+HREF="mod_auth_dbm.html">mod_auth_dbm</A> or mod_auth_db. The latter
+makes it more obvious that it's Berkeley DB. On other platforms where
+you want to use the DB library you usually have to install it
+first. See <A
+HREF="http://www.sleepycat.com/">http://www.sleepycat.com/</A> for the
+distribution. The interface this module uses is the one from DB
+version 1.85 and 1.86, but DB version 2.x can also be used when
+compatibility mode is enabled.</p>
+
+<h2>Directives</h2>
-<MENU>
+<UL>
<LI><A HREF="#authdbgroupfile">AuthDBGroupFile</A>
<LI><A HREF="#authdbuserfile">AuthDBUserFile</A>
<LI><A HREF="#authdbauthoritative">AuthDBAuthoritative</A>
-</MENU>
+</UL>
+
+<p>See also: <a href="core.html#satisfy">satisfy</a> and
+<a href="core.html#require">require</a>.</p>
+
<HR>
-<H2><A NAME="authdbgroupfile">AuthDBGroupFile</A></H2>
+<H2><A NAME="authdbgroupfile">AuthDBGroupFile directive</A></H2>
<!--%plaintext <?INDEX {\tt AuthDBGroupFile} directive> -->
<A
HREF="directive-dict.html#Syntax"
@@ -103,7 +128,7 @@
<A HREF="core.html#authtype">AuthType</A> and
<A HREF="#authdbuserfile">AuthDBUserFile</A>.<P><HR>
-<H2><A NAME="authdbuserfile">AuthDBUserFile</A></H2>
+<H2><A NAME="authdbuserfile">AuthDBUserFile</A> directive</H2>
<!--%plaintext <?INDEX {\tt AuthDBUserFile} directive> -->
<A
HREF="directive-dict.html#Syntax"
@@ -152,14 +177,18 @@
<A HREF="core.html#authtype">AuthType</A> and
<A HREF="#authdbgroupfile">AuthDBGroupFile</A>.<P>
<HR>
-<H2><A NAME="authdbauthoritative">AuthDBAuthoritative</A></H2>
+<H2><A NAME="authdbauthoritative">AuthDBAuthoritative</A> directive</H2>
<!--%plaintext <?INDEX {\tt AuthDBAuthoritative} directive> -->
<A
HREF="directive-dict.html#Syntax"
REL="Help"
><STRONG>Syntax:</STRONG></A> AuthDBAuthoritative <
- <STRONG> on</STRONG>(default) | off > <BR>
+ <STRONG> on</STRONG>| off > <BR>
<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>AuthDBAuthoritative on</CODE><BR>
+<A
HREF="directive-dict.html#Context"
REL="Help"
><STRONG>Context:</STRONG></A> directory, .htaccess<BR>
@@ -195,13 +224,10 @@
checking; a few (administrator) related accesses fall through to
a lower level with a well protected .htpasswd file. <P>
-<A
- HREF="directive-dict.html#Default"
- REL="Help"
-><STRONG>Default:</STRONG></A> By default; control is not passed on; and an
-unknown
+
+By default, control is not passed on and an unknown
userID or rule will result in an Authorization Required reply. Not
-setting it thus keeps the system secure; and forces an NCSA compliant
+setting it thus keeps the system secure and forces an NCSA compliant
behaviour. <P>
Security: Do consider the implications of allowing a user to allow
fall-through in his .htaccess file; and verify that this is really
1.20 +42 -15 httpd-docs-2.0/htdocs/manual/mod/mod_auth_dbm.html
Index: mod_auth_dbm.html
===================================================================
RCS file: /home/cvs/httpd-docs-2.0/htdocs/manual/mod/mod_auth_dbm.html,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- mod_auth_dbm.html 2000/09/12 15:16:52 1.19
+++ mod_auth_dbm.html 2000/09/25 23:59:28 1.20
@@ -16,16 +16,42 @@
<H1 ALIGN="CENTER">Module mod_auth_dbm</H1>
-This module is contained in the <CODE>mod_auth_dbm.c</CODE> file, and
-is not compiled in by default. It provides for user authentication using
-DBM files.
+<p>This module provides for user authentication using DBM files.</p>
+<P><A
+HREF="module-dict.html#Status"
+REL="Help"
+><STRONG>Status:</STRONG></A> Extension
+<BR>
+<A
+HREF="module-dict.html#SourceFile"
+REL="Help"
+><STRONG>Source File:</STRONG></A> mod_auth_dbm.c
+<BR>
+<A
+HREF="module-dict.html#ModuleIdentifier"
+REL="Help"
+><STRONG>Module Identifier:</STRONG></A> dbm_auth_module
+</P>
+
+<h2>Summary</h2>
+
+<p>This module provides for HTTP Basic Authentication, where the
+usernames and passwords are stored in DBM type database files. It is
+an alternative to the plain text password files provided by <a
+href="mod_auth.html">mod_auth</A> and the Berkely DB password files
+provided by <a href="mod_auth_db.html">mod_auth_db</a>.</p>
-<MENU>
+<h2>Directives</h2>
+
+<ul>
<LI><A HREF="#authdbmgroupfile">AuthDBMGroupFile</A>
<LI><A HREF="#authdbmuserfile">AuthDBMUserFile</A>
<LI><A HREF="#authdbmauthoritative">AuthDBMAuthoritative</A>
-</MENU>
+</ul>
+
+<p>See also: <a href="core.html#satisfy">Satisfy</a> and
+<a href="core.html#require">Require</a>.
<HR>
@@ -147,8 +173,12 @@
<!--%plaintext <?INDEX {\tt AuthDBMAuthoritative} directive> -->
<A
HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> AuthDBMAuthoritative < <STRONG> on</STRONG> | off > <BR>
+<A
+ HREF="directive-dict.html#Default"
REL="Help"
-><STRONG>Syntax:</STRONG></A> AuthDBMAuthoritative < <STRONG> on</STRONG>(default) | off > <BR>
+><STRONG>Default:</STRONG></A> <code>AuthDBMAuthoritative on</code><br>
<A
HREF="directive-dict.html#Context"
REL="Help"
@@ -160,11 +190,11 @@
<A
HREF="directive-dict.html#Status"
REL="Help"
-><STRONG>Status:</STRONG></A> Base<BR>
+><STRONG>Status:</STRONG></A> Extension<BR>
<A
HREF="directive-dict.html#Module"
REL="Help"
-><STRONG>Module:</STRONG></A> mod_auth<P>
+><STRONG>Module:</STRONG></A> mod_auth_dbm<P>
Setting the AuthDBMAuthoritative directive explicitly to <STRONG>'off'</STRONG>
allows for both authentication and authorization to be passed on
@@ -185,13 +215,10 @@
checking; a few (administrator) related accesses fall through to
a lower level with a well protected .htpasswd file. <P>
-<A
- HREF="directive-dict.html#Default"
- REL="Help"
-><STRONG>Default:</STRONG></A> By default; control is not passed on; and an unknown
-userID or rule will result in an Authorization Required reply. Not
-setting it thus keeps the system secure; and forces an NCSA compliant
-behaviour. <P>
+
+By default, control is not passed on and an unknown userID or rule
+will result in an Authorization Required reply. Not setting it thus
+keeps the system secure and forces an NCSA compliant behaviour. <P>
Security: Do consider the implications of allowing a user to allow
fall-through in his .htaccess file; and verify that this is really
1.4 +87 -93 httpd-docs-2.0/htdocs/manual/mod/mod_auth_digest.html
Index: mod_auth_digest.html
===================================================================
RCS file: /home/cvs/httpd-docs-2.0/htdocs/manual/mod/mod_auth_digest.html,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- mod_auth_digest.html 2000/09/12 15:16:53 1.3
+++ mod_auth_digest.html 2000/09/25 23:59:28 1.4
@@ -15,19 +15,36 @@
<!--#include virtual="header.html" -->
<H1 ALIGN="CENTER">Module mod_auth_digest</H1>
-This module is contained in the <CODE>mod_auth_digest.c</CODE> file, and is
-not compiled in by default. It is only available in Apache 1.3.8 and
-later. It provides for user authentication using MD5 Digest
-Authentication.
+<p>This module provides for user authentication using MD5 Digest
+Authentication.</p>
-<P>Note this is an updated version of <A
+<P><A
+HREF="module-dict.html#Status"
+REL="Help"
+><STRONG>Status:</STRONG></A> Experimental
+<BR>
+<A
+HREF="module-dict.html#SourceFile"
+REL="Help"
+><STRONG>Source File:</STRONG></A> mod_auth_digest.c
+<BR>
+<A
+HREF="module-dict.html#ModuleIdentifier"
+REL="Help"
+><STRONG>Module Identifier:</STRONG></A> digest_auth_module
+</P>
+
+<h2>Summary</h2>
+
+<P>This is an updated version of <A
HREF="mod_digest.html">mod_digest</A>. However, it has not been
-extensively tested and is therefore marked experimental. If you use this
-module, you must make sure to <em>not</em> use mod_digest (because they
-share some of the same configuration directives).
+extensively tested and is therefore marked experimental. If you use
+this module, you must make sure to <em>not</em> use mod_digest
+(because they share some of the same configuration directives).
+<h2>Directives</h2>
-<MENU>
+<ul>
<LI><A HREF="#authdigestfile">AuthDigestFile</A>
<LI><A HREF="#authdigestgroupfile">AuthDigestGroupFile</A>
<LI><A HREF="#authdigestqop">AuthDigestQop</A>
@@ -36,12 +53,47 @@
<LI><A HREF="#authdigestnccheck">AuthDigestNcCheck</A>
<LI><A HREF="#authdigestalgorithm">AuthDigestAlgorithm</A>
<LI><A HREF="#authdigestdomain">AuthDigestDomain</A>
-<LI><A HREF="#usingdigest">Using Digest Authentication</A>
-</MENU>
+</ul>
+
+<p>See also: <a href="core.html#require">Require</a> and
+<a href="core.html#satisfy">Satisfy</a>.
+
+<H3><A NAME="usingdigest">Using Digest Authentication</A></H3>
+
+<P>Using MD5 Digest authentication is very simple. Simply set up
+authentication normally, using "AuthType Digest" and "AuthDigestFile"
+instead of the normal "AuthType Basic" and "AuthUserFile"; also,
+replace any "AuthGroupFile" with "AuthDigestGroupFile". Then add a
+"AuthDigestDomain" directive containing at least the root URI(s) for
+this protection space. Example:
+
+<PRE>
+ <Location /private/>
+ AuthType Digest
+ AuthName "private area"
+ AuthDigestDomain /private/ http://mirror.my.dom/private2/
+ AuthDigestFile /web/auth/.digest_pw
+ Require valid-user
+ </Location>
+</PRE>
+
+<P><strong>Note:</strong> MD5 authentication provides a more secure
+password system than Basic authentication, but only works with supporting
+browsers. As of this writing (July 1999), the only major browsers which
+support digest authentication are <A
+HREF="http://www.microsoft.com/windows/ie/">Internet Explorer 5.0</A> and
+<A HREF="http://www.w3.org/Amaya/">Amaya</A>. Therefore, we do not
+recommend using this feature on a large Internet site. However, for
+personal and intra-net use, where browser users can be controlled, it is
+ideal.
+
+
<HR>
+
+
-<H2><A NAME="authdigestfile">AuthDigestFile</A></H2>
+<H2><A NAME="authdigestfile">AuthDigestFile</A> directive</H2>
<A
HREF="directive-dict.html#Syntax"
REL="Help"
@@ -57,7 +109,7 @@
<A
HREF="directive-dict.html#Status"
REL="Help"
-><STRONG>Status:</STRONG></A> Base<BR>
+><STRONG>Status:</STRONG></A> Experimental<BR>
<A
HREF="directive-dict.html#Module"
REL="Help"
@@ -73,7 +125,7 @@
<HR>
-<H2><A NAME="authdigestgroupfile">AuthDigestGroupFile</A></H2>
+<H2><A NAME="authdigestgroupfile">AuthDigestGroupFile</A> directive</H2>
<A
HREF="directive-dict.html#Syntax"
REL="Help"
@@ -89,15 +141,11 @@
<A
HREF="directive-dict.html#Status"
REL="Help"
-><STRONG>Status:</STRONG></A> Base<BR>
+><STRONG>Status:</STRONG></A> Experimental<BR>
<A
HREF="directive-dict.html#Module"
- REL="Help"
-><STRONG>Module:</STRONG></A> mod_auth_digest<BR>
-<A
- HREF="directive-dict.html#Compatibility"
REL="Help"
-><STRONG>Compatibility:</STRONG></A> Available in Apache 1.3.8 and later
+><STRONG>Module:</STRONG></A> mod_auth_digest
<P>The AuthDigestGroupFile directive sets the name of a textual file
containing the list of groups and their members (user names).
@@ -115,7 +163,7 @@
<HR>
-<H2><A NAME="authdigestqop">AuthDigestQop</A></H2>
+<H2><A NAME="authdigestqop">AuthDigestQop</A> directive</H2>
<A
HREF="directive-dict.html#Syntax"
REL="Help"
@@ -135,15 +183,11 @@
<A
HREF="directive-dict.html#Status"
REL="Help"
-><STRONG>Status:</STRONG></A> Base<BR>
+><STRONG>Status:</STRONG></A> Experimental<BR>
<A
HREF="directive-dict.html#Module"
REL="Help"
-><STRONG>Module:</STRONG></A> mod_auth_digest<BR>
-<A
- HREF="directive-dict.html#Compatibility"
- REL="Help"
-><STRONG>Compatibility:</STRONG></A> Available in Apache 1.3.8 and later
+><STRONG>Module:</STRONG></A> mod_auth_digest
<P>The AuthDigestQop directive determines the quality-of-protection to use.
<EM>auth</EM> will only do authentication (username/password);
@@ -159,7 +203,8 @@
<HR>
-<H2><A NAME="authdigestnoncelifetime">AuthDigestNonceLifetime</A></H2>
+<H2><A NAME="authdigestnoncelifetime">AuthDigestNonceLifetime</A>
+directive</H2>
<A
HREF="directive-dict.html#Syntax"
REL="Help"
@@ -179,15 +224,11 @@
<A
HREF="directive-dict.html#Status"
REL="Help"
-><STRONG>Status:</STRONG></A> Base<BR>
+><STRONG>Status:</STRONG></A> Experimental<BR>
<A
HREF="directive-dict.html#Module"
- REL="Help"
-><STRONG>Module:</STRONG></A> mod_auth_digest<BR>
-<A
- HREF="directive-dict.html#Compatibility"
REL="Help"
-><STRONG>Compatibility:</STRONG></A> Available in Apache 1.3.8 and later
+><STRONG>Module:</STRONG></A> mod_auth_digest
<P>The AuthDigestNonceLifetime directive controls how long the server
nonce is valid. When the client contacts the server using an expired
@@ -213,7 +254,7 @@
-->
<HR>
-<H2><A NAME="authdigestnonceformat">AuthDigestNonceFormat</A></H2>
+<H2><A NAME="authdigestnonceformat">AuthDigestNonceFormat</A> directive</H2>
<A
HREF="directive-dict.html#Syntax"
REL="Help"
@@ -233,15 +274,11 @@
<A
HREF="directive-dict.html#Status"
REL="Help"
-><STRONG>Status:</STRONG></A> Base<BR>
+><STRONG>Status:</STRONG></A> Experimental<BR>
<A
HREF="directive-dict.html#Module"
- REL="Help"
-><STRONG>Module:</STRONG></A> mod_auth_digest<BR>
-<A
- HREF="directive-dict.html#Compatibility"
REL="Help"
-><STRONG>Compatibility:</STRONG></A> Available in Apache 1.3.8 and later
+><STRONG>Module:</STRONG></A> mod_auth_digest
<P><STRONG>Not implemented yet.</STRONG>
<!--
@@ -250,7 +287,7 @@
-->
<HR>
-<H2><A NAME="authdigestnccheck">AuthDigestNcCheck</A></H2>
+<H2><A NAME="authdigestnccheck">AuthDigestNcCheck</A> directive</H2>
<A
HREF="directive-dict.html#Syntax"
REL="Help"
@@ -270,15 +307,11 @@
<A
HREF="directive-dict.html#Status"
REL="Help"
-><STRONG>Status:</STRONG></A> Base<BR>
+><STRONG>Status:</STRONG></A> Experimental<BR>
<A
HREF="directive-dict.html#Module"
REL="Help"
-><STRONG>Module:</STRONG></A> mod_auth_digest<BR>
-<A
- HREF="directive-dict.html#Compatibility"
- REL="Help"
-><STRONG>Compatibility:</STRONG></A> Available in Apache 1.3.8 and later
+><STRONG>Module:</STRONG></A> mod_auth_digest
<P><STRONG>Not implemented yet.</STRONG>
<!--
@@ -295,7 +328,7 @@
-->
<HR>
-<H2><A NAME="authdigestalgorithm">AuthDigestAlgorithm</A></H2>
+<H2><A NAME="authdigestalgorithm">AuthDigestAlgorithm</A> directive</H2>
<A
HREF="directive-dict.html#Syntax"
REL="Help"
@@ -315,15 +348,11 @@
<A
HREF="directive-dict.html#Status"
REL="Help"
-><STRONG>Status:</STRONG></A> Base<BR>
+><STRONG>Status:</STRONG></A> Experimental<BR>
<A
HREF="directive-dict.html#Module"
REL="Help"
-><STRONG>Module:</STRONG></A> mod_auth_digest<BR>
-<A
- HREF="directive-dict.html#Compatibility"
- REL="Help"
-><STRONG>Compatibility:</STRONG></A> Available in Apache 1.3.8 and later
+><STRONG>Module:</STRONG></A> mod_auth_digest
<P>The AuthDigestAlgorithm directive selects the algorithm used to calculate
the challenge and response hashes.
@@ -335,7 +364,7 @@
-->
<HR>
-<H2><A NAME="authdigestdomain">AuthDigestDomain</A></H2>
+<H2><A NAME="authdigestdomain">AuthDigestDomain</A> directive</H2>
<A
HREF="directive-dict.html#Syntax"
REL="Help"
@@ -351,15 +380,11 @@
<A
HREF="directive-dict.html#Status"
REL="Help"
-><STRONG>Status:</STRONG></A> Base<BR>
+><STRONG>Status:</STRONG></A> Experimental<BR>
<A
HREF="directive-dict.html#Module"
- REL="Help"
-><STRONG>Module:</STRONG></A> mod_auth_digest<BR>
-<A
- HREF="directive-dict.html#Compatibility"
REL="Help"
-><STRONG>Compatibility:</STRONG></A> Available in Apache 1.3.8 and later
+><STRONG>Module:</STRONG></A> mod_auth_digest
<P>The AuthDigestDomain directive allows you to specify one or more URIs
which are in the same protection space (i.e. use the same realm and
@@ -378,37 +403,6 @@
clients (which understand this) will then share username/password info
across multiple servers without prompting the user each time.
-
-<HR>
-
-<H3><A NAME="usingdigest">Using Digest Authentication</A></H3>
-
-<P>Using MD5 Digest authentication is very simple. Simply set up
-authentication normally, using "AuthType Digest" and "AuthDigestFile"
-instead of the normal "AuthType Basic" and "AuthUserFile"; also,
-replace any "AuthGroupFile" with "AuthDigestGroupFile". Then add a
-"AuthDigestDomain" directive containing at least the root URI(s) for
-this protection space. Example:
-
-<PRE>
- <Location /private/>
- AuthType Digest
- AuthName "private area"
- AuthDigestDomain /private/ http://mirror.my.dom/private2/
- AuthDigestFile /web/auth/.digest_pw
- Require valid-user
- </Location>
-</PRE>
-
-<P><strong>Note:</strong> MD5 authentication provides a more secure
-password system than Basic authentication, but only works with supporting
-browsers. As of this writing (July 1999), the only major browsers which
-support digest authentication are <A
-HREF="http://www.microsoft.com/windows/ie/">Internet Explorer 5.0</A> and
-<A HREF="http://www.w3.org/Amaya/">Amaya</A>. Therefore, we do not
-recommend using this feature on a large Internet site. However, for
-personal and intra-net use, where browser users can be controlled, it is
-ideal.
<!--#include virtual="footer.html" -->
</BODY>
1.37 +1 -1 httpd-docs-2.0/htdocs/manual/mod/index.html
Index: index.html
===================================================================
RCS file: /home/cvs/httpd-docs-2.0/htdocs/manual/mod/index.html,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- index.html 2000/09/25 21:50:07 1.36
+++ index.html 2000/09/25 23:59:28 1.37
@@ -39,7 +39,7 @@
<DT><A HREF="mod_auth.html">mod_auth</A>
<DD>User authentication using text files.
<DT><A HREF="mod_auth_anon.html">mod_auth_anon</A>
-<DD>Anonymous user authentication, FTP-style.
+<DD>Anonymous user access to authenticated areas.
<DT><A HREF="mod_auth_db.html">mod_auth_db</A>
<DD>User authentication using Berkeley DB files.
<DT><A HREF="mod_auth_dbm.html">mod_auth_dbm</A>
1.5 +1 -1 httpd-docs-2.0/htdocs/manual/mod/index-bytype.html
Index: index-bytype.html
===================================================================
RCS file: /home/cvs/httpd-docs-2.0/htdocs/manual/mod/index-bytype.html,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- index-bytype.html 2000/09/25 21:50:07 1.4
+++ index-bytype.html 2000/09/25 23:59:28 1.5
@@ -91,7 +91,7 @@
<DT><A HREF="mod_auth_db.html">mod_auth_db</A>
<DD>User authentication using Berkeley DB files.
<DT><A HREF="mod_auth_anon.html">mod_auth_anon</A>
-<DD>Anonymous user authentication, FTP-style.
+<DD>Anonymous user access to authenticated areas.
<DT><A HREF="mod_auth_digest.html">mod_auth_digest</A>
<DD>MD5 authentication
<DT><A HREF="mod_digest.html">mod_digest</A>
Modified: htdocs/manual/mod mod_auth_anon.html mod_auth_db.html
mod_auth_dbm.html mod_auth_digest.html index.html
index-bytype.html
Log:
Style updates.
Revision Changes Path
1.25 +72 -66 httpd-docs-2.0/htdocs/manual/mod/mod_auth_anon.html
Index: mod_auth_anon.html
===================================================================
RCS file: /home/cvs/httpd-docs-2.0/htdocs/manual/mod/mod_auth_anon.html,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- mod_auth_anon.html 2000/09/12 15:16:52 1.24
+++ mod_auth_anon.html 2000/09/25 23:59:28 1.25
@@ -14,28 +14,38 @@
<!--#include virtual="header.html" -->
<H1 ALIGN="CENTER">Module mod_auth_anon</H1>
-This module is contained in the <CODE>mod_auth_anon.c</CODE> file and
-is not compiled in by default. It is only available in Apache 1.1 and
-later. It allows "anonymous" user access to authenticated areas.
+This module allows "anonymous" user access to authenticated areas.
+<P><A
+HREF="module-dict.html#Status"
+REL="Help"
+><STRONG>Status:</STRONG></A> Extension
+<BR>
+<A
+HREF="module-dict.html#SourceFile"
+REL="Help"
+><STRONG>Source File:</STRONG></A> mod_auth_anon.c
+<BR>
+<A
+HREF="module-dict.html#ModuleIdentifier"
+REL="Help"
+><STRONG>Module Identifier:</STRONG></A> anon_auth_module
+</P>
+
+
<H2>Summary</H2>
-It does access control in a manner similar to anonymous-ftp sites; <EM>i.e.</EM>
-have a 'magic' user id 'anonymous' and the email address as a password.
-These email addresses can be logged.
-<P>
-Combined with other (database) access control methods, this allows for
+<P>This module does access control in a manner similar to
+anonymous-ftp sites; <EM>i.e.</EM> have a 'magic' user id 'anonymous'
+and the email address as a password. These email addresses can be
+logged.</p>
+
+<p>Combined with other (database) access control methods, this allows for
effective user tracking and customization according to a user profile
while still keeping the site open for 'unregistered' users. One advantage
of using Auth-based user tracking is that, unlike magic-cookies and
funny URL pre/postfixes, it is completely browser independent and it
-allows users to share URLs.
-<P>
-
-<A HREF="#Directives">Directives</A> /
-<A HREF="#Example">Example</A> /
-<A HREF="#CompileTimeOptions">Compile time options</A> /
-<P>
+allows users to share URLs.</p>
<H2><A NAME="Directives">Directives</A></H2>
<UL>
@@ -47,6 +57,53 @@
<LI><A HREF="#VerifyEmail">Anonymous_VerifyEmail</A>
</UL>
+<H2><A NAME="Example">Example</A></H2>
+
+The example below (when combined with the Auth directives
+of a htpasswd-file based (or GDM, mSQL <EM>etc.</EM>) base access
+control system allows users in as 'guests' with the
+following properties:
+<UL>
+<LI>
+It insists that the user enters a userId. (<CODE>Anonymous_NoUserId</CODE>)
+<LI>
+It insists that the user enters a password.
+(<CODE>Anonymous_MustGiveEmail</CODE>)
+<LI>
+The password entered must be a valid email address, ie. contain at least one
+'@' and a '.'. (<CODE>Anonymous_VerifyEmail</CODE>)
+<LI>
+The userID must be one of <CODE>anonymous guest www test welcome</CODE>
+and comparison is <STRONG>not</STRONG> case sensitive.
+<LI>
+And the Email addresses entered in the passwd field are logged to
+the error log file
+(<CODE>Anonymous_LogEmail</CODE>)
+</UL>
+<P>
+Excerpt of access.conf:
+<BLOCKQUOTE><CODE>
+Anonymous_NoUserId off<BR>
+Anonymous_MustGiveEmail on<BR>
+Anonymous_VerifyEmail on<BR>
+Anonymous_LogEmail on<BR>
+Anonymous anonymous guest www test welcome<P>
+<P>
+AuthName "Use 'anonymous' & Email address for guest entry"<BR>
+AuthType basic
+<P>
+# An AuthUserFile/AuthDBUserFile/AuthDBMUserFile<BR>
+# directive must be specified, or use<BR>
+# Anonymous_Authoritative for public access.<BR>
+# In the .htaccess for the public directory, add:<BR>
+<Files *><BR>
+Order Deny,Allow <BR>
+Allow from all <BR>
+<P>
+Require valid-user <BR>
+</Files><BR>
+</CODE></BLOCKQUOTE>
+
<HR>
<H2><A NAME="anonymous">Anonymous directive</A></H2>
@@ -258,58 +315,7 @@
checked for at least one '@' and a '.' to encourage users to enter
valid email addresses (see the above <CODE>Auth_LogEmail</CODE>).
-<HR>
-<H2><A NAME="Example">Example</A></H2>
-
-The example below (when combined with the Auth directives
-of a htpasswd-file based (or GDM, mSQL <EM>etc.</EM>) base access
-control system allows users in as 'guests' with the
-following properties:
-<UL>
-<LI>
-It insists that the user enters a userId. (<CODE>Anonymous_NoUserId</CODE>)
-<LI>
-It insists that the user enters a password.
-(<CODE>Anonymous_MustGiveEmail</CODE>)
-<LI>
-The password entered must be a valid email address, ie. contain at least one
-'@' and a '.'. (<CODE>Anonymous_VerifyEmail</CODE>)
-<LI>
-The userID must be one of <CODE>anonymous guest www test welcome</CODE>
-and comparison is <STRONG>not</STRONG> case sensitive.
-<LI>
-And the Email addresses entered in the passwd field are logged to
-the error log file
-(<CODE>Anonymous_LogEmail</CODE>)
-</UL>
-<P>
-Excerpt of access.conf:
-<BLOCKQUOTE><CODE>
-Anonymous_NoUserId off<BR>
-Anonymous_MustGiveEmail on<BR>
-Anonymous_VerifyEmail on<BR>
-Anonymous_LogEmail on<BR>
-Anonymous anonymous guest www test welcome<P>
-<P>
-AuthName "Use 'anonymous' & Email address for guest entry"<BR>
-AuthType basic
-<P>
-# An AuthUserFile/AuthDBUserFile/AuthDBMUserFile<BR>
-# directive must be specified, or use<BR>
-# Anonymous_Authoritative for public access.<BR>
-# In the .htaccess for the public directory, add:<BR>
-<Files *><BR>
-Order Deny,Allow <BR>
-Allow from all <BR>
-<P>
-Require valid-user <BR>
-</Files><BR>
-</CODE></BLOCKQUOTE>
-
-<HR>
-<H2><A NAME="CompileTimeOptions">Compile Time Options</A></H2>
-Currently there are no Compile options.
<!--#include virtual="footer.html" -->
</BODY>
1.19 +53 -27 httpd-docs-2.0/htdocs/manual/mod/mod_auth_db.html
Index: mod_auth_db.html
===================================================================
RCS file: /home/cvs/httpd-docs-2.0/htdocs/manual/mod/mod_auth_db.html,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- mod_auth_db.html 2000/09/12 15:16:52 1.18
+++ mod_auth_db.html 2000/09/25 23:59:28 1.19
@@ -15,32 +15,57 @@
<!--#include virtual="header.html" -->
<H1 ALIGN="CENTER">Module mod_auth_db</H1>
-This module is contained in the <CODE>mod_auth_db.c</CODE> file, and
-is not compiled in by default. It provides for user authentication using
-Berkeley DB files. It is an alternative to <A HREF="mod_auth_dbm.html">DBM</A>
-files for those systems which support DB and not DBM. It is only
-available in Apache 1.1 and later.
+<p>This module provides for user authentication using Berkeley DB
+files. </p>
-<P>
-On some BSD systems (<EM>e.g.</EM>, FreeBSD and NetBSD) dbm is automatically mapped to
-Berkeley DB. You can use either <A HREF="mod_auth_dbm.html">mod_auth_dbm</A>
-or mod_auth_db. The latter makes it more obvious that it's Berkeley DB. On
-other platforms where you want to use the DB library you usually have to
-install it first. See
-<A HREF="http://www.sleepycat.com/">http://www.sleepycat.com/</A> for the
-distribution. The interface this module uses is the one from DB version 1.85
-and 1.86, but DB version 2.x can also be used when compatibility mode is
-enabled.
+<P><A
+HREF="module-dict.html#Status"
+REL="Help"
+><STRONG>Status:</STRONG></A> Extension
+<BR>
+<A
+HREF="module-dict.html#SourceFile"
+REL="Help"
+><STRONG>Source File:</STRONG></A> mod_auth_db.c
+<BR>
+<A
+HREF="module-dict.html#ModuleIdentifier"
+REL="Help"
+><STRONG>Module Identifier:</STRONG></A> db_auth_module
+</P>
+
+<h2>Summary</h2>
+
+<p>This module provides an alternative to <A
+HREF="mod_auth_dbm.html">DBM</A> files for those systems which support
+DB and not DBM. It is only available in Apache 1.1 and later.</p>
+
+<p>On some BSD systems (<EM>e.g.</EM>, FreeBSD and NetBSD) dbm is
+automatically mapped to Berkeley DB. You can use either <A
+HREF="mod_auth_dbm.html">mod_auth_dbm</A> or mod_auth_db. The latter
+makes it more obvious that it's Berkeley DB. On other platforms where
+you want to use the DB library you usually have to install it
+first. See <A
+HREF="http://www.sleepycat.com/">http://www.sleepycat.com/</A> for the
+distribution. The interface this module uses is the one from DB
+version 1.85 and 1.86, but DB version 2.x can also be used when
+compatibility mode is enabled.</p>
+
+<h2>Directives</h2>
-<MENU>
+<UL>
<LI><A HREF="#authdbgroupfile">AuthDBGroupFile</A>
<LI><A HREF="#authdbuserfile">AuthDBUserFile</A>
<LI><A HREF="#authdbauthoritative">AuthDBAuthoritative</A>
-</MENU>
+</UL>
+
+<p>See also: <a href="core.html#satisfy">satisfy</a> and
+<a href="core.html#require">require</a>.</p>
+
<HR>
-<H2><A NAME="authdbgroupfile">AuthDBGroupFile</A></H2>
+<H2><A NAME="authdbgroupfile">AuthDBGroupFile directive</A></H2>
<!--%plaintext <?INDEX {\tt AuthDBGroupFile} directive> -->
<A
HREF="directive-dict.html#Syntax"
@@ -103,7 +128,7 @@
<A HREF="core.html#authtype">AuthType</A> and
<A HREF="#authdbuserfile">AuthDBUserFile</A>.<P><HR>
-<H2><A NAME="authdbuserfile">AuthDBUserFile</A></H2>
+<H2><A NAME="authdbuserfile">AuthDBUserFile</A> directive</H2>
<!--%plaintext <?INDEX {\tt AuthDBUserFile} directive> -->
<A
HREF="directive-dict.html#Syntax"
@@ -152,14 +177,18 @@
<A HREF="core.html#authtype">AuthType</A> and
<A HREF="#authdbgroupfile">AuthDBGroupFile</A>.<P>
<HR>
-<H2><A NAME="authdbauthoritative">AuthDBAuthoritative</A></H2>
+<H2><A NAME="authdbauthoritative">AuthDBAuthoritative</A> directive</H2>
<!--%plaintext <?INDEX {\tt AuthDBAuthoritative} directive> -->
<A
HREF="directive-dict.html#Syntax"
REL="Help"
><STRONG>Syntax:</STRONG></A> AuthDBAuthoritative <
- <STRONG> on</STRONG>(default) | off > <BR>
+ <STRONG> on</STRONG>| off > <BR>
<A
+ HREF="directive-dict.html#Default"
+ REL="Help"
+><STRONG>Default:</STRONG></A> <CODE>AuthDBAuthoritative on</CODE><BR>
+<A
HREF="directive-dict.html#Context"
REL="Help"
><STRONG>Context:</STRONG></A> directory, .htaccess<BR>
@@ -195,13 +224,10 @@
checking; a few (administrator) related accesses fall through to
a lower level with a well protected .htpasswd file. <P>
-<A
- HREF="directive-dict.html#Default"
- REL="Help"
-><STRONG>Default:</STRONG></A> By default; control is not passed on; and an
-unknown
+
+By default, control is not passed on and an unknown
userID or rule will result in an Authorization Required reply. Not
-setting it thus keeps the system secure; and forces an NCSA compliant
+setting it thus keeps the system secure and forces an NCSA compliant
behaviour. <P>
Security: Do consider the implications of allowing a user to allow
fall-through in his .htaccess file; and verify that this is really
1.20 +42 -15 httpd-docs-2.0/htdocs/manual/mod/mod_auth_dbm.html
Index: mod_auth_dbm.html
===================================================================
RCS file: /home/cvs/httpd-docs-2.0/htdocs/manual/mod/mod_auth_dbm.html,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- mod_auth_dbm.html 2000/09/12 15:16:52 1.19
+++ mod_auth_dbm.html 2000/09/25 23:59:28 1.20
@@ -16,16 +16,42 @@
<H1 ALIGN="CENTER">Module mod_auth_dbm</H1>
-This module is contained in the <CODE>mod_auth_dbm.c</CODE> file, and
-is not compiled in by default. It provides for user authentication using
-DBM files.
+<p>This module provides for user authentication using DBM files.</p>
+<P><A
+HREF="module-dict.html#Status"
+REL="Help"
+><STRONG>Status:</STRONG></A> Extension
+<BR>
+<A
+HREF="module-dict.html#SourceFile"
+REL="Help"
+><STRONG>Source File:</STRONG></A> mod_auth_dbm.c
+<BR>
+<A
+HREF="module-dict.html#ModuleIdentifier"
+REL="Help"
+><STRONG>Module Identifier:</STRONG></A> dbm_auth_module
+</P>
+
+<h2>Summary</h2>
+
+<p>This module provides for HTTP Basic Authentication, where the
+usernames and passwords are stored in DBM type database files. It is
+an alternative to the plain text password files provided by <a
+href="mod_auth.html">mod_auth</A> and the Berkely DB password files
+provided by <a href="mod_auth_db.html">mod_auth_db</a>.</p>
-<MENU>
+<h2>Directives</h2>
+
+<ul>
<LI><A HREF="#authdbmgroupfile">AuthDBMGroupFile</A>
<LI><A HREF="#authdbmuserfile">AuthDBMUserFile</A>
<LI><A HREF="#authdbmauthoritative">AuthDBMAuthoritative</A>
-</MENU>
+</ul>
+
+<p>See also: <a href="core.html#satisfy">Satisfy</a> and
+<a href="core.html#require">Require</a>.
<HR>
@@ -147,8 +173,12 @@
<!--%plaintext <?INDEX {\tt AuthDBMAuthoritative} directive> -->
<A
HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> AuthDBMAuthoritative < <STRONG> on</STRONG> | off > <BR>
+<A
+ HREF="directive-dict.html#Default"
REL="Help"
-><STRONG>Syntax:</STRONG></A> AuthDBMAuthoritative < <STRONG> on</STRONG>(default) | off > <BR>
+><STRONG>Default:</STRONG></A> <code>AuthDBMAuthoritative on</code><br>
<A
HREF="directive-dict.html#Context"
REL="Help"
@@ -160,11 +190,11 @@
<A
HREF="directive-dict.html#Status"
REL="Help"
-><STRONG>Status:</STRONG></A> Base<BR>
+><STRONG>Status:</STRONG></A> Extension<BR>
<A
HREF="directive-dict.html#Module"
REL="Help"
-><STRONG>Module:</STRONG></A> mod_auth<P>
+><STRONG>Module:</STRONG></A> mod_auth_dbm<P>
Setting the AuthDBMAuthoritative directive explicitly to <STRONG>'off'</STRONG>
allows for both authentication and authorization to be passed on
@@ -185,13 +215,10 @@
checking; a few (administrator) related accesses fall through to
a lower level with a well protected .htpasswd file. <P>
-<A
- HREF="directive-dict.html#Default"
- REL="Help"
-><STRONG>Default:</STRONG></A> By default; control is not passed on; and an unknown
-userID or rule will result in an Authorization Required reply. Not
-setting it thus keeps the system secure; and forces an NCSA compliant
-behaviour. <P>
+
+By default, control is not passed on and an unknown userID or rule
+will result in an Authorization Required reply. Not setting it thus
+keeps the system secure and forces an NCSA compliant behaviour. <P>
Security: Do consider the implications of allowing a user to allow
fall-through in his .htaccess file; and verify that this is really
1.4 +87 -93 httpd-docs-2.0/htdocs/manual/mod/mod_auth_digest.html
Index: mod_auth_digest.html
===================================================================
RCS file: /home/cvs/httpd-docs-2.0/htdocs/manual/mod/mod_auth_digest.html,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- mod_auth_digest.html 2000/09/12 15:16:53 1.3
+++ mod_auth_digest.html 2000/09/25 23:59:28 1.4
@@ -15,19 +15,36 @@
<!--#include virtual="header.html" -->
<H1 ALIGN="CENTER">Module mod_auth_digest</H1>
-This module is contained in the <CODE>mod_auth_digest.c</CODE> file, and is
-not compiled in by default. It is only available in Apache 1.3.8 and
-later. It provides for user authentication using MD5 Digest
-Authentication.
+<p>This module provides for user authentication using MD5 Digest
+Authentication.</p>
-<P>Note this is an updated version of <A
+<P><A
+HREF="module-dict.html#Status"
+REL="Help"
+><STRONG>Status:</STRONG></A> Experimental
+<BR>
+<A
+HREF="module-dict.html#SourceFile"
+REL="Help"
+><STRONG>Source File:</STRONG></A> mod_auth_digest.c
+<BR>
+<A
+HREF="module-dict.html#ModuleIdentifier"
+REL="Help"
+><STRONG>Module Identifier:</STRONG></A> digest_auth_module
+</P>
+
+<h2>Summary</h2>
+
+<P>This is an updated version of <A
HREF="mod_digest.html">mod_digest</A>. However, it has not been
-extensively tested and is therefore marked experimental. If you use this
-module, you must make sure to <em>not</em> use mod_digest (because they
-share some of the same configuration directives).
+extensively tested and is therefore marked experimental. If you use
+this module, you must make sure to <em>not</em> use mod_digest
+(because they share some of the same configuration directives).
+<h2>Directives</h2>
-<MENU>
+<ul>
<LI><A HREF="#authdigestfile">AuthDigestFile</A>
<LI><A HREF="#authdigestgroupfile">AuthDigestGroupFile</A>
<LI><A HREF="#authdigestqop">AuthDigestQop</A>
@@ -36,12 +53,47 @@
<LI><A HREF="#authdigestnccheck">AuthDigestNcCheck</A>
<LI><A HREF="#authdigestalgorithm">AuthDigestAlgorithm</A>
<LI><A HREF="#authdigestdomain">AuthDigestDomain</A>
-<LI><A HREF="#usingdigest">Using Digest Authentication</A>
-</MENU>
+</ul>
+
+<p>See also: <a href="core.html#require">Require</a> and
+<a href="core.html#satisfy">Satisfy</a>.
+
+<H3><A NAME="usingdigest">Using Digest Authentication</A></H3>
+
+<P>Using MD5 Digest authentication is very simple. Simply set up
+authentication normally, using "AuthType Digest" and "AuthDigestFile"
+instead of the normal "AuthType Basic" and "AuthUserFile"; also,
+replace any "AuthGroupFile" with "AuthDigestGroupFile". Then add a
+"AuthDigestDomain" directive containing at least the root URI(s) for
+this protection space. Example:
+
+<PRE>
+ <Location /private/>
+ AuthType Digest
+ AuthName "private area"
+ AuthDigestDomain /private/ http://mirror.my.dom/private2/
+ AuthDigestFile /web/auth/.digest_pw
+ Require valid-user
+ </Location>
+</PRE>
+
+<P><strong>Note:</strong> MD5 authentication provides a more secure
+password system than Basic authentication, but only works with supporting
+browsers. As of this writing (July 1999), the only major browsers which
+support digest authentication are <A
+HREF="http://www.microsoft.com/windows/ie/">Internet Explorer 5.0</A> and
+<A HREF="http://www.w3.org/Amaya/">Amaya</A>. Therefore, we do not
+recommend using this feature on a large Internet site. However, for
+personal and intra-net use, where browser users can be controlled, it is
+ideal.
+
+
<HR>
+
+
-<H2><A NAME="authdigestfile">AuthDigestFile</A></H2>
+<H2><A NAME="authdigestfile">AuthDigestFile</A> directive</H2>
<A
HREF="directive-dict.html#Syntax"
REL="Help"
@@ -57,7 +109,7 @@
<A
HREF="directive-dict.html#Status"
REL="Help"
-><STRONG>Status:</STRONG></A> Base<BR>
+><STRONG>Status:</STRONG></A> Experimental<BR>
<A
HREF="directive-dict.html#Module"
REL="Help"
@@ -73,7 +125,7 @@
<HR>
-<H2><A NAME="authdigestgroupfile">AuthDigestGroupFile</A></H2>
+<H2><A NAME="authdigestgroupfile">AuthDigestGroupFile</A> directive</H2>
<A
HREF="directive-dict.html#Syntax"
REL="Help"
@@ -89,15 +141,11 @@
<A
HREF="directive-dict.html#Status"
REL="Help"
-><STRONG>Status:</STRONG></A> Base<BR>
+><STRONG>Status:</STRONG></A> Experimental<BR>
<A
HREF="directive-dict.html#Module"
- REL="Help"
-><STRONG>Module:</STRONG></A> mod_auth_digest<BR>
-<A
- HREF="directive-dict.html#Compatibility"
REL="Help"
-><STRONG>Compatibility:</STRONG></A> Available in Apache 1.3.8 and later
+><STRONG>Module:</STRONG></A> mod_auth_digest
<P>The AuthDigestGroupFile directive sets the name of a textual file
containing the list of groups and their members (user names).
@@ -115,7 +163,7 @@
<HR>
-<H2><A NAME="authdigestqop">AuthDigestQop</A></H2>
+<H2><A NAME="authdigestqop">AuthDigestQop</A> directive</H2>
<A
HREF="directive-dict.html#Syntax"
REL="Help"
@@ -135,15 +183,11 @@
<A
HREF="directive-dict.html#Status"
REL="Help"
-><STRONG>Status:</STRONG></A> Base<BR>
+><STRONG>Status:</STRONG></A> Experimental<BR>
<A
HREF="directive-dict.html#Module"
REL="Help"
-><STRONG>Module:</STRONG></A> mod_auth_digest<BR>
-<A
- HREF="directive-dict.html#Compatibility"
- REL="Help"
-><STRONG>Compatibility:</STRONG></A> Available in Apache 1.3.8 and later
+><STRONG>Module:</STRONG></A> mod_auth_digest
<P>The AuthDigestQop directive determines the quality-of-protection to use.
<EM>auth</EM> will only do authentication (username/password);
@@ -159,7 +203,8 @@
<HR>
-<H2><A NAME="authdigestnoncelifetime">AuthDigestNonceLifetime</A></H2>
+<H2><A NAME="authdigestnoncelifetime">AuthDigestNonceLifetime</A>
+directive</H2>
<A
HREF="directive-dict.html#Syntax"
REL="Help"
@@ -179,15 +224,11 @@
<A
HREF="directive-dict.html#Status"
REL="Help"
-><STRONG>Status:</STRONG></A> Base<BR>
+><STRONG>Status:</STRONG></A> Experimental<BR>
<A
HREF="directive-dict.html#Module"
- REL="Help"
-><STRONG>Module:</STRONG></A> mod_auth_digest<BR>
-<A
- HREF="directive-dict.html#Compatibility"
REL="Help"
-><STRONG>Compatibility:</STRONG></A> Available in Apache 1.3.8 and later
+><STRONG>Module:</STRONG></A> mod_auth_digest
<P>The AuthDigestNonceLifetime directive controls how long the server
nonce is valid. When the client contacts the server using an expired
@@ -213,7 +254,7 @@
-->
<HR>
-<H2><A NAME="authdigestnonceformat">AuthDigestNonceFormat</A></H2>
+<H2><A NAME="authdigestnonceformat">AuthDigestNonceFormat</A> directive</H2>
<A
HREF="directive-dict.html#Syntax"
REL="Help"
@@ -233,15 +274,11 @@
<A
HREF="directive-dict.html#Status"
REL="Help"
-><STRONG>Status:</STRONG></A> Base<BR>
+><STRONG>Status:</STRONG></A> Experimental<BR>
<A
HREF="directive-dict.html#Module"
- REL="Help"
-><STRONG>Module:</STRONG></A> mod_auth_digest<BR>
-<A
- HREF="directive-dict.html#Compatibility"
REL="Help"
-><STRONG>Compatibility:</STRONG></A> Available in Apache 1.3.8 and later
+><STRONG>Module:</STRONG></A> mod_auth_digest
<P><STRONG>Not implemented yet.</STRONG>
<!--
@@ -250,7 +287,7 @@
-->
<HR>
-<H2><A NAME="authdigestnccheck">AuthDigestNcCheck</A></H2>
+<H2><A NAME="authdigestnccheck">AuthDigestNcCheck</A> directive</H2>
<A
HREF="directive-dict.html#Syntax"
REL="Help"
@@ -270,15 +307,11 @@
<A
HREF="directive-dict.html#Status"
REL="Help"
-><STRONG>Status:</STRONG></A> Base<BR>
+><STRONG>Status:</STRONG></A> Experimental<BR>
<A
HREF="directive-dict.html#Module"
REL="Help"
-><STRONG>Module:</STRONG></A> mod_auth_digest<BR>
-<A
- HREF="directive-dict.html#Compatibility"
- REL="Help"
-><STRONG>Compatibility:</STRONG></A> Available in Apache 1.3.8 and later
+><STRONG>Module:</STRONG></A> mod_auth_digest
<P><STRONG>Not implemented yet.</STRONG>
<!--
@@ -295,7 +328,7 @@
-->
<HR>
-<H2><A NAME="authdigestalgorithm">AuthDigestAlgorithm</A></H2>
+<H2><A NAME="authdigestalgorithm">AuthDigestAlgorithm</A> directive</H2>
<A
HREF="directive-dict.html#Syntax"
REL="Help"
@@ -315,15 +348,11 @@
<A
HREF="directive-dict.html#Status"
REL="Help"
-><STRONG>Status:</STRONG></A> Base<BR>
+><STRONG>Status:</STRONG></A> Experimental<BR>
<A
HREF="directive-dict.html#Module"
REL="Help"
-><STRONG>Module:</STRONG></A> mod_auth_digest<BR>
-<A
- HREF="directive-dict.html#Compatibility"
- REL="Help"
-><STRONG>Compatibility:</STRONG></A> Available in Apache 1.3.8 and later
+><STRONG>Module:</STRONG></A> mod_auth_digest
<P>The AuthDigestAlgorithm directive selects the algorithm used to calculate
the challenge and response hashes.
@@ -335,7 +364,7 @@
-->
<HR>
-<H2><A NAME="authdigestdomain">AuthDigestDomain</A></H2>
+<H2><A NAME="authdigestdomain">AuthDigestDomain</A> directive</H2>
<A
HREF="directive-dict.html#Syntax"
REL="Help"
@@ -351,15 +380,11 @@
<A
HREF="directive-dict.html#Status"
REL="Help"
-><STRONG>Status:</STRONG></A> Base<BR>
+><STRONG>Status:</STRONG></A> Experimental<BR>
<A
HREF="directive-dict.html#Module"
- REL="Help"
-><STRONG>Module:</STRONG></A> mod_auth_digest<BR>
-<A
- HREF="directive-dict.html#Compatibility"
REL="Help"
-><STRONG>Compatibility:</STRONG></A> Available in Apache 1.3.8 and later
+><STRONG>Module:</STRONG></A> mod_auth_digest
<P>The AuthDigestDomain directive allows you to specify one or more URIs
which are in the same protection space (i.e. use the same realm and
@@ -378,37 +403,6 @@
clients (which understand this) will then share username/password info
across multiple servers without prompting the user each time.
-
-<HR>
-
-<H3><A NAME="usingdigest">Using Digest Authentication</A></H3>
-
-<P>Using MD5 Digest authentication is very simple. Simply set up
-authentication normally, using "AuthType Digest" and "AuthDigestFile"
-instead of the normal "AuthType Basic" and "AuthUserFile"; also,
-replace any "AuthGroupFile" with "AuthDigestGroupFile". Then add a
-"AuthDigestDomain" directive containing at least the root URI(s) for
-this protection space. Example:
-
-<PRE>
- <Location /private/>
- AuthType Digest
- AuthName "private area"
- AuthDigestDomain /private/ http://mirror.my.dom/private2/
- AuthDigestFile /web/auth/.digest_pw
- Require valid-user
- </Location>
-</PRE>
-
-<P><strong>Note:</strong> MD5 authentication provides a more secure
-password system than Basic authentication, but only works with supporting
-browsers. As of this writing (July 1999), the only major browsers which
-support digest authentication are <A
-HREF="http://www.microsoft.com/windows/ie/">Internet Explorer 5.0</A> and
-<A HREF="http://www.w3.org/Amaya/">Amaya</A>. Therefore, we do not
-recommend using this feature on a large Internet site. However, for
-personal and intra-net use, where browser users can be controlled, it is
-ideal.
<!--#include virtual="footer.html" -->
</BODY>
1.37 +1 -1 httpd-docs-2.0/htdocs/manual/mod/index.html
Index: index.html
===================================================================
RCS file: /home/cvs/httpd-docs-2.0/htdocs/manual/mod/index.html,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- index.html 2000/09/25 21:50:07 1.36
+++ index.html 2000/09/25 23:59:28 1.37
@@ -39,7 +39,7 @@
<DT><A HREF="mod_auth.html">mod_auth</A>
<DD>User authentication using text files.
<DT><A HREF="mod_auth_anon.html">mod_auth_anon</A>
-<DD>Anonymous user authentication, FTP-style.
+<DD>Anonymous user access to authenticated areas.
<DT><A HREF="mod_auth_db.html">mod_auth_db</A>
<DD>User authentication using Berkeley DB files.
<DT><A HREF="mod_auth_dbm.html">mod_auth_dbm</A>
1.5 +1 -1 httpd-docs-2.0/htdocs/manual/mod/index-bytype.html
Index: index-bytype.html
===================================================================
RCS file: /home/cvs/httpd-docs-2.0/htdocs/manual/mod/index-bytype.html,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- index-bytype.html 2000/09/25 21:50:07 1.4
+++ index-bytype.html 2000/09/25 23:59:28 1.5
@@ -91,7 +91,7 @@
<DT><A HREF="mod_auth_db.html">mod_auth_db</A>
<DD>User authentication using Berkeley DB files.
<DT><A HREF="mod_auth_anon.html">mod_auth_anon</A>
-<DD>Anonymous user authentication, FTP-style.
+<DD>Anonymous user access to authenticated areas.
<DT><A HREF="mod_auth_digest.html">mod_auth_digest</A>
<DD>MD5 authentication
<DT><A HREF="mod_digest.html">mod_digest</A>