docs/manual/mod/mod_authn_anon.xml - httpd - Git at Google

 <?xml version="1.0"?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
 <modulesynopsis>

 <name>mod_authn_anon</name>
 <description>Allows "anonymous" user access to authenticated
     areas</description>
 <status>Extension</status>
 <sourcefile>mod_authn_anon.c</sourcefile>
 <identifier>authn_anon_module</identifier>
 <compatibility>Available in Apache 2.0.44 and later</compatibility>

 <summary>
     <p>This module does access control in a manner similar to
     anonymous-ftp sites; <em>i.e.</em> have a 'magic' user id
     'anonymous' and the email address as a password. These email
     addresses can be logged.</p>

     <p>Combined with other (database) access control methods, this
     allows for effective user tracking and customization according
     to a user profile while still keeping the site open for
     'unregistered' users. One advantage of using Auth-based user
     tracking is that, unlike magic-cookies and funny URL
     pre/postfixes, it is completely browser independent and it
     allows users to share URLs.</p>
 </summary>

 <section><title>Example</title>

     <p>The example below (when combined with the Auth directives of a
     htpasswd-file based (or GDM, mSQL <em>etc.</em>) base access
     control system allows users in as 'guests' with the following
     properties:</p>

     <ul>
       <li>It insists that the user enters a userId.
       (<code>Anonymous_NoUserId</code>)</li>

       <li>It insists that the user enters a password.
       (<code>Anonymous_MustGiveEmail</code>)</li>

       <li>The password entered must be a valid email address, ie.
       contain at least one '@' and a '.'.
       (<code>Anonymous_VerifyEmail</code>)</li>

       <li>The userID must be one of <code>anonymous guest www test
       welcome</code> and comparison is <strong>not</strong> case
       sensitive.</li>

       <li>And the Email addresses entered in the passwd field are
       logged to the error log file
       (<code>Anonymous_LogEmail</code>)</li>
     </ul>

     <p>Excerpt of httpd.conf:</p>

 <example>
        Anonymous_NoUserId off<br />
        Anonymous_MustGiveEmail on<br />
        Anonymous_VerifyEmail on<br />
        Anonymous_LogEmail on<br />
        Anonymous anonymous guest www test welcome<br />
 <br />
       AuthName "Use 'anonymous' &amp; Email address for
       guest entry"<br />
       AuthType basic<br />
 <br />
        # An
       AuthUserFile/AuthDBMUserFile<br />
        # directive must be specified, or use<br />
        # Anonymous_Authoritative for public access.<br />
        # In the .htaccess for the public directory, add:<br />
        &lt;Files *&gt;<br />
        Order Deny,Allow<br />
        Allow from all<br />
 <br />
        Require valid-user<br />
        &lt;/Files&gt;<br />
 </example>
 </section>

 <directivesynopsis>
 <name>Anonymous</name>
 <description>Specifies userIDs that areallowed access without
 password verification</description>
 <syntax>Anonymous <em>user</em> [<em>user</em>] ...</syntax>
 <contextlist><context>directory</context><context>.htaccess</context>
 </contextlist>
 <override>AuthConfig</override>

 <usage>
     <p>A list of one or more 'magic' userIDs which are allowed
     access without password verification. The userIDs are space
     separated. It is possible to use the ' and " quotes to allow a
     space in a userID as well as the \ escape character.</p>

     <p>Please note that the comparison is
     <strong>case-IN-sensitive</strong>.<br />
      I strongly suggest that the magic username
     '<code>anonymous</code>' is always one of the allowed
     userIDs.</p>

     <p>Example:</p>
 <example>Anonymous anonymous "Not Registered" 'I don\'t know'</example>

     <p>This would allow the user to enter without password
     verification by using the userId's 'anonymous',
     'AnonyMous','Not Registered' and 'I Don't Know'.</p>
 </usage>
 </directivesynopsis>

 <directivesynopsis>
 <name>Anonymous_Authoritative</name>
 <description>Configures if authorization will fall-through
 to other methods</description>
 <syntax>Anonymous_Authoritative on|off</syntax>
 <default>Anonymous_Authoritative off</default>
 <contextlist><context>directory</context><context>.htaccess</context>
 </contextlist>
 <override>AuthConfig</override>

 <usage>
     <p>When set 'on', there is no fall-through to other authorization
     methods. So if a userID does not match the values specified in the
     <directive module="mod_authn_anon">Anonymous</directive> directive,
     access is denied.</p>

     <p>Be sure you know what you are doing when you decide to
     switch it on. And remember that it is the linking order of the
     modules (in the Configuration / Make file) which details the
     order in which the Authorization modules are queried.</p>
 </usage>
 </directivesynopsis>

 <directivesynopsis>
 <name>Anonymous_LogEmail</name>
 <description>Sets whether the password entered will be logged in the
 error log</description>
 <syntax>Anonymous_LogEmail on|off</syntax>
 <default>Anonymous_LogEmail on</default>
 <contextlist><context>directory</context><context>.htaccess</context>
 </contextlist>
 <override>AuthConfig</override>

 <usage>
     <p>When set <code>on</code>, the default, the 'password' entered
     (which hopefully contains a sensible email address) is logged in
     the error log.</p>
 </usage>
 </directivesynopsis>

 <directivesynopsis>
 <name>Anonymous_MustGiveEmail</name>
 <description>Specifies whether blank passwords are allowed</description>
 <syntax>Anonymous_MustGiveEmail on|off</syntax>
 <default>Anonymous_MustGiveEmail on</default>
 <contextlist><context>directory</context><context>.htaccess</context>
 </contextlist>
 <override>AuthConfig</override>

 <usage>
     <p>Specifies whether the user must specify an email address as
     the password. This prohibits blank passwords.</p>
 </usage>
 </directivesynopsis>

 <directivesynopsis>
 <name>Anonymous_NoUserID</name>
 <description>Sets whether the userID field may be empty</description>
 <syntax>Anonymous_NoUserID on|off</syntax>
 <default>Anonymous_NoUserID off</default>
 <contextlist><context>directory</context><context>.htaccess</context>
 </contextlist>
 <override>AuthConfig</override>

 <usage>
     <p>When set <code>on</code>, users can leave the userID (and
     perhaps the password field) empty. This can be very convenient for
     MS-Explorer users who can just hit return or click directly on the
     OK button; which seems a natural reaction.</p>
 </usage>
 </directivesynopsis>

 <directivesynopsis>
 <name>Anonymous_VerifyEmail</name>
 <description>Sets whether to check the password field for a correctly
 formatted email address</description>
 <syntax>Anonymous_VerifyEmail on|off</syntax>
 <default>Anonymous_VerifyEmail off</default>
 <contextlist><context>directory</context><context>.htaccess</context>
 </contextlist>
 <override>AuthConfig</override>

 <usage>
     <p>When set <code>on</code> the 'password' entered is checked for
     at least one '@' and a '.' to encourage users to enter valid email
     addresses (see the above <directive
     module="mod_authn_anon">Auth_LogEmail</directive>).</p>
 </usage>
 </directivesynopsis>

 </modulesynopsis>
	<?xml version="1.0"?>
	<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
	<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
	<modulesynopsis>

	<name>mod_authn_anon</name>
	<description>Allows "anonymous" user access to authenticated
	areas</description>
	<status>Extension</status>
	<sourcefile>mod_authn_anon.c</sourcefile>
	<identifier>authn_anon_module</identifier>
	<compatibility>Available in Apache 2.0.44 and later</compatibility>

	<summary>
	<p>This module does access control in a manner similar to
	anonymous-ftp sites; <em>i.e.</em> have a 'magic' user id
	'anonymous' and the email address as a password. These email
	addresses can be logged.</p>

	<p>Combined with other (database) access control methods, this
	allows for effective user tracking and customization according
	to a user profile while still keeping the site open for
	'unregistered' users. One advantage of using Auth-based user
	tracking is that, unlike magic-cookies and funny URL
	pre/postfixes, it is completely browser independent and it
	allows users to share URLs.</p>
	</summary>

	<section><title>Example</title>

	<p>The example below (when combined with the Auth directives of a
	htpasswd-file based (or GDM, mSQL <em>etc.</em>) base access
	control system allows users in as 'guests' with the following
	properties:</p>

	<ul>
	<li>It insists that the user enters a userId.
	(<code>Anonymous_NoUserId</code>)</li>

	<li>It insists that the user enters a password.
	(<code>Anonymous_MustGiveEmail</code>)</li>

	<li>The password entered must be a valid email address, ie.
	contain at least one '@' and a '.'.
	(<code>Anonymous_VerifyEmail</code>)</li>

	<li>The userID must be one of <code>anonymous guest www test
	welcome</code> and comparison is <strong>not</strong> case
	sensitive.</li>

	<li>And the Email addresses entered in the passwd field are
	logged to the error log file
	(<code>Anonymous_LogEmail</code>)</li>
	</ul>

	<p>Excerpt of httpd.conf:</p>

	<example>
	Anonymous_NoUserId off<br />
	Anonymous_MustGiveEmail on<br />
	Anonymous_VerifyEmail on<br />
	Anonymous_LogEmail on<br />
	Anonymous anonymous guest www test welcome<br />
	<br />
	AuthName "Use 'anonymous' & Email address for
	guest entry"<br />
	AuthType basic<br />
	<br />
	# An
	AuthUserFile/AuthDBMUserFile<br />
	# directive must be specified, or use<br />
	# Anonymous_Authoritative for public access.<br />
	# In the .htaccess for the public directory, add:<br />
	<Files *><br />
	Order Deny,Allow<br />
	Allow from all<br />
	<br />
	Require valid-user<br />
	</Files><br />
	</example>
	</section>

	<directivesynopsis>
	<name>Anonymous</name>
	<description>Specifies userIDs that areallowed access without
	password verification</description>
	<syntax>Anonymous <em>user</em> [<em>user</em>] ...</syntax>
	<contextlist><context>directory</context><context>.htaccess</context>
	</contextlist>
	<override>AuthConfig</override>

	<usage>
	<p>A list of one or more 'magic' userIDs which are allowed
	access without password verification. The userIDs are space
	separated. It is possible to use the ' and " quotes to allow a
	space in a userID as well as the \ escape character.</p>

	<p>Please note that the comparison is
	<strong>case-IN-sensitive</strong>.<br />
	I strongly suggest that the magic username
	'<code>anonymous</code>' is always one of the allowed
	userIDs.</p>

	<p>Example:</p>
	<example>Anonymous anonymous "Not Registered" 'I don\'t know'</example>

	<p>This would allow the user to enter without password
	verification by using the userId's 'anonymous',
	'AnonyMous','Not Registered' and 'I Don't Know'.</p>
	</usage>
	</directivesynopsis>

	<directivesynopsis>
	<name>Anonymous_Authoritative</name>
	<description>Configures if authorization will fall-through
	to other methods</description>
	<syntax>Anonymous_Authoritative on\|off</syntax>
	<default>Anonymous_Authoritative off</default>
	<contextlist><context>directory</context><context>.htaccess</context>
	</contextlist>
	<override>AuthConfig</override>

	<usage>
	<p>When set 'on', there is no fall-through to other authorization
	methods. So if a userID does not match the values specified in the
	<directive module="mod_authn_anon">Anonymous</directive> directive,
	access is denied.</p>

	<p>Be sure you know what you are doing when you decide to
	switch it on. And remember that it is the linking order of the
	modules (in the Configuration / Make file) which details the
	order in which the Authorization modules are queried.</p>
	</usage>
	</directivesynopsis>

	<directivesynopsis>
	<name>Anonymous_LogEmail</name>
	<description>Sets whether the password entered will be logged in the
	error log</description>
	<syntax>Anonymous_LogEmail on\|off</syntax>
	<default>Anonymous_LogEmail on</default>
	<contextlist><context>directory</context><context>.htaccess</context>
	</contextlist>
	<override>AuthConfig</override>

	<usage>
	<p>When set <code>on</code>, the default, the 'password' entered
	(which hopefully contains a sensible email address) is logged in
	the error log.</p>
	</usage>
	</directivesynopsis>

	<directivesynopsis>
	<name>Anonymous_MustGiveEmail</name>
	<description>Specifies whether blank passwords are allowed</description>
	<syntax>Anonymous_MustGiveEmail on\|off</syntax>
	<default>Anonymous_MustGiveEmail on</default>
	<contextlist><context>directory</context><context>.htaccess</context>
	</contextlist>
	<override>AuthConfig</override>

	<usage>
	<p>Specifies whether the user must specify an email address as
	the password. This prohibits blank passwords.</p>
	</usage>
	</directivesynopsis>

	<directivesynopsis>
	<name>Anonymous_NoUserID</name>
	<description>Sets whether the userID field may be empty</description>
	<syntax>Anonymous_NoUserID on\|off</syntax>
	<default>Anonymous_NoUserID off</default>
	<contextlist><context>directory</context><context>.htaccess</context>
	</contextlist>
	<override>AuthConfig</override>

	<usage>
	<p>When set <code>on</code>, users can leave the userID (and
	perhaps the password field) empty. This can be very convenient for
	MS-Explorer users who can just hit return or click directly on the
	OK button; which seems a natural reaction.</p>
	</usage>
	</directivesynopsis>

	<directivesynopsis>
	<name>Anonymous_VerifyEmail</name>
	<description>Sets whether to check the password field for a correctly
	formatted email address</description>
	<syntax>Anonymous_VerifyEmail on\|off</syntax>
	<default>Anonymous_VerifyEmail off</default>
	<contextlist><context>directory</context><context>.htaccess</context>
	</contextlist>
	<override>AuthConfig</override>

	<usage>
	<p>When set <code>on</code> the 'password' entered is checked for
	at least one '@' and a '.' to encourage users to enter valid email
	addresses (see the above <directive
	module="mod_authn_anon">Auth_LogEmail</directive>).</p>
	</usage>
	</directivesynopsis>

	</modulesynopsis>