Authentication Directives and Password Considerations - From Apache: The Definitive Guide (2/7) | WebReference

Authentication Directives and Password Considerations - From Apache: The Definitive Guide (2/7)

To page 1current pageTo page 3To page 4To page 5To page 6To page 7
[previous] [next]

Apache: The Definitive Guide, Chapter 5: Authentication

Authentication Directives

From Apache v1.3 on, filenames are relative to theserver rootunless they are absolute. A filename is taken as absolute if it starts with / or, on Win32, if it starts with drive :/. It seems sensible for us to write them in absolute form to prevent misunderstandings. The directives are as follows:

AuthType

AuthType type
directory, .htaccess

AuthType specifies the type of authorization control. Basic was originally the only possible type, but Apache 1.1 introduced Digest, which uses an MD5 digest and a shared secret.

If the directive AuthType is used, we must also use AuthName, AuthGroupFile, and AuthUserFile.

AuthName

AuthName auth-realm
directory, .htaccess

AuthName gives the name of the realm in which the users' names and passwords are valid. If the name of the realm includes spaces, you will need to surround it with quotation marks:

AuthName "sales people"
AuthGroupFile

AuthGroupFile filename
directory, .htaccess

AuthGroupFile has nothing to do with the Group webgroup directive at the top of the Config file. It gives the name of another file that contains group names and their members:

cleaners: daphne sonia
directors: bill ben

We put this into ... /ok_users/groups and set AuthGroupFile to match. The AuthGroupFile directive has no effect unless the require directive is suitably set.


To page 1current pageTo page 3To page 4To page 5To page 6To page 7
[previous] [next]

Created: February 18, 2003
Revised: February 18, 2003

URL: http://webreference.com/internet/apache/chap5/1/2.html