| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> |
| <HTML> |
| <HEAD> |
| <TITLE>Apache module mod_auth_anon.c</TITLE> |
| </HEAD> |
| <!-- Background white, links blue (unvisited), navy (visited), red (active) --> |
| <BODY |
| BGCOLOR="#FFFFFF" |
| TEXT="#000000" |
| LINK="#0000FF" |
| VLINK="#000080" |
| ALINK="#FF0000" |
| > |
| <!--#include virtual="header.html" --> |
| <H1 ALIGN="CENTER">Module mod_auth_anon</H1> |
| |
| This module is contained in the <CODE>mod_auth_anon.c</CODE> file and |
| is not compiled in by default. It is only available in Apache 1.1 and |
| later. It allows "anonymous" user access to authenticated areas. |
| |
| <H2>Summary</H2> |
| |
| It does access control in a manner similar to anonymous-ftp sites; <EM>i.e.</EM> |
| have a 'magic' user id 'anonymous' and the email address as a password. |
| These email addresses can be logged. |
| <P> |
| Combined with other (database) access control methods, this allows for |
| effective user tracking and customization according to a user profile |
| while still keeping the site open for 'unregistered' users. One advantage |
| of using Auth-based user tracking is that, unlike magic-cookies and |
| funny URL pre/postfixes, it is completely browser independent and it |
| allows users to share URLs. |
| <P> |
| |
| <A HREF="#Directives">Directives</A> / |
| <A HREF="#Example">Example</A> / |
| <A HREF="#CompileTimeOptions">Compile time options</A> / |
| <P> |
| |
| <H2><A NAME="Directives">Directives</A></H2> |
| <UL> |
| <LI><A HREF="#anonymous">Anonymous</A> |
| <LI><A HREF="#Authoritative">Anonymous_Authoritative</A> |
| <LI><A HREF="#LogEmail">Anonymous_LogEmail</A> |
| <LI><A HREF="#MustGiveEmail">Anonymous_MustGiveEmail</A> |
| <LI><A HREF="#NoUserID">Anonymous_NoUserID</A> |
| <LI><A HREF="#VerifyEmail">Anonymous_VerifyEmail</A> |
| </UL> |
| |
| <HR> |
| |
| <H2><A NAME="anonymous">Anonymous directive</A></H2> |
| <!--%plaintext <?INDEX {\tt Anonymous} directive> --> |
| <A |
| HREF="directive-dict.html#Syntax" |
| REL="Help" |
| ><STRONG>Syntax:</STRONG></A> Anonymous <EM>user user ...</EM><BR> |
| <A |
| HREF="directive-dict.html#Default" |
| REL="Help" |
| ><STRONG>Default:</STRONG></A> none<BR> |
| <A |
| HREF="directive-dict.html#Context" |
| REL="Help" |
| ><STRONG>Context:</STRONG></A> directory, .htaccess<BR> |
| <A |
| HREF="directive-dict.html#Override" |
| REL="Help" |
| ><STRONG>Override:</STRONG></A> AuthConfig<BR> |
| <A |
| HREF="directive-dict.html#Status" |
| REL="Help" |
| ><STRONG>Status:</STRONG></A> Extension<BR> |
| <A |
| HREF="directive-dict.html#Module" |
| REL="Help" |
| ><STRONG>Module:</STRONG></A> mod_auth_anon<P> |
| |
| A list of one or more 'magic' userIDs which are allowed access |
| without password verification. The userIDs are space separated. |
| It is possible to use the ' and " quotes to allow a space in |
| a userID as well as the \ escape character. |
| <P> |
| Please note that the comparison is <STRONG>case-IN-sensitive</STRONG>. |
| <BR> |
| I strongly suggest that the magic username '<CODE>anonymous</CODE>' |
| is always one of the allowed userIDs. |
| <P> |
| Example:<BR> |
| <CODE> |
| Anonymous anonymous "Not Registered" 'I don\'t know' |
| </CODE><P> |
| This would allow the user to enter without password verification |
| by using the userId's 'anonymous', 'AnonyMous','Not Registered' and |
| 'I Don't Know'. |
| <HR> |
| |
| <H2><A NAME="Authoritative">Anonymous_Authoritative directive</A></H2> |
| <A |
| HREF="directive-dict.html#Syntax" |
| REL="Help" |
| ><STRONG>Syntax:</STRONG></A> Anonymous_Authoritative <EM>on | off</EM><BR> |
| <A |
| HREF="directive-dict.html#Default" |
| REL="Help" |
| ><STRONG>Default:</STRONG></A> <CODE>Anonymous_Authoritative off</CODE><BR> |
| <A |
| HREF="directive-dict.html#Context" |
| REL="Help" |
| ><STRONG>Context:</STRONG></A> directory, .htaccess<BR> |
| <A |
| HREF="directive-dict.html#Override" |
| REL="Help" |
| ><STRONG>Override:</STRONG></A> AuthConfig<BR> |
| <A |
| HREF="directive-dict.html#Status" |
| REL="Help" |
| ><STRONG>Status:</STRONG></A> Extension<BR> |
| <A |
| HREF="directive-dict.html#Module" |
| REL="Help" |
| ><STRONG>Module:</STRONG></A> mod_auth_anon<P> |
| |
| When set 'on', there is no |
| fall-through to other authorization methods. So if a |
| userID does not match the values specified in the |
| <CODE>Anonymous</CODE> directive, access is denied. |
| <P> |
| Be sure you know what you are doing when you decide to switch |
| it on. And remember that it is the linking order of the modules |
| (in the Configuration / Make file) which details the order |
| in which the Authorization modules are queried. |
| <HR> |
| |
| <H2><A NAME="LogEmail">Anonymous_LogEmail directive</A></H2> |
| <A |
| HREF="directive-dict.html#Syntax" |
| REL="Help" |
| ><STRONG>Syntax:</STRONG></A> Anonymous_LogEmail <EM>on | off</EM><BR> |
| <A |
| HREF="directive-dict.html#Default" |
| REL="Help" |
| ><STRONG>Default:</STRONG></A> <CODE>Anonymous_LogEmail on</CODE><BR> |
| <A |
| HREF="directive-dict.html#Context" |
| REL="Help" |
| ><STRONG>Context:</STRONG></A> directory, .htaccess<BR> |
| <A |
| HREF="directive-dict.html#Override" |
| REL="Help" |
| ><STRONG>Override:</STRONG></A> AuthConfig<BR> |
| <A |
| HREF="directive-dict.html#Status" |
| REL="Help" |
| ><STRONG>Status:</STRONG></A> Extension<BR> |
| <A |
| HREF="directive-dict.html#Module" |
| REL="Help" |
| ><STRONG>Module:</STRONG></A> mod_auth_anon<P> |
| |
| When set 'on', the default, the 'password' entered (which hopefully |
| contains a sensible email address) is logged in the error log. |
| <HR> |
| |
| <H2><A NAME="MustGiveEmail">Anonymous_MustGiveEmail directive</A></H2> |
| <!--%plaintext <?INDEX {\tt Anonymous_MustGiveEmail} directive> --> |
| <A |
| HREF="directive-dict.html#Syntax" |
| REL="Help" |
| ><STRONG>Syntax:</STRONG></A> Anonymous_MustGiveEmail <EM>on</EM> |
| | <EM>off</EM><BR> |
| <A |
| HREF="directive-dict.html#Default" |
| REL="Help" |
| ><STRONG>Default:</STRONG></A> <CODE>Anonymous_MustGiveEmail on</CODE><BR> |
| <A |
| HREF="directive-dict.html#Context" |
| REL="Help" |
| ><STRONG>Context:</STRONG></A> directory, .htaccess<BR> |
| <A |
| HREF="directive-dict.html#Override" |
| REL="Help" |
| ><STRONG>Override:</STRONG></A> AuthConfig<BR> |
| <A |
| HREF="directive-dict.html#Status" |
| REL="Help" |
| ><STRONG>Status:</STRONG></A> Extension<BR> |
| <A |
| HREF="directive-dict.html#Module" |
| REL="Help" |
| ><STRONG>Module:</STRONG></A> mod_auth_anon<P> |
| |
| Specifies whether the user must specify an email |
| address as the password. This prohibits blank passwords. |
| <HR> |
| |
| <H2><A NAME="NoUserID">Anonymous_NoUserID directive</A></H2> |
| <A |
| HREF="directive-dict.html#Syntax" |
| REL="Help" |
| ><STRONG>Syntax:</STRONG></A> Anonymous_NoUserID <EM>on | off</EM><BR> |
| <A |
| HREF="directive-dict.html#Default" |
| REL="Help" |
| ><STRONG>Default:</STRONG></A> <CODE>Anonymous_NoUserID off</CODE><BR> |
| <A |
| HREF="directive-dict.html#Context" |
| REL="Help" |
| ><STRONG>Context:</STRONG></A> directory, .htaccess<BR> |
| <A |
| HREF="directive-dict.html#Override" |
| REL="Help" |
| ><STRONG>Override:</STRONG></A> AuthConfig<BR> |
| <A |
| HREF="directive-dict.html#Status" |
| REL="Help" |
| ><STRONG>Status:</STRONG></A> Extension<BR> |
| <A |
| HREF="directive-dict.html#Module" |
| REL="Help" |
| ><STRONG>Module:</STRONG></A> mod_auth_anon<P> |
| |
| When set 'on', users can leave |
| the userID (and perhaps the password field) empty. This |
| can be very convenient for MS-Explorer users who can |
| just hit return or click directly on the OK button; which |
| seems a natural reaction. |
| |
| <HR> |
| |
| <H2><A NAME="VerifyEmail">Anonymous_VerifyEmail directive</A></H2> |
| <A |
| HREF="directive-dict.html#Syntax" |
| REL="Help" |
| ><STRONG>Syntax:</STRONG></A> Anonymous_VerifyEmail <EM>on | off</EM><BR> |
| <A |
| HREF="directive-dict.html#Default" |
| REL="Help" |
| ><STRONG>Default:</STRONG></A> <CODE>Anonymous_VerifyEmail off</CODE><BR> |
| <A |
| HREF="directive-dict.html#Context" |
| REL="Help" |
| ><STRONG>Context:</STRONG></A> directory, .htaccess<BR> |
| <A |
| HREF="directive-dict.html#Override" |
| REL="Help" |
| ><STRONG>Override:</STRONG></A> AuthConfig<BR> |
| <A |
| HREF="directive-dict.html#Status" |
| REL="Help" |
| ><STRONG>Status:</STRONG></A> Extension<BR> |
| <A |
| HREF="directive-dict.html#Module" |
| REL="Help" |
| ><STRONG>Module:</STRONG></A> mod_auth_anon<P> |
| |
| When set 'on' the 'password' entered is |
| checked for at least one '@' and a '.' to encourage users to enter |
| valid email addresses (see the above <CODE>Auth_LogEmail</CODE>). |
| |
| <HR> |
| <H2><A NAME="Example">Example</A></H2> |
| |
| The example below (when combined with the Auth directives |
| of a htpasswd-file based (or GDM, mSQL <EM>etc.</EM>) base access |
| control system allows users in as 'guests' with the |
| following properties: |
| <UL> |
| <LI> |
| It insists that the user enters a userId. (<CODE>Anonymous_NoUserId</CODE>) |
| <LI> |
| It insists that the user enters a password. |
| (<CODE>Anonymous_MustGiveEmail</CODE>) |
| <LI> |
| The password entered must be a valid email address, ie. contain at least one |
| '@' and a '.'. (<CODE>Anonymous_VerifyEmail</CODE>) |
| <LI> |
| The userID must be one of <CODE>anonymous guest www test welcome</CODE> |
| and comparison is <STRONG>not</STRONG> case sensitive. |
| <LI> |
| And the Email addresses entered in the passwd field are logged to |
| the error log file |
| (<CODE>Anonymous_LogEmail</CODE>) |
| </UL> |
| <P> |
| Excerpt of access.conf: |
| <BLOCKQUOTE><CODE> |
| Anonymous_NoUserId off<BR> |
| Anonymous_MustGiveEmail on<BR> |
| Anonymous_VerifyEmail on<BR> |
| Anonymous_LogEmail on<BR> |
| Anonymous anonymous guest www test welcome<P> |
| <P> |
| AuthName "Use 'anonymous' & Email address for guest entry"<BR> |
| AuthType basic |
| <P> |
| # An AuthUserFile/AuthDBUserFile/AuthDBMUserFile<BR> |
| # directive must be specified, or use<BR> |
| # Anonymous_Authoritative for public access.<BR> |
| # In the .htaccess for the public directory, add:<BR> |
| <Files *><BR> |
| order deny,allow <BR> |
| allow from all <BR> |
| <P> |
| require valid-user <BR> |
| </Files><BR> |
| </CODE></BLOCKQUOTE> |
| |
| <HR> |
| <H2><A NAME="CompileTimeOptions">Compile Time Options</A></H2> |
| |
| Currently there are no Compile options. |
| |
| <!--#include virtual="footer.html" --> |
| </BODY> |
| </HTML> |
| |