docs/manual/mod/mod_auth_anon.html - httpd - Git at Google

 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
 <HTML>
 <HEAD>
 <TITLE>Apache module mod_auth_anon.c</TITLE>
 </HEAD>
 <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
 <BODY
  BGCOLOR="#FFFFFF"
  TEXT="#000000"
  LINK="#0000FF"
  VLINK="#000080"
  ALINK="#FF0000"
 >
 <!--#include virtual="header.html" -->
 <H1 ALIGN="CENTER">Module mod_auth_anon</H1>

 This module is contained in the <code>mod_auth_anon.c</code> file and
 is not compiled in by default. It is only available in Apache 1.1 and
 later. It allows "anonymous" user access to authenticated areas.

 <h2>Summary</h2>

 It does access control in a manner similar to anonymous-ftp sites; i.e.
 have a 'magic' user id 'anonymous' and the email address as a password.
 These email addresses can be logged.
 <p>
 Combined with other (database) access control methods, this allows for
 effective user tracking and customization according to a user profile
 while still keeping the site open for 'unregistered' users. One advantage
 of using Auth-based user tracking is that, unlike magic-cookies and
 funny URL pre/postfixes, it is completely browser independent and it
 allows users to share URLs.
 <p>

 <a href="#Directives">Directives</a> /
 <a href="#Example">Example</a> /
 <a href="#CompileTimeOptions">Compile time options</a> /
 <a href="#RevisionHistory">RevisionHistory</a> /
 <a href="#Person">Person to blame</a> /
 <a href="#Sourcecode">Sourcecode</a>
 <p>

 <h2><a name="Directives">Directives</a></h2>
 <ul>
 <li><A HREF="#anonymous">Anonymous</A>
 <li><A HREF="#Authoritative">Anonymous_Authoritative</A>
 <li><A HREF="#LogEmail">Anonymous_LogEmail</A>
 <li><A HREF="#MustGiveEmail">Anonymous_MustGiveEmail</A>
 <li><A HREF="#NoUserID">Anonymous_NoUserID</A>
 <li><A HREF="#VerifyEmail">Anonymous_VerifyEmail</A>
 </ul>

 <hr>

 <A name="anonymous"><h2>Anonymous</h2></a>
 <!--%plaintext &lt;?INDEX {\tt Anonymous} directive&gt; -->
 <strong>Syntax:</strong> Anonymous <em>user user ...</em><br>
 <strong>Default:</strong> none<br>
 <strong>Context:</strong> directory, .htaccess<br>
 <strong>Override:</strong> AuthConfig<br>
 <strong>Status:</strong> Extension<br>
 <strong>Module:</strong> mod_auth_anon<p>

         A list of one or more 'magic' userIDs which are allowed access
         without password verification. The userIDs are space separated.
         It is possible to use the ' and " quotes to allow a space in
         a userID as well as the \ escape character.
         <p>
         Please note that the comparison is <b>case-IN-sensitive</b>.
         <br>
         I strongly suggest that the magic username '<code>anonymous</code>'
         is always one of the allowed userIDs.
         <p>
         Example:<br>
         <code>
         Anonymous: anonymous "Not Registered" 'I don\'t know'
         </code><p>
         This would allow the user to enter without password verification
         by using the userId's 'anonymous', 'AnonyMous','Not Registered' and
         'I Don't Know'.
 <HR>

 <A name="Authoritative"><h2>Anonymous_Authoritative</h2></A>
 <strong>Syntax:</strong> Anonymous_Authoritative <em>on | off</em><br>
 <strong>Default:</strong> <code>Anonymous_Authoritative off</code><br>
 <strong>Context:</strong> directory, .htaccess<br>
 <strong>Override:</strong> AuthConfig<br>
 <strong>Status:</strong> Extension<br>
 <strong>Module:</strong> mod_auth_anon<p>

         When set 'on', there is no
         fall-through to other authorization methods. So if a
         userID does not match the values specified in the
         <code>Anonymous</code> directive, access is denied.
         <p>
         Be sure you know what you are doing when you decide to switch
         it on. And remember that it is the linking order of the modules
         (in the Configuration / Make file) which details the order
         in which the Authorization modules are queried.
 <hr>

 <A name="LogEmail"><h2>Anonymous_LogEmail</h2></A>
 <strong>Syntax:</strong> Anonymous_LogEmail <em>on | off</em><br>
 <strong>Default:</strong> <code>off</code><br>
 <strong>Context:</strong> directory, .htaccess<br>
 <strong>Override:</strong> AuthConfig<br>
 <strong>Status:</strong> Extension<br>
 <strong>Module:</strong> mod_auth_anon<p>

         When set 'on', the default, the 'password' entered (which hopefully
         contains a sensible email address) is logged in the httpd-log file.
 <hr>

 <A name="MustGiveEmail"><h2>Anonymous_MustGiveEmail</h2></a>
 <!--%plaintext &lt;?INDEX {\tt Anonymous_MustGiveEmail} directive&gt; -->
 <strong>Syntax:</strong> Anonymous_MustGiveEmail <em>on</em> | <em>off</em><br>
 <strong>Default:</strong> off<br>
 <strong>Context:</strong> directory, .htaccess<br>
 <strong>Override:</strong> AuthConfig<br>
 <strong>Status:</strong> Extension<br>
 <strong>Module:</strong> mod_auth_anon<p>

         Specifies whether the user must specify an email
         address as the password.  This prohibits blank passwords.
 <HR>

 <A name="NoUserID"><h2>Anonymous_NoUserID</h2></A>
 <strong>Syntax:</strong> Anonymous_NoUserID <em>on | off</em><br>
 <strong>Default:</strong> <code>Anonymous_NoUserID off</code><br>
 <strong>Context:</strong> directory, .htaccess<br>
 <strong>Override:</strong> AuthConfig<br>
 <strong>Status:</strong> Extension<br>
 <strong>Module:</strong> mod_auth_anon<p>

         When set 'on', users can leave
         the userID (and perhaps the password field) empty. This
         can be very convenient for MS-Explorer users who can
         just hit return or click directly on the OK button; which
         seems a natural reaction.

 <hr>

 <A name="VerifyEmail"><h2>Anonymous_VerifyEmail</h2></A>
 <strong>Syntax:</strong> Anonymous <em>on | off</em><br>
 <strong>Default:</strong> <code>Anonymous_VerifyEmail off</code><br>
 <strong>Context:</strong> directory, .htaccess<br>
 <strong>Override:</strong> AuthConfig<br>
 <strong>Status:</strong> Extension<br>
 <strong>Module:</strong> mod_auth_anon<p>

         When set 'on' the 'password' entered is
         checked for at least one '@' and a '.' to encourage users to enter
         valid email addresses (see the above <code>Auth_LogEmail</code>).

 <hr><a name="Example"><h2>Example</h2></a>

 The example below (when combined with the Auth directives
 of a htpasswd-file based (or GDM, mSQL etc) base access
 control system allows users in as 'guests' with the
 following properties:
 <ul>
 <li>
 It insists that the user enters a userId. (<code>Anonymous_NoUserId</code>)
 <li>
 It insists that the user enters a password. (<code>Anonymous_MustGiveEmail</code>)
 <li>
 The password entered must be a valid email address, ie. contain at least one '@' and a '.'.
 (<code>Anonymous_VerifyEmail</code>)
 <li>
 The userID must be one of <code>anonymous guest www test welcome</code>
 and comparison is <b>not</b> case sensitive.
 <code>&lt;directory /web/docs/public&gt;</code>
 <li>
 And the Email addresses entered in the passswd field are logged to
 the httpd-log file
 (<code>Anonymous_LogEmail</code>)
 </ul>
 <p>
 Excerpt of access.conf:
 <dl>
 <dt><code>
 Anonymous        anonymous guest www test welcome<p>
 Anonymous_MustGiveEmail on<br>
 Anonymous_VerifyEmail    on<br>
 Anonymous_NoUserId      off<br>
 Anonymous_LogEmail      on<br>
 <p>
 AuthName                Use 'anonymous' & Email address for guest entry<br>
 AuthType                basic<p>

 </code></dt>
 <dd>
                 Normal Apache/NCSA tokens for access control
                 <p>
                 <code>&lt;limit get post head&gt</code><br>
                 <code>order deny,allow          </code><br>
                 <code>allow from all            </code><br>
                 <p>
                 <code>require valid-user        </code><br>
                 <code>&lt;limit&gt              </code><br>
 </dd>
 </dl>


 <hr><h2><a name="CompileTimeOptions">Compile Time Options</a></h2>

 Currently there are no Compile options.

 <hr><h2><a name="RevisionHistory">Revision History</a></h2>

 This version: 23 Nov 1995, 24 Feb 1996, 16 May 1996.

 <dl>

 <dt>Version 0.4<br></dt>
     <dd>First release
     </dd>
 <dt>Version 0.5<br></dt>
     <dd>Added 'VerifyEmail' and 'LogEmail' options. Multiple
         'anonymous' tokens allowed. more docs. Added Authoritative
         functionality.
     </dd>
 </dl>


 <hr><h2><a name="Person">Contact/person to blame</a></h2>

 This module was written for the
 <a href="http://ewse.ceo.org">European Wide Service Exchange</a> by
 &lt<a href="mailto:Dirk.vanGulik@jrc.it"><code>Dirk.vanGulik@jrc.it</code></a>&gt.
 Feel free to contact me if you have any problems, ice-creams or bugs. This
 documentation, courtesy of Nick Himba, <a href="mailto:himba@cs.utwente.nl">
 <code>&lt;himba@cs.utwente.nl&gt;</code></a>.
 <p>


 <hr><h2><a NAME="Sourcecode">Sourcecode</a></h2>

 The source code can be found at <a href="http://www.apache.org"><code>
 http://www.apache.org</code></a>. A snapshot of a development version
 usually resides at <a href="http://me-www.jrc.it/~dirkx/mod_auth_anon.c"><code>
 http://me-www.jrc.it/~dirkx/mod_auth_anon.c</code></a>. Please make sure
 that you always quote the version you use when filing a bug report.
 <p>

 <!--#include virtual="footer.html" -->
 </body>
 </html>
	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
	<HTML>
	<HEAD>
	<TITLE>Apache module mod_auth_anon.c</TITLE>
	</HEAD>
	<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
	<BODY
	BGCOLOR="#FFFFFF"
	TEXT="#000000"
	LINK="#0000FF"
	VLINK="#000080"
	ALINK="#FF0000"
	>
	<!--#include virtual="header.html" -->
	<H1 ALIGN="CENTER">Module mod_auth_anon</H1>

	This module is contained in the <code>mod_auth_anon.c</code> file and
	is not compiled in by default. It is only available in Apache 1.1 and
	later. It allows "anonymous" user access to authenticated areas.

	<h2>Summary</h2>

	It does access control in a manner similar to anonymous-ftp sites; i.e.
	have a 'magic' user id 'anonymous' and the email address as a password.
	These email addresses can be logged.
	<p>
	Combined with other (database) access control methods, this allows for
	effective user tracking and customization according to a user profile
	while still keeping the site open for 'unregistered' users. One advantage
	of using Auth-based user tracking is that, unlike magic-cookies and
	funny URL pre/postfixes, it is completely browser independent and it
	allows users to share URLs.
	<p>

	<a href="#Directives">Directives</a> /
	<a href="#Example">Example</a> /
	<a href="#CompileTimeOptions">Compile time options</a> /
	<a href="#RevisionHistory">RevisionHistory</a> /
	<a href="#Person">Person to blame</a> /
	<a href="#Sourcecode">Sourcecode</a>
	<p>

	<h2><a name="Directives">Directives</a></h2>
	<ul>
	<li><A HREF="#anonymous">Anonymous</A>
	<li><A HREF="#Authoritative">Anonymous_Authoritative</A>
	<li><A HREF="#LogEmail">Anonymous_LogEmail</A>
	<li><A HREF="#MustGiveEmail">Anonymous_MustGiveEmail</A>
	<li><A HREF="#NoUserID">Anonymous_NoUserID</A>
	<li><A HREF="#VerifyEmail">Anonymous_VerifyEmail</A>
	</ul>

	<hr>

	<A name="anonymous"><h2>Anonymous</h2></a>
	<!--%plaintext <?INDEX {\tt Anonymous} directive> -->
	<strong>Syntax:</strong> Anonymous <em>user user ...</em><br>
	<strong>Default:</strong> none<br>
	<strong>Context:</strong> directory, .htaccess<br>
	<strong>Override:</strong> AuthConfig<br>
	<strong>Status:</strong> Extension<br>
	<strong>Module:</strong> mod_auth_anon<p>

	A list of one or more 'magic' userIDs which are allowed access
	without password verification. The userIDs are space separated.
	It is possible to use the ' and " quotes to allow a space in
	a userID as well as the \ escape character.
	<p>
	Please note that the comparison is <b>case-IN-sensitive</b>.
	<br>
	I strongly suggest that the magic username '<code>anonymous</code>'
	is always one of the allowed userIDs.
	<p>
	Example:<br>
	<code>
	Anonymous: anonymous "Not Registered" 'I don\'t know'
	</code><p>
	This would allow the user to enter without password verification
	by using the userId's 'anonymous', 'AnonyMous','Not Registered' and
	'I Don't Know'.
	<HR>

	<A name="Authoritative"><h2>Anonymous_Authoritative</h2></A>
	<strong>Syntax:</strong> Anonymous_Authoritative <em>on \| off</em><br>
	<strong>Default:</strong> <code>Anonymous_Authoritative off</code><br>
	<strong>Context:</strong> directory, .htaccess<br>
	<strong>Override:</strong> AuthConfig<br>
	<strong>Status:</strong> Extension<br>
	<strong>Module:</strong> mod_auth_anon<p>

	When set 'on', there is no
	fall-through to other authorization methods. So if a
	userID does not match the values specified in the
	<code>Anonymous</code> directive, access is denied.
	<p>
	Be sure you know what you are doing when you decide to switch
	it on. And remember that it is the linking order of the modules
	(in the Configuration / Make file) which details the order
	in which the Authorization modules are queried.
	<hr>

	<A name="LogEmail"><h2>Anonymous_LogEmail</h2></A>
	<strong>Syntax:</strong> Anonymous_LogEmail <em>on \| off</em><br>
	<strong>Default:</strong> <code>off</code><br>
	<strong>Context:</strong> directory, .htaccess<br>
	<strong>Override:</strong> AuthConfig<br>
	<strong>Status:</strong> Extension<br>
	<strong>Module:</strong> mod_auth_anon<p>

	When set 'on', the default, the 'password' entered (which hopefully
	contains a sensible email address) is logged in the httpd-log file.
	<hr>

	<A name="MustGiveEmail"><h2>Anonymous_MustGiveEmail</h2></a>
	<!--%plaintext <?INDEX {\tt Anonymous_MustGiveEmail} directive> -->
	<strong>Syntax:</strong> Anonymous_MustGiveEmail <em>on</em> \| <em>off</em><br>
	<strong>Default:</strong> off<br>
	<strong>Context:</strong> directory, .htaccess<br>
	<strong>Override:</strong> AuthConfig<br>
	<strong>Status:</strong> Extension<br>
	<strong>Module:</strong> mod_auth_anon<p>

	Specifies whether the user must specify an email
	address as the password. This prohibits blank passwords.
	<HR>

	<A name="NoUserID"><h2>Anonymous_NoUserID</h2></A>
	<strong>Syntax:</strong> Anonymous_NoUserID <em>on \| off</em><br>
	<strong>Default:</strong> <code>Anonymous_NoUserID off</code><br>
	<strong>Context:</strong> directory, .htaccess<br>
	<strong>Override:</strong> AuthConfig<br>
	<strong>Status:</strong> Extension<br>
	<strong>Module:</strong> mod_auth_anon<p>

	When set 'on', users can leave
	the userID (and perhaps the password field) empty. This
	can be very convenient for MS-Explorer users who can
	just hit return or click directly on the OK button; which
	seems a natural reaction.

	<hr>

	<A name="VerifyEmail"><h2>Anonymous_VerifyEmail</h2></A>
	<strong>Syntax:</strong> Anonymous <em>on \| off</em><br>
	<strong>Default:</strong> <code>Anonymous_VerifyEmail off</code><br>
	<strong>Context:</strong> directory, .htaccess<br>
	<strong>Override:</strong> AuthConfig<br>
	<strong>Status:</strong> Extension<br>
	<strong>Module:</strong> mod_auth_anon<p>

	When set 'on' the 'password' entered is
	checked for at least one '@' and a '.' to encourage users to enter
	valid email addresses (see the above <code>Auth_LogEmail</code>).

	<hr><a name="Example"><h2>Example</h2></a>

	The example below (when combined with the Auth directives
	of a htpasswd-file based (or GDM, mSQL etc) base access
	control system allows users in as 'guests' with the
	following properties:
	<ul>
	<li>
	It insists that the user enters a userId. (<code>Anonymous_NoUserId</code>)
	<li>
	It insists that the user enters a password. (<code>Anonymous_MustGiveEmail</code>)
	<li>
	The password entered must be a valid email address, ie. contain at least one '@' and a '.'.
	(<code>Anonymous_VerifyEmail</code>)
	<li>
	The userID must be one of <code>anonymous guest www test welcome</code>
	and comparison is <b>not</b> case sensitive.
	<code><directory /web/docs/public></code>
	<li>
	And the Email addresses entered in the passswd field are logged to
	the httpd-log file
	(<code>Anonymous_LogEmail</code>)
	</ul>
	<p>
	Excerpt of access.conf:
	<dl>
	<dt><code>
	Anonymous anonymous guest www test welcome<p>
	Anonymous_MustGiveEmail on<br>
	Anonymous_VerifyEmail on<br>
	Anonymous_NoUserId off<br>
	Anonymous_LogEmail on<br>
	<p>
	AuthName Use 'anonymous' & Email address for guest entry<br>
	AuthType basic<p>

	</code></dt>
	<dd>
	Normal Apache/NCSA tokens for access control
	<p>
	<code><limit get post head&gt</code><br>
	<code>order deny,allow </code><br>
	<code>allow from all </code><br>
	<p>
	<code>require valid-user </code><br>
	<code><limit&gt </code><br>
	</dd>
	</dl>


	<hr><h2><a name="CompileTimeOptions">Compile Time Options</a></h2>

	Currently there are no Compile options.

	<hr><h2><a name="RevisionHistory">Revision History</a></h2>

	This version: 23 Nov 1995, 24 Feb 1996, 16 May 1996.

	<dl>

	<dt>Version 0.4<br></dt>
	<dd>First release
	</dd>
	<dt>Version 0.5<br></dt>
	<dd>Added 'VerifyEmail' and 'LogEmail' options. Multiple
	'anonymous' tokens allowed. more docs. Added Authoritative
	functionality.
	</dd>
	</dl>


	<hr><h2><a name="Person">Contact/person to blame</a></h2>

	This module was written for the
	<a href="http://ewse.ceo.org">European Wide Service Exchange</a> by
	&lt<a href="mailto:Dirk.vanGulik@jrc.it"><code>Dirk.vanGulik@jrc.it</code></a>&gt.
	Feel free to contact me if you have any problems, ice-creams or bugs. This
	documentation, courtesy of Nick Himba, <a href="mailto:himba@cs.utwente.nl">
	<code><himba@cs.utwente.nl></code></a>.
	<p>


	<hr><h2><a NAME="Sourcecode">Sourcecode</a></h2>

	The source code can be found at <a href="http://www.apache.org"><code>
	http://www.apache.org</code></a>. A snapshot of a development version
	usually resides at <a href="http://me-www.jrc.it/~dirkx/mod_auth_anon.c"><code>
	http://me-www.jrc.it/~dirkx/mod_auth_anon.c</code></a>. Please make sure
	that you always quote the version you use when filing a bug report.
	<p>

	<!--#include virtual="footer.html" -->
	</body>
	</html>