| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> |
| <HTML> |
| <HEAD> |
| <TITLE>Apache module mod_auth_anon.c</TITLE> |
| </HEAD> |
| <!-- Background white, links blue (unvisited), navy (visited), red (active) --> |
| <BODY |
| BGCOLOR="#FFFFFF" |
| TEXT="#000000" |
| LINK="#0000FF" |
| VLINK="#000080" |
| ALINK="#FF0000" |
| > |
| <!--#include virtual="header.html" --> |
| <H1 ALIGN="CENTER">Module mod_auth_anon</H1> |
| |
| This module is contained in the <code>mod_auth_anon.c</code> file and |
| is not compiled in by default. It is only available in Apache 1.1 and |
| later. It allows "anonymous" user access to authenticated areas. |
| |
| <h2>Summary</h2> |
| |
| It does access control in a manner similar to anonymous-ftp sites; i.e. |
| have a 'magic' user id 'anonymous' and the email address as a password. |
| These email addresses can be logged. |
| <p> |
| Combined with other (database) access control methods, this allows for |
| effective user tracking and customization according to a user profile |
| while still keeping the site open for 'unregistered' users. One advantage |
| of using Auth-based user tracking is that, unlike magic-cookies and |
| funny URL pre/postfixes, it is completely browser independent and it |
| allows users to share URLs. |
| <p> |
| |
| <a href="#Directives">Directives</a> / |
| <a href="#Example">Example</a> / |
| <a href="#CompileTimeOptions">Compile time options</a> / |
| <a href="#RevisionHistory">RevisionHistory</a> / |
| <a href="#Person">Person to blame</a> / |
| <a href="#Sourcecode">Sourcecode</a> |
| <p> |
| |
| <h2><a name="Directives">Directives</a></h2> |
| <ul> |
| <li><A HREF="#anonymous">Anonymous</A> |
| <li><A HREF="#Authoritative">Anonymous_Authoritative</A> |
| <li><A HREF="#LogEmail">Anonymous_LogEmail</A> |
| <li><A HREF="#MustGiveEmail">Anonymous_MustGiveEmail</A> |
| <li><A HREF="#NoUserID">Anonymous_NoUserID</A> |
| <li><A HREF="#VerifyEmail">Anonymous_VerifyEmail</A> |
| </ul> |
| |
| <hr> |
| |
| <A name="anonymous"><h2>Anonymous</h2></a> |
| <!--%plaintext <?INDEX {\tt Anonymous} directive> --> |
| <strong>Syntax:</strong> Anonymous <em>user user ...</em><br> |
| <strong>Default:</strong> none<br> |
| <strong>Context:</strong> directory, .htaccess<br> |
| <strong>Override:</strong> AuthConfig<br> |
| <strong>Status:</strong> Extension<br> |
| <strong>Module:</strong> mod_auth_anon<p> |
| |
| A list of one or more 'magic' userIDs which are allowed access |
| without password verification. The userIDs are space separated. |
| It is possible to use the ' and " quotes to allow a space in |
| a userID as well as the \ escape character. |
| <p> |
| Please note that the comparison is <b>case-IN-sensitive</b>. |
| <br> |
| I strongly suggest that the magic username '<code>anonymous</code>' |
| is always one of the allowed userIDs. |
| <p> |
| Example:<br> |
| <code> |
| Anonymous: anonymous "Not Registered" 'I don\'t know' |
| </code><p> |
| This would allow the user to enter without password verification |
| by using the userId's 'anonymous', 'AnonyMous','Not Registered' and |
| 'I Don't Know'. |
| <HR> |
| |
| <A name="Authoritative"><h2>Anonymous_Authoritative</h2></A> |
| <strong>Syntax:</strong> Anonymous_Authoritative <em>on | off</em><br> |
| <strong>Default:</strong> <code>Anonymous_Authoritative off</code><br> |
| <strong>Context:</strong> directory, .htaccess<br> |
| <strong>Override:</strong> AuthConfig<br> |
| <strong>Status:</strong> Extension<br> |
| <strong>Module:</strong> mod_auth_anon<p> |
| |
| When set 'on', there is no |
| fall-through to other authorization methods. So if a |
| userID does not match the values specified in the |
| <code>Anonymous</code> directive, access is denied. |
| <p> |
| Be sure you know what you are doing when you decide to switch |
| it on. And remember that it is the linking order of the modules |
| (in the Configuration / Make file) which details the order |
| in which the Authorization modules are queried. |
| <hr> |
| |
| <A name="LogEmail"><h2>Anonymous_LogEmail</h2></A> |
| <strong>Syntax:</strong> Anonymous_LogEmail <em>on | off</em><br> |
| <strong>Default:</strong> <code>off</code><br> |
| <strong>Context:</strong> directory, .htaccess<br> |
| <strong>Override:</strong> AuthConfig<br> |
| <strong>Status:</strong> Extension<br> |
| <strong>Module:</strong> mod_auth_anon<p> |
| |
| When set 'on', the default, the 'password' entered (which hopefully |
| contains a sensible email address) is logged in the httpd-log file. |
| <hr> |
| |
| <A name="MustGiveEmail"><h2>Anonymous_MustGiveEmail</h2></a> |
| <!--%plaintext <?INDEX {\tt Anonymous_MustGiveEmail} directive> --> |
| <strong>Syntax:</strong> Anonymous_MustGiveEmail <em>on</em> | <em>off</em><br> |
| <strong>Default:</strong> off<br> |
| <strong>Context:</strong> directory, .htaccess<br> |
| <strong>Override:</strong> AuthConfig<br> |
| <strong>Status:</strong> Extension<br> |
| <strong>Module:</strong> mod_auth_anon<p> |
| |
| Specifies whether the user must specify an email |
| address as the password. This prohibits blank passwords. |
| <HR> |
| |
| <A name="NoUserID"><h2>Anonymous_NoUserID</h2></A> |
| <strong>Syntax:</strong> Anonymous_NoUserID <em>on | off</em><br> |
| <strong>Default:</strong> <code>Anonymous_NoUserID off</code><br> |
| <strong>Context:</strong> directory, .htaccess<br> |
| <strong>Override:</strong> AuthConfig<br> |
| <strong>Status:</strong> Extension<br> |
| <strong>Module:</strong> mod_auth_anon<p> |
| |
| When set 'on', users can leave |
| the userID (and perhaps the password field) empty. This |
| can be very convenient for MS-Explorer users who can |
| just hit return or click directly on the OK button; which |
| seems a natural reaction. |
| |
| <hr> |
| |
| <A name="VerifyEmail"><h2>Anonymous_VerifyEmail</h2></A> |
| <strong>Syntax:</strong> Anonymous <em>on | off</em><br> |
| <strong>Default:</strong> <code>Anonymous_VerifyEmail off</code><br> |
| <strong>Context:</strong> directory, .htaccess<br> |
| <strong>Override:</strong> AuthConfig<br> |
| <strong>Status:</strong> Extension<br> |
| <strong>Module:</strong> mod_auth_anon<p> |
| |
| When set 'on' the 'password' entered is |
| checked for at least one '@' and a '.' to encourage users to enter |
| valid email addresses (see the above <code>Auth_LogEmail</code>). |
| |
| <hr><a name="Example"><h2>Example</h2></a> |
| |
| The example below (when combined with the Auth directives |
| of a htpasswd-file based (or GDM, mSQL etc) base access |
| control system allows users in as 'guests' with the |
| following properties: |
| <ul> |
| <li> |
| It insists that the user enters a userId. (<code>Anonymous_NoUserId</code>) |
| <li> |
| It insists that the user enters a password. (<code>Anonymous_MustGiveEmail</code>) |
| <li> |
| The password entered must be a valid email address, ie. contain at least one '@' and a '.'. |
| (<code>Anonymous_VerifyEmail</code>) |
| <li> |
| The userID must be one of <code>anonymous guest www test welcome</code> |
| and comparison is <b>not</b> case sensitive. |
| <code><directory /web/docs/public></code> |
| <li> |
| And the Email addresses entered in the passswd field are logged to |
| the httpd-log file |
| (<code>Anonymous_LogEmail</code>) |
| </ul> |
| <p> |
| Excerpt of access.conf: |
| <dl> |
| <dt><code> |
| Anonymous anonymous guest www test welcome<p> |
| Anonymous_MustGiveEmail on<br> |
| Anonymous_VerifyEmail on<br> |
| Anonymous_NoUserId off<br> |
| Anonymous_LogEmail on<br> |
| <p> |
| AuthName Use 'anonymous' & Email address for guest entry<br> |
| AuthType basic<p> |
| |
| </code></dt> |
| <dd> |
| Normal Apache/NCSA tokens for access control |
| <p> |
| <code><limit get post head></code><br> |
| <code>order deny,allow </code><br> |
| <code>allow from all </code><br> |
| <p> |
| <code>require valid-user </code><br> |
| <code><limit> </code><br> |
| </dd> |
| </dl> |
| |
| |
| <hr><h2><a name="CompileTimeOptions">Compile Time Options</a></h2> |
| |
| Currently there are no Compile options. |
| |
| <hr><h2><a name="RevisionHistory">Revision History</a></h2> |
| |
| This version: 23 Nov 1995, 24 Feb 1996, 16 May 1996. |
| |
| <dl> |
| |
| <dt>Version 0.4<br></dt> |
| <dd>First release |
| </dd> |
| <dt>Version 0.5<br></dt> |
| <dd>Added 'VerifyEmail' and 'LogEmail' options. Multiple |
| 'anonymous' tokens allowed. more docs. Added Authoritative |
| functionality. |
| </dd> |
| </dl> |
| |
| |
| <hr><h2><a name="Person">Contact/person to blame</a></h2> |
| |
| This module was written for the |
| <a href="http://ewse.ceo.org">European Wide Service Exchange</a> by |
| <<a href="mailto:Dirk.vanGulik@jrc.it"><code>Dirk.vanGulik@jrc.it</code></a>>. |
| Feel free to contact me if you have any problems, ice-creams or bugs. This |
| documentation, courtesy of Nick Himba, <a href="mailto:himba@cs.utwente.nl"> |
| <code><himba@cs.utwente.nl></code></a>. |
| <p> |
| |
| |
| <hr><h2><a NAME="Sourcecode">Sourcecode</a></h2> |
| |
| The source code can be found at <a href="http://www.apache.org"><code> |
| http://www.apache.org</code></a>. A snapshot of a development version |
| usually resides at <a href="http://me-www.jrc.it/~dirkx/mod_auth_anon.c"><code> |
| http://me-www.jrc.it/~dirkx/mod_auth_anon.c</code></a>. Please make sure |
| that you always quote the version you use when filing a bug report. |
| <p> |
| |
| <!--#include virtual="footer.html" --> |
| </body> |
| </html> |
| |