| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" |
| "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
| |
| <html xmlns="http://www.w3.org/1999/xhtml"> |
| <head> |
| <meta name="generator" content="HTML Tidy, see www.w3.org" /> |
| |
| <title>Apache module mod_auth_anon.c</title> |
| </head> |
| <!-- Background white, links blue (unvisited), navy (visited), red (active) --> |
| |
| <body bgcolor="#FFFFFF" text="#000000" link="#0000FF" |
| vlink="#000080" alink="#FF0000"> |
| <!--#include virtual="header.html" --> |
| |
| <h1 align="CENTER">Module mod_auth_anon</h1> |
| This module allows "anonymous" user access to authenticated |
| areas. |
| |
| <p><a href="module-dict.html#Status" |
| rel="Help"><strong>Status:</strong></a> Extension<br /> |
| <a href="module-dict.html#SourceFile" |
| rel="Help"><strong>Source File:</strong></a> |
| mod_auth_anon.c<br /> |
| <a href="module-dict.html#ModuleIdentifier" |
| rel="Help"><strong>Module Identifier:</strong></a> |
| anon_auth_module<br /> |
| <a href="module-dict.html#Compatibility" |
| rel="Help"><strong>Compatibility:</strong></a> Available in |
| Apache 1.1 and later.</p> |
| |
| <h2>Summary</h2> |
| |
| <p>This module does access control in a manner similar to |
| anonymous-ftp sites; <em>i.e.</em> have a 'magic' user id |
| 'anonymous' and the email address as a password. These email |
| addresses can be logged.</p> |
| |
| <p>Combined with other (database) access control methods, this |
| allows for effective user tracking and customization according |
| to a user profile while still keeping the site open for |
| 'unregistered' users. One advantage of using Auth-based user |
| tracking is that, unlike magic-cookies and funny URL |
| pre/postfixes, it is completely browser independent and it |
| allows users to share URLs.</p> |
| |
| <h2><a id="Directives" name="Directives">Directives</a></h2> |
| |
| <ul> |
| <li><a href="#anonymous">Anonymous</a></li> |
| |
| <li><a href="#Authoritative">Anonymous_Authoritative</a></li> |
| |
| <li><a href="#LogEmail">Anonymous_LogEmail</a></li> |
| |
| <li><a href="#MustGiveEmail">Anonymous_MustGiveEmail</a></li> |
| |
| <li><a href="#NoUserID">Anonymous_NoUserID</a></li> |
| |
| <li><a href="#VerifyEmail">Anonymous_VerifyEmail</a></li> |
| </ul> |
| |
| <h2><a id="Example" name="Example">Example</a></h2> |
| The example below (when combined with the Auth directives of a |
| htpasswd-file based (or GDM, mSQL <em>etc.</em>) base access |
| control system allows users in as 'guests' with the following |
| properties: |
| |
| <ul> |
| <li>It insists that the user enters a userId. |
| (<code>Anonymous_NoUserId</code>)</li> |
| |
| <li>It insists that the user enters a password. |
| (<code>Anonymous_MustGiveEmail</code>)</li> |
| |
| <li>The password entered must be a valid email address, ie. |
| contain at least one '@' and a '.'. |
| (<code>Anonymous_VerifyEmail</code>)</li> |
| |
| <li>The userID must be one of <code>anonymous guest www test |
| welcome</code> and comparison is <strong>not</strong> case |
| sensitive.</li> |
| |
| <li>And the Email addresses entered in the passwd field are |
| logged to the error log file |
| (<code>Anonymous_LogEmail</code>)</li> |
| </ul> |
| |
| <p>Excerpt of httpd.conf:</p> |
| |
| <blockquote> |
| <pre> |
| Anonymous_NoUserId off |
| Anonymous_MustGiveEmail on |
| Anonymous_VerifyEmail on |
| Anonymous_LogEmail on |
| Anonymous anonymous guest www test welcome |
| |
| AuthName "Use 'anonymous' & Email address for guest entry" |
| AuthType basic |
| |
| # An AuthUserFile/AuthDBUserFile/AuthDBMUserFile |
| # directive must be specified, or use |
| # Anonymous_Authoritative for public access. |
| # In the .htaccess for the public directory, add: |
| <Files *> |
| Order Deny,Allow |
| Allow from all |
| |
| Require valid-user |
| </Files> |
| </pre> |
| </blockquote> |
| <hr /> |
| |
| <h2><a id="anonymous" name="anonymous">Anonymous |
| directive</a></h2> |
| <a href="directive-dict.html#Syntax" |
| rel="Help"><strong>Syntax:</strong></a> Anonymous <em>user</em> |
| [<em>user</em>] ...<br /> |
| <a href="directive-dict.html#Default" |
| rel="Help"><strong>Default:</strong></a> none<br /> |
| <a href="directive-dict.html#Context" |
| rel="Help"><strong>Context:</strong></a> directory, |
| .htaccess<br /> |
| <a href="directive-dict.html#Override" |
| rel="Help"><strong>Override:</strong></a> AuthConfig<br /> |
| <a href="directive-dict.html#Status" |
| rel="Help"><strong>Status:</strong></a> Extension<br /> |
| <a href="directive-dict.html#Module" |
| rel="Help"><strong>Module:</strong></a> mod_auth_anon |
| |
| <p>A list of one or more 'magic' userIDs which are allowed |
| access without password verification. The userIDs are space |
| separated. It is possible to use the ' and " quotes to allow a |
| space in a userID as well as the \ escape character.</p> |
| |
| <p>Please note that the comparison is |
| <strong>case-IN-sensitive</strong>.<br /> |
| I strongly suggest that the magic username |
| '<code>anonymous</code>' is always one of the allowed |
| userIDs.</p> |
| |
| <p>Example:<br /> |
| <code>Anonymous anonymous "Not Registered" 'I don\'t |
| know'</code></p> |
| |
| <p>This would allow the user to enter without password |
| verification by using the userId's 'anonymous', |
| 'AnonyMous','Not Registered' and 'I Don't Know'.</p> |
| <hr /> |
| |
| <h2><a id="Authoritative" |
| name="Authoritative">Anonymous_Authoritative directive</a></h2> |
| <a href="directive-dict.html#Syntax" |
| rel="Help"><strong>Syntax:</strong></a> Anonymous_Authoritative |
| on|off<br /> |
| <a href="directive-dict.html#Default" |
| rel="Help"><strong>Default:</strong></a> |
| <code>Anonymous_Authoritative off</code><br /> |
| <a href="directive-dict.html#Context" |
| rel="Help"><strong>Context:</strong></a> directory, |
| .htaccess<br /> |
| <a href="directive-dict.html#Override" |
| rel="Help"><strong>Override:</strong></a> AuthConfig<br /> |
| <a href="directive-dict.html#Status" |
| rel="Help"><strong>Status:</strong></a> Extension<br /> |
| <a href="directive-dict.html#Module" |
| rel="Help"><strong>Module:</strong></a> mod_auth_anon |
| |
| <p>When set 'on', there is no fall-through to other |
| authorization methods. So if a userID does not match the values |
| specified in the <code>Anonymous</code> directive, access is |
| denied.</p> |
| |
| <p>Be sure you know what you are doing when you decide to |
| switch it on. And remember that it is the linking order of the |
| modules (in the Configuration / Make file) which details the |
| order in which the Authorization modules are queried.</p> |
| <hr /> |
| |
| <h2><a id="LogEmail" name="LogEmail">Anonymous_LogEmail |
| directive</a></h2> |
| <a href="directive-dict.html#Syntax" |
| rel="Help"><strong>Syntax:</strong></a> Anonymous_LogEmail |
| on|off<br /> |
| <a href="directive-dict.html#Default" |
| rel="Help"><strong>Default:</strong></a> |
| <code>Anonymous_LogEmail on</code><br /> |
| <a href="directive-dict.html#Context" |
| rel="Help"><strong>Context:</strong></a> directory, |
| .htaccess<br /> |
| <a href="directive-dict.html#Override" |
| rel="Help"><strong>Override:</strong></a> AuthConfig<br /> |
| <a href="directive-dict.html#Status" |
| rel="Help"><strong>Status:</strong></a> Extension<br /> |
| <a href="directive-dict.html#Module" |
| rel="Help"><strong>Module:</strong></a> mod_auth_anon |
| |
| <p>When set 'on', the default, the 'password' entered (which |
| hopefully contains a sensible email address) is logged in the |
| error log. The message is logged at a level of <code>info</code>, |
| and so you must have <a href="core.html#loglevel">LogLevel</a> set |
| to at least <code>info</code> in order to see this message.</p> |
| |
| <p>Log entries will look like the following example:</p> |
| |
| <pre> |
| [Fri Apr 26 14:49:50 2002] [info] [client 192.168.1.105] Anonymous: Passwd <user@example.com> Accepted |
| </pre> |
| |
| <hr /> |
| |
| <h2><a id="MustGiveEmail" |
| name="MustGiveEmail">Anonymous_MustGiveEmail directive</a></h2> |
| |
| <a href="directive-dict.html#Syntax" |
| rel="Help"><strong>Syntax:</strong></a> Anonymous_MustGiveEmail |
| on|off<br /> |
| <a href="directive-dict.html#Default" |
| rel="Help"><strong>Default:</strong></a> |
| <code>Anonymous_MustGiveEmail on</code><br /> |
| <a href="directive-dict.html#Context" |
| rel="Help"><strong>Context:</strong></a> directory, |
| .htaccess<br /> |
| <a href="directive-dict.html#Override" |
| rel="Help"><strong>Override:</strong></a> AuthConfig<br /> |
| <a href="directive-dict.html#Status" |
| rel="Help"><strong>Status:</strong></a> Extension<br /> |
| <a href="directive-dict.html#Module" |
| rel="Help"><strong>Module:</strong></a> mod_auth_anon |
| |
| <p>Specifies whether the user must specify an email address as |
| the password. This prohibits blank passwords.</p> |
| <hr /> |
| |
| <h2><a id="NoUserID" name="NoUserID">Anonymous_NoUserID |
| directive</a></h2> |
| <a href="directive-dict.html#Syntax" |
| rel="Help"><strong>Syntax:</strong></a> Anonymous_NoUserID |
| on|off<br /> |
| <a href="directive-dict.html#Default" |
| rel="Help"><strong>Default:</strong></a> |
| <code>Anonymous_NoUserID off</code><br /> |
| <a href="directive-dict.html#Context" |
| rel="Help"><strong>Context:</strong></a> directory, |
| .htaccess<br /> |
| <a href="directive-dict.html#Override" |
| rel="Help"><strong>Override:</strong></a> AuthConfig<br /> |
| <a href="directive-dict.html#Status" |
| rel="Help"><strong>Status:</strong></a> Extension<br /> |
| <a href="directive-dict.html#Module" |
| rel="Help"><strong>Module:</strong></a> mod_auth_anon |
| |
| <p>When set 'on', users can leave the userID (and perhaps the |
| password field) empty. This can be very convenient for |
| MS-Explorer users who can just hit return or click directly on |
| the OK button; which seems a natural reaction.</p> |
| <hr /> |
| |
| <h2><a id="VerifyEmail" |
| name="VerifyEmail">Anonymous_VerifyEmail directive</a></h2> |
| <a href="directive-dict.html#Syntax" |
| rel="Help"><strong>Syntax:</strong></a> Anonymous_VerifyEmail |
| on|off<br /> |
| <a href="directive-dict.html#Default" |
| rel="Help"><strong>Default:</strong></a> |
| <code>Anonymous_VerifyEmail off</code><br /> |
| <a href="directive-dict.html#Context" |
| rel="Help"><strong>Context:</strong></a> directory, |
| .htaccess<br /> |
| <a href="directive-dict.html#Override" |
| rel="Help"><strong>Override:</strong></a> AuthConfig<br /> |
| <a href="directive-dict.html#Status" |
| rel="Help"><strong>Status:</strong></a> Extension<br /> |
| <a href="directive-dict.html#Module" |
| rel="Help"><strong>Module:</strong></a> mod_auth_anon |
| |
| <p>When set 'on' the 'password' entered is checked for at least |
| one '@' and a '.' to encourage users to enter valid email |
| addresses (see the above <code>Auth_LogEmail</code>). |
| <!--#include virtual="footer.html" --> |
| </p> |
| </body> |
| </html> |
| |