Google Git
Sign in
apache / httpd / 396931c93e46f5d130f0df7044a9c0e63fd12ebd / . / APACHE_1_3_42 / htdocs / manual / mod / mod_auth_anon.html
blob: 55a206ab30a43aec6d65077e7ca432d684478174 [file] [log] [blame]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="generator" content="HTML Tidy, see www.w3.org" />
<title>Apache module mod_auth_anon.c</title>
</head>
<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
<body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
vlink="#000080" alink="#FF0000">
<!--#include virtual="header.html" -->
<h1 align="CENTER">Module mod_auth_anon</h1>
This module allows "anonymous" user access to authenticated
areas.
<p><a href="module-dict.html#Status"
rel="Help"><strong>Status:</strong></a> Extension<br />
<a href="module-dict.html#SourceFile"
rel="Help"><strong>Source File:</strong></a>
mod_auth_anon.c<br />
<a href="module-dict.html#ModuleIdentifier"
rel="Help"><strong>Module Identifier:</strong></a>
anon_auth_module<br />
<a href="module-dict.html#Compatibility"
rel="Help"><strong>Compatibility:</strong></a> Available in
Apache 1.1 and later.</p>
<h2>Summary</h2>
<p>This module does access control in a manner similar to
anonymous-ftp sites; <em>i.e.</em> have a 'magic' user id
'anonymous' and the email address as a password. These email
addresses can be logged.</p>
<p>Combined with other (database) access control methods, this
allows for effective user tracking and customization according
to a user profile while still keeping the site open for
'unregistered' users. One advantage of using Auth-based user
tracking is that, unlike magic-cookies and funny URL
pre/postfixes, it is completely browser independent and it
allows users to share URLs.</p>
<h2><a id="Directives" name="Directives">Directives</a></h2>
<ul>
<li><a href="#anonymous">Anonymous</a></li>
<li><a href="#Authoritative">Anonymous_Authoritative</a></li>
<li><a href="#LogEmail">Anonymous_LogEmail</a></li>
<li><a href="#MustGiveEmail">Anonymous_MustGiveEmail</a></li>
<li><a href="#NoUserID">Anonymous_NoUserID</a></li>
<li><a href="#VerifyEmail">Anonymous_VerifyEmail</a></li>
</ul>
<h2><a id="Example" name="Example">Example</a></h2>
The example below (when combined with the Auth directives of a
htpasswd-file based (or GDM, mSQL <em>etc.</em>) base access
control system allows users in as 'guests' with the following
properties:
<ul>
<li>It insists that the user enters a userId.
(<code>Anonymous_NoUserId</code>)</li>
<li>It insists that the user enters a password.
(<code>Anonymous_MustGiveEmail</code>)</li>
<li>The password entered must be a valid email address, ie.
contain at least one '@' and a '.'.
(<code>Anonymous_VerifyEmail</code>)</li>
<li>The userID must be one of <code>anonymous guest www test
welcome</code> and comparison is <strong>not</strong> case
sensitive.</li>
<li>And the Email addresses entered in the passwd field are
logged to the error log file
(<code>Anonymous_LogEmail</code>)</li>
</ul>
<p>Excerpt of httpd.conf:</p>
<blockquote>
<pre>
Anonymous_NoUserId off
Anonymous_MustGiveEmail on
Anonymous_VerifyEmail on
Anonymous_LogEmail on
Anonymous anonymous guest www test welcome
AuthName "Use 'anonymous' &amp; Email address for guest entry"
AuthType basic
# An AuthUserFile/AuthDBUserFile/AuthDBMUserFile
# directive must be specified, or use
# Anonymous_Authoritative for public access.
# In the .htaccess for the public directory, add:
&lt;Files *&gt;
Order Deny,Allow
Allow from all
Require valid-user
&lt;/Files&gt;
</pre>
</blockquote>
<hr />
<h2><a id="anonymous" name="anonymous">Anonymous
directive</a></h2>
<a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> Anonymous <em>user</em>
[<em>user</em>] ...<br />
<a href="directive-dict.html#Default"
rel="Help"><strong>Default:</strong></a> none<br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> directory,
.htaccess<br />
<a href="directive-dict.html#Override"
rel="Help"><strong>Override:</strong></a> AuthConfig<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> Extension<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> mod_auth_anon
<p>A list of one or more 'magic' userIDs which are allowed
access without password verification. The userIDs are space
separated. It is possible to use the ' and " quotes to allow a
space in a userID as well as the \ escape character.</p>
<p>Please note that the comparison is
<strong>case-IN-sensitive</strong>.<br />
I strongly suggest that the magic username
'<code>anonymous</code>' is always one of the allowed
userIDs.</p>
<p>Example:<br />
<code>Anonymous anonymous "Not Registered" 'I don\'t
know'</code></p>
<p>This would allow the user to enter without password
verification by using the userId's 'anonymous',
'AnonyMous','Not Registered' and 'I Don't Know'.</p>
<hr />
<h2><a id="Authoritative"
name="Authoritative">Anonymous_Authoritative directive</a></h2>
<a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> Anonymous_Authoritative
on|off<br />
<a href="directive-dict.html#Default"
rel="Help"><strong>Default:</strong></a>
<code>Anonymous_Authoritative off</code><br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> directory,
.htaccess<br />
<a href="directive-dict.html#Override"
rel="Help"><strong>Override:</strong></a> AuthConfig<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> Extension<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> mod_auth_anon
<p>When set 'on', there is no fall-through to other
authorization methods. So if a userID does not match the values
specified in the <code>Anonymous</code> directive, access is
denied.</p>
<p>Be sure you know what you are doing when you decide to
switch it on. And remember that it is the linking order of the
modules (in the Configuration / Make file) which details the
order in which the Authorization modules are queried.</p>
<hr />
<h2><a id="LogEmail" name="LogEmail">Anonymous_LogEmail
directive</a></h2>
<a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> Anonymous_LogEmail
on|off<br />
<a href="directive-dict.html#Default"
rel="Help"><strong>Default:</strong></a>
<code>Anonymous_LogEmail on</code><br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> directory,
.htaccess<br />
<a href="directive-dict.html#Override"
rel="Help"><strong>Override:</strong></a> AuthConfig<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> Extension<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> mod_auth_anon
<p>When set 'on', the default, the 'password' entered (which
hopefully contains a sensible email address) is logged in the
error log. The message is logged at a level of <code>info</code>,
and so you must have <a href="core.html#loglevel">LogLevel</a> set
to at least <code>info</code> in order to see this message.</p>
<p>Log entries will look like the following example:</p>
<pre>
[Fri Apr 26 14:49:50 2002] [info] [client 192.168.1.105] Anonymous: Passwd <user@example.com> Accepted
</pre>
<hr />
<h2><a id="MustGiveEmail"
name="MustGiveEmail">Anonymous_MustGiveEmail directive</a></h2>
<a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> Anonymous_MustGiveEmail
on|off<br />
<a href="directive-dict.html#Default"
rel="Help"><strong>Default:</strong></a>
<code>Anonymous_MustGiveEmail on</code><br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> directory,
.htaccess<br />
<a href="directive-dict.html#Override"
rel="Help"><strong>Override:</strong></a> AuthConfig<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> Extension<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> mod_auth_anon
<p>Specifies whether the user must specify an email address as
the password. This prohibits blank passwords.</p>
<hr />
<h2><a id="NoUserID" name="NoUserID">Anonymous_NoUserID
directive</a></h2>
<a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> Anonymous_NoUserID
on|off<br />
<a href="directive-dict.html#Default"
rel="Help"><strong>Default:</strong></a>
<code>Anonymous_NoUserID off</code><br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> directory,
.htaccess<br />
<a href="directive-dict.html#Override"
rel="Help"><strong>Override:</strong></a> AuthConfig<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> Extension<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> mod_auth_anon
<p>When set 'on', users can leave the userID (and perhaps the
password field) empty. This can be very convenient for
MS-Explorer users who can just hit return or click directly on
the OK button; which seems a natural reaction.</p>
<hr />
<h2><a id="VerifyEmail"
name="VerifyEmail">Anonymous_VerifyEmail directive</a></h2>
<a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> Anonymous_VerifyEmail
on|off<br />
<a href="directive-dict.html#Default"
rel="Help"><strong>Default:</strong></a>
<code>Anonymous_VerifyEmail off</code><br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> directory,
.htaccess<br />
<a href="directive-dict.html#Override"
rel="Help"><strong>Override:</strong></a> AuthConfig<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> Extension<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> mod_auth_anon
<p>When set 'on' the 'password' entered is checked for at least
one '@' and a '.' to encourage users to enter valid email
addresses (see the above <code>Auth_LogEmail</code>).
<!--#include virtual="footer.html" -->
</p>
</body>
</html>