Apache HTTP Server Version 2.0
Apache HTTP Server Version 2.0
| Description: | User authentication using text files |
|---|---|
| Status: | Base |
| Module Identifier: | auth_module |
| Source File: | mod_auth.c |
This module allows the use of HTTP Basic Authentication to
restrict access by looking up users in plain text password and
group files. Similar functionality and greater scalability is
provided by mod_auth_dbm. HTTP Digest
Authentication is provided by
mod_auth_digest.
| Description: | Sets whether authorization and authentication are passed to lower level modules |
|---|---|
| Syntax: | AuthAuthoritative on|off |
| Default: | AuthAuthoritative on |
| Context: | directory, .htaccess |
| Override: | AuthConfig |
| Status: | Base |
| Module: | mod_auth |
Setting the AuthAuthoritative directive
explicitly to 'off' allows for both
authentication and authorization to be passed on to lower level
modules (as defined in the Configuration and
modules.c files) if there is no
userID or rule matching the supplied
userID. If there is a userID and/or rule specified; the usual
password and access checks will be applied and a failure will give
an Authorization Required reply.
So if a userID appears in the database of more than one module;
or if a valid Require
directive applies to more than one module; then the first module
will verify the credentials; and no access is passed on;
regardless of the AuthAuthoritative setting.
A common use for this is in conjunction with one of the
database modules; such as mod_auth_dbm,
mod_auth_msql, and mod_auth_anon.
These modules supply the bulk of the user credential checking; but
a few (administrator) related accesses fall through to a lower
level with a well protected AuthUserFile.
By default; control is not passed on; and an unknown userID or rule will result in an Authorization Required reply. Not setting it thus keeps the system secure; and forces an NCSA compliant behaviour.
AuthUserFile and the AuthGroupFile are stored outside the
document tree of the web-server; do not put them in the
directory that they protect. Otherwise, clients will be able to
download the AuthUserFile
and the AuthGroupFile.
| Description: | Sets the name of a text file containing the list of user groups for authentication |
|---|---|
| Syntax: | AuthGroupFile file-path |
| Context: | directory, .htaccess |
| Override: | AuthConfig |
| Status: | Base |
| Module: | mod_auth |
The AuthGroupFile directive sets the
name of a textual file containing the list of user groups for user
authentication. File-path is the path to the group
file. If it is not absolute (i.e., if it doesn't begin
with a slash), it is treated as relative to the ServerRoot.
Each line of the group file contains a groupname followed by a colon, followed by the member usernames separated by spaces. Example:
mygroup: bob joe anne
Note that searching large text files is very iHTTP/1.1 200 OK Date: Mon, 07 Jul 2025 08:50:35 GMT Server: Apache/2.0.42 (Win32) PHP/5.2.10 Content-Location: mod_auth.html.en Vary: negotiate,accept-language,accept-charset TCN: choice Accept-Ranges: bytes Content-Length: 12718 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: text/html; charset=ISO-8859-1 Content-Language: en
Apache HTTP Server Version 2.0
| Description: | User authentication using text files |
|---|---|
| Status: | Base |
| Module Identifier: | auth_module |
| Source File: | mod_auth.c |
This module allows the use of HTTP Basic Authentication to
restrict access by looking up users in plain text password and
group files. Similar functionality and greater scalability is
provided by mod_auth_dbm. HTTP Digest
Authentication is provided by
mod_auth_digest.