docs/manual/mod/mod_auth_basic.xml - httpd - Git at Google

 <?xml version="1.0"?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
 <modulesynopsis>

 <name>mod_auth_basic</name>
 <description>Basic authentication</description>
 <status>Base</status>
 <sourcefile>mod_auth_basic.c</sourcefile>
 <identifier>auth_basic_module</identifier>
 <compatibility>Available in Apache 2.0.44 and later</compatibility>

 <summary>

     <p>This module allows the use of HTTP Basic Authentication to
     restrict access by looking up users in the given providers.
     HTTP Digest Authentication is provided by
     <module>mod_auth_digest</module>.</p>

 </summary>
 <seealso><directive module="core">AuthName</directive></seealso>
 <seealso><directive module="core">AuthType</directive></seealso>

 <directivesynopsis>
 <name>AuthBasicProvider</name>
 <description>Sets the authentication provider(s) for this location</description>
 <syntax>AuthBasicProvider <em>provider-name</em></syntax>
 <contextlist>
   <context>directory</context>
   <context>.htaccess</context>
 </contextlist>
 <override>AuthConfig</override>

 <usage>
     <p>The <directive>AuthBasicProvider</directive> directive sets
     which provider is used to authenticate the users for this location.</p>

     <p>See <module>mod_authn_dbm</module>, <module>mod_authn_file</module>
     for providers.</p>

 </usage>
 </directivesynopsis>

 <directivesynopsis>
 <name>AuthBasicAuthoritative</name>
 <description>Sets whether authorization and authentication are
 passed to lower level modules</description>
 <syntax>AuthBasicAuthoritative on|off</syntax>
 <default>AuthBasicAuthoritative on</default>
 <contextlist>
   <context>directory</context>
   <context>.htaccess</context>
 </contextlist>
 <override>AuthConfig</override>

 <usage>
     <p>Setting the <directive>AuthBasicAuthoritative</directive> directive
     explicitly to <strong>'off'</strong> allows for both
     authentication and authorization to be passed on to lower level
     modules (as defined in the <code>Configuration</code> and
     <code>modules.c</code> files) if there is <strong>no
     userID</strong> or <strong>rule</strong> matching the supplied
     userID. If there is a userID and/or rule specified; the usual
     password and access checks will be applied and a failure will give
     an Authorization Required reply.</p>

     <p>So if a userID appears in the database of more than one module;
     or if a valid <directive module="core">Require</directive>
     directive applies to more than one module; then the first module
     will verify the credentials; and no access is passed on;
     regardless of the AuthAuthoritative setting.</p>

     <p>By default; control is not passed on; and an unknown userID or
     rule will result in an Authorization Required reply. Not setting
     it thus keeps the system secure; and forces an NCSA compliant
     behaviour.</p>

 </usage>
 </directivesynopsis>

 </modulesynopsis>
	<?xml version="1.0"?>
	<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
	<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
	<modulesynopsis>

	<name>mod_auth_basic</name>
	<description>Basic authentication</description>
	<status>Base</status>
	<sourcefile>mod_auth_basic.c</sourcefile>
	<identifier>auth_basic_module</identifier>
	<compatibility>Available in Apache 2.0.44 and later</compatibility>

	<summary>

	<p>This module allows the use of HTTP Basic Authentication to
	restrict access by looking up users in the given providers.
	HTTP Digest Authentication is provided by
	<module>mod_auth_digest</module>.</p>

	</summary>
	<seealso><directive module="core">AuthName</directive></seealso>
	<seealso><directive module="core">AuthType</directive></seealso>

	<directivesynopsis>
	<name>AuthBasicProvider</name>
	<description>Sets the authentication provider(s) for this location</description>
	<syntax>AuthBasicProvider <em>provider-name</em></syntax>
	<contextlist>
	<context>directory</context>
	<context>.htaccess</context>
	</contextlist>
	<override>AuthConfig</override>

	<usage>
	<p>The <directive>AuthBasicProvider</directive> directive sets
	which provider is used to authenticate the users for this location.</p>

	<p>See <module>mod_authn_dbm</module>, <module>mod_authn_file</module>
	for providers.</p>

	</usage>
	</directivesynopsis>

	<directivesynopsis>
	<name>AuthBasicAuthoritative</name>
	<description>Sets whether authorization and authentication are
	passed to lower level modules</description>
	<syntax>AuthBasicAuthoritative on\|off</syntax>
	<default>AuthBasicAuthoritative on</default>
	<contextlist>
	<context>directory</context>
	<context>.htaccess</context>
	</contextlist>
	<override>AuthConfig</override>

	<usage>
	<p>Setting the <directive>AuthBasicAuthoritative</directive> directive
	explicitly to <strong>'off'</strong> allows for both
	authentication and authorization to be passed on to lower level
	modules (as defined in the <code>Configuration</code> and
	<code>modules.c</code> files) if there is <strong>no
	userID</strong> or <strong>rule</strong> matching the supplied
	userID. If there is a userID and/or rule specified; the usual
	password and access checks will be applied and a failure will give
	an Authorization Required reply.</p>

	<p>So if a userID appears in the database of more than one module;
	or if a valid <directive module="core">Require</directive>
	directive applies to more than one module; then the first module
	will verify the credentials; and no access is passed on;
	regardless of the AuthAuthoritative setting.</p>

	<p>By default; control is not passed on; and an unknown userID or
	rule will result in an Authorization Required reply. Not setting
	it thus keeps the system secure; and forces an NCSA compliant
	behaviour.</p>

	</usage>
	</directivesynopsis>

	</modulesynopsis>