Apache HTTP Server Version 2.2
This document refers to the 2.2 version of Apache httpd, which is no longer maintained. The active release is documented here. If you have not already upgraded, please follow this link for more information.
You may follow this link to go to the current version of this document.
Description: | Basic authentication |
---|---|
Status: | Base |
Module Identifier: | auth_basic_module |
Source File: | mod_auth_basic.c |
Compatibility: | Available in Apache 2.1 and later |
This module allows the use of HTTP Basic Authentication to
restrict access by looking up users in the given providers.
HTTP Digest Authentication is provided by
mod_auth_digest
. This module should
usually be combined with at least one authentication module
such as mod_authn_file
and one authorization
module such as mod_authz_user
.
Description: | Sets whether authorization and authentication are passed to lower level modules |
---|---|
Syntax: | AuthBasicAuthoritative On|Off |
Default: | AuthBasicAuthoritative On |
Context: | directory, .htaccess |
Override: | AuthConfig |
Status: | Base |
Module: | mod_auth_basic |
Normally, each authorization module listed in AuthBasicProvider
will attempt
to verify the user, and if the user is not found in any provider,
access will be denied. Setting the
AuthBasicAuthoritative
directive explicitly
to Off
allows for both authentication and
authorization to be passed on to other non-provider-based modules
if there is no userID or rule
matching the supplied userID. This should only be necessary when
combining mod_auth_basic
with third-party modules
that are not configured with the AuthBasicProvider
directive. When using such modules, the order of processing
is determined in the modules' source code and is not configurable.
Description: | Sets the authentication provider(s) for this location |
---|---|
Syntax: | AuthBasicProvider provider-name
[provider-name] ... |
Default: | AuthBasicProvider file |
Context: | directory, .htaccess |
Override: | AuthConfig |
Status: | Base |
Module: | mod_auth_basic |
The AuthBasicProvider
directive sets
which provider is used to authenticate the users for this location.
The default file
provider is implemented
by the mod_authn_file
module. Make sure
that the chosen provider module is present in the server.
<Location /secure>
AuthType basic
AuthName "private area"
AuthBasicProvider dbm
AuthDBMType SDBM
AuthDBMUserFile /www/etc/dbmpasswd
Require valid-user
</Location>
Providers are queried in order until a provider finds a match for the requested username, at which point this sole provider will attempt to check the password. A failure to verify the password does not result in control being passed on to subsequent providers.
Providers are implemented by mod_authn_dbm
,
mod_authn_file
, mod_authn_dbd
,
and mod_authnz_ldap
.