| <?xml version="1.0"?> |
| <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> |
| <?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?> |
| <modulesynopsis> |
| |
| <name>mod_authn_file</name> |
| <description>User authentication using text files</description> |
| <status>Base</status> |
| <sourcefile>mod_authn_file.c</sourcefile> |
| <identifier>authn_file_module</identifier> |
| <compatibility>Available in Apache 2.0.44 and later</compatibility> |
| |
| <summary> |
| |
| <p>This module provides authentication front-ends such as |
| <module>mod_auth_digest</module> and <module>mod_auth_basic</module> |
| to authenticate users by looking up users in plain text password files. |
| Similar functionality is provided by <module>mod_authn_dbm</module>.</p> |
| |
| <p>When using <module>mod_auth_basic</module> or |
| <module>mod_auth_digest</module>, this module is invoked via the |
| <directive module="mod_auth_basic">AuthBasicProvider</directive> or |
| <directive module="mod_auth_digest">AuthDigestProvider</directive> |
| with the 'file' value.</p> |
| |
| </summary> |
| <seealso><directive module="core">AuthName</directive></seealso> |
| <seealso><directive module="core">AuthType</directive></seealso> |
| <seealso> |
| <directive module="mod_auth_basic">AuthBasicProvider</directive> |
| </seealso> |
| <seealso> |
| <directive module="mod_auth_digest">AuthDigestProvider</directive> |
| </seealso> |
| |
| <directivesynopsis> |
| <name>AuthUserFile</name> |
| <description>Sets the name of a text file containing the list of users and |
| passwords for authentication</description> |
| <syntax>AuthUserFile <em>file-path</em></syntax> |
| <contextlist> |
| <context>directory</context> |
| <context>.htaccess</context> |
| </contextlist> |
| <override>AuthConfig</override> |
| |
| <usage> |
| <p>The <directive>AuthUserFile</directive> directive sets the name |
| of a textual file containing the list of users and passwords for |
| user authentication. <em>File-path</em> is the path to the user |
| file. If it is not absolute (<em>i.e.</em>, if it doesn't begin |
| with a slash), it is treated as relative to the <directive |
| module="core">ServerRoot</directive>.</p> |
| |
| <p>Each line of the user file contains a username followed by |
| a colon, followed by the <code>crypt()</code> encrypted |
| password. The behavior of multiple occurrences of the same user is |
| undefined.</p> |
| |
| <p>The utility <a href="../programs/htpasswd.html">htpasswd</a> |
| which is installed as part of the binary distribution, or which |
| can be found in <code>src/support</code>, is used to maintain |
| this password file. See the <code>man</code> page for more |
| details. In short:</p> |
| |
| <p>Create a password file 'Filename' with 'username' as the |
| initial ID. It will prompt for the password:</p> |
| <example>htpasswd -c Filename username</example> |
| |
| <p>Add or modify 'username2' in the password file 'Filename':</p> |
| <example>htpasswd Filename username2</example> |
| |
| <p>Note that searching large text files is <em>very</em> |
| inefficient; <directive |
| module="mod_authn_dbm">AuthDBMUserFile</directive> should be used |
| instead.</p> |
| |
| <note><title>Security</title> |
| <p>Make sure that the <directive>AuthUserFile</directive> is |
| stored outside the document tree of the web-server; do <em>not</em> |
| put it in the directory that it protects. Otherwise, clients will |
| be able to download the <directive>AuthUserFile</directive>.</p> |
| </note> |
| </usage> |
| </directivesynopsis> |
| |
| </modulesynopsis> |