|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head>
|
|
Packit |
90a5c9 |
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
|
Packit |
90a5c9 |
This file is generated from xml source: DO NOT EDIT
|
|
Packit |
90a5c9 |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
|
Packit |
90a5c9 |
-->
|
|
Packit |
90a5c9 |
<title>mod_authn_core - Apache HTTP Server Version 2.4</title>
|
|
Packit |
90a5c9 |
<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
|
|
Packit |
90a5c9 |
<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
|
|
Packit |
90a5c9 |
<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
|
|
Packit |
90a5c9 |
<script src="../style/scripts/prettify.min.js" type="text/javascript">
|
|
Packit |
90a5c9 |
</script>
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
<link href="../images/favicon.ico" rel="shortcut icon" /></head>
|
|
Packit |
90a5c9 |
<body>
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Modules | Directives | FAQ | Glossary | Sitemap
|
|
Packit |
90a5c9 |
Apache HTTP Server Version 2.4
|
|
Packit |
90a5c9 |
![](../images/feather.png)
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Apache > HTTP Server > Documentation > Version 2.4 > Modules
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Apache Module mod_authn_core
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Available Languages: en |
|
|
Packit |
90a5c9 |
fr
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Status:Base
|
|
Packit |
90a5c9 |
Module Identifier:authn_core_module
|
|
Packit |
90a5c9 |
Source File:mod_authn_core.c
|
|
Packit |
90a5c9 |
Compatibility:Available in Apache 2.3 and later
|
|
Packit |
90a5c9 |
Summary
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
This module provides core authentication capabilities to
|
|
Packit |
90a5c9 |
allow or deny access to portions of the web site.
|
|
Packit |
90a5c9 |
mod_authn_core provides directives that are
|
|
Packit |
90a5c9 |
common to all authentication providers.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
![Support Apache!]() Topics
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Creating Authentication Provider Aliases
|
|
Packit |
90a5c9 |
Directives
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
AuthName
|
|
Packit |
90a5c9 |
<AuthnProviderAlias>
|
|
Packit |
90a5c9 |
AuthType
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Bugfix checklistSee also
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Comments
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Extended authentication providers can be created
|
|
Packit |
90a5c9 |
within the configuration file and assigned an alias name. The alias
|
|
Packit |
90a5c9 |
providers can then be referenced through the directives
|
|
Packit |
90a5c9 |
AuthBasicProvider or
|
|
Packit |
90a5c9 |
AuthDigestProvider in
|
|
Packit |
90a5c9 |
the same way as a base authentication provider. Besides the ability
|
|
Packit |
90a5c9 |
to create and alias an extended provider, it also allows the same
|
|
Packit |
90a5c9 |
extended authentication provider to be reference by multiple
|
|
Packit |
90a5c9 |
locations.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
This example checks for passwords in two different text
|
|
Packit |
90a5c9 |
files.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Checking multiple text password files# Check here first
|
|
Packit |
90a5c9 |
<AuthnProviderAlias file file1>
|
|
Packit |
90a5c9 |
AuthUserFile "/www/conf/passwords1"
|
|
Packit |
90a5c9 |
</AuthnProviderAlias>
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
# Then check here
|
|
Packit |
90a5c9 |
<AuthnProviderAlias file file2>
|
|
Packit |
90a5c9 |
AuthUserFile "/www/conf/passwords2"
|
|
Packit |
90a5c9 |
</AuthnProviderAlias>
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
<Directory "/var/web/pages/secure">
|
|
Packit |
90a5c9 |
AuthBasicProvider file1 file2
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
AuthType Basic
|
|
Packit |
90a5c9 |
AuthName "Protected Area"
|
|
Packit |
90a5c9 |
Require valid-user
|
|
Packit |
90a5c9 |
</Directory>
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
The example below creates two different ldap authentication
|
|
Packit |
90a5c9 |
provider aliases based on the ldap provider. This allows
|
|
Packit |
90a5c9 |
a single authenticated location to be serviced by multiple ldap
|
|
Packit |
90a5c9 |
hosts:
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Checking multiple LDAP servers<AuthnProviderAlias ldap ldap-alias1>
|
|
Packit |
90a5c9 |
AuthLDAPBindDN cn=youruser,o=ctx
|
|
Packit |
90a5c9 |
AuthLDAPBindPassword yourpassword
|
|
Packit |
90a5c9 |
AuthLDAPURL ldap://ldap.host/o=ctx
|
|
Packit |
90a5c9 |
</AuthnProviderAlias>
|
|
Packit |
90a5c9 |
<AuthnProviderAlias ldap ldap-other-alias>
|
|
Packit |
90a5c9 |
AuthLDAPBindDN cn=yourotheruser,o=dev
|
|
Packit |
90a5c9 |
AuthLDAPBindPassword yourotherpassword
|
|
Packit |
90a5c9 |
AuthLDAPURL ldap://other.ldap.host/o=dev?cn
|
|
Packit |
90a5c9 |
</AuthnProviderAlias>
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Alias "/secure" "/webpages/secure"
|
|
Packit |
90a5c9 |
<Directory "/webpages/secure">
|
|
Packit |
90a5c9 |
AuthBasicProvider ldap-other-alias ldap-alias1
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
AuthType Basic
|
|
Packit |
90a5c9 |
AuthName "LDAP Protected Place"
|
|
Packit |
90a5c9 |
Require valid-user
|
|
Packit |
90a5c9 |
# Note that Require ldap-* would not work here, since the
|
|
Packit |
90a5c9 |
# AuthnProviderAlias does not provide the config to authorization providers
|
|
Packit |
90a5c9 |
# that are implemented in the same module as the authentication provider.
|
|
Packit |
90a5c9 |
</Directory>
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Description:Authorization realm for use in HTTP
|
|
Packit |
90a5c9 |
authentication
|
|
Packit |
90a5c9 |
Syntax:AuthName auth-domain
|
|
Packit |
90a5c9 |
Context:directory, .htaccess
|
|
Packit |
90a5c9 |
Override:AuthConfig
|
|
Packit |
90a5c9 |
Status:Base
|
|
Packit |
90a5c9 |
Module:mod_authn_core
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
This directive sets the name of the authorization realm for a
|
|
Packit |
90a5c9 |
directory. This realm is given to the client so that the user
|
|
Packit |
90a5c9 |
knows which username and password to send.
|
|
Packit |
90a5c9 |
AuthName takes a single argument; if the
|
|
Packit |
90a5c9 |
realm name contains spaces, it must be enclosed in quotation
|
|
Packit |
90a5c9 |
marks. It must be accompanied by AuthType and Require directives, and directives such
|
|
Packit |
90a5c9 |
as AuthUserFile and
|
|
Packit |
90a5c9 |
AuthGroupFile to
|
|
Packit |
90a5c9 |
work.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
For example:
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
AuthName "Top Secret"
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
The string provided for the AuthName is what will
|
|
Packit |
90a5c9 |
appear in the password dialog provided by most browsers.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
See also
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Authentication, Authorization, and
|
|
Packit |
90a5c9 |
Access Control
|
|
Packit |
90a5c9 |
mod_authz_core
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Description:Enclose a group of directives that represent an
|
|
Packit |
90a5c9 |
extension of a base authentication provider and referenced by
|
|
Packit |
90a5c9 |
the specified alias
|
|
Packit |
90a5c9 |
Syntax:<AuthnProviderAlias baseProvider Alias>
|
|
Packit |
90a5c9 |
... </AuthnProviderAlias>
|
|
Packit |
90a5c9 |
Context:server config
|
|
Packit |
90a5c9 |
Status:Base
|
|
Packit |
90a5c9 |
Module:mod_authn_core
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
<AuthnProviderAlias> and
|
|
Packit |
90a5c9 |
</AuthnProviderAlias> are used to enclose a group of
|
|
Packit |
90a5c9 |
authentication directives that can be referenced by the alias name
|
|
Packit |
90a5c9 |
using one of the directives
|
|
Packit |
90a5c9 |
AuthBasicProvider or
|
|
Packit |
90a5c9 |
AuthDigestProvider.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
This directive has no affect on authorization, even for modules that
|
|
Packit |
90a5c9 |
provide both authentication and authorization.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Description:Type of user authentication
|
|
Packit |
90a5c9 |
Syntax:AuthType None|Basic|Digest|Form
|
|
Packit |
90a5c9 |
Context:directory, .htaccess
|
|
Packit |
90a5c9 |
Override:AuthConfig
|
|
Packit |
90a5c9 |
Status:Base
|
|
Packit |
90a5c9 |
Module:mod_authn_core
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
This directive selects the type of user authentication for a
|
|
Packit |
90a5c9 |
directory. The authentication types available are None ,
|
|
Packit |
90a5c9 |
Basic (implemented by
|
|
Packit |
90a5c9 |
mod_auth_basic ), Digest
|
|
Packit |
90a5c9 |
(implemented by mod_auth_digest ), and
|
|
Packit |
90a5c9 |
Form (implemented by mod_auth_form ).
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
To implement authentication, you must also use the AuthName and Require directives. In addition, the
|
|
Packit |
90a5c9 |
server must have an authentication-provider module such as
|
|
Packit |
90a5c9 |
mod_authn_file and an authorization module such
|
|
Packit |
90a5c9 |
as mod_authz_user .
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
The authentication type None disables authentication.
|
|
Packit |
90a5c9 |
When authentication is enabled, it is normally inherited by each
|
|
Packit |
90a5c9 |
subsequent configuration section,
|
|
Packit |
90a5c9 |
unless a different authentication type is specified. If no
|
|
Packit |
90a5c9 |
authentication is desired for a subsection of an authenticated
|
|
Packit |
90a5c9 |
section, the authentication type None may be used;
|
|
Packit |
90a5c9 |
in the following example, clients may access the
|
|
Packit |
90a5c9 |
/www/docs/public directory without authenticating:
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
<Directory "/www/docs">
|
|
Packit |
90a5c9 |
AuthType Basic
|
|
Packit |
90a5c9 |
AuthName Documents
|
|
Packit |
90a5c9 |
AuthBasicProvider file
|
|
Packit |
90a5c9 |
AuthUserFile "/usr/local/apache/passwd/passwords"
|
|
Packit |
90a5c9 |
Require valid-user
|
|
Packit |
90a5c9 |
</Directory>
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
<Directory "/www/docs/public">
|
|
Packit |
90a5c9 |
AuthType None
|
|
Packit |
90a5c9 |
Require all granted
|
|
Packit |
90a5c9 |
</Directory>
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
When disabling authentication, note that clients which have
|
|
Packit |
90a5c9 |
already authenticated against another portion of the server's document
|
|
Packit |
90a5c9 |
tree will typically continue to send authentication HTTP headers
|
|
Packit |
90a5c9 |
or cookies with each request, regardless of whether the server
|
|
Packit |
90a5c9 |
actually requires authentication for every resource.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
See also
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Authentication, Authorization,
|
|
Packit |
90a5c9 |
and Access Control
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Available Languages: en |
|
|
Packit |
90a5c9 |
fr
|
|
Packit |
90a5c9 |
Notice:This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our mailing lists.
|
|
Packit |
90a5c9 |
<script type="text/javascript">
|
|
Packit |
90a5c9 |
var comments_shortname = 'httpd';
|
|
Packit |
90a5c9 |
var comments_identifier = 'http://httpd.apache.org/docs/2.4/mod/mod_authn_core.html';
|
|
Packit |
90a5c9 |
(function(w, d) {
|
|
Packit |
90a5c9 |
if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
|
|
Packit |
90a5c9 |
d.write('
|
|
Packit |
90a5c9 |
var s = d.createElement('script');
|
|
Packit |
90a5c9 |
s.type = 'text/javascript';
|
|
Packit |
90a5c9 |
s.async = true;
|
|
Packit |
90a5c9 |
s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
|
|
Packit |
90a5c9 |
(d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else {
|
|
Packit |
90a5c9 |
d.write('
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
})(window, document);
|
|
Packit |
90a5c9 |
//--></script>
|
|
Packit |
90a5c9 |
Copyright 2018 The Apache Software Foundation. Licensed under the Apache License, Version 2.0.
|
|
Packit |
90a5c9 |
Modules | Directives | FAQ | Glossary | Sitemap <script type="text/javascript">
|
|
Packit |
90a5c9 |
if (typeof(prettyPrint) !== 'undefined') {
|
|
Packit |
90a5c9 |
prettyPrint();
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
//--></script>
|
|
Packit |
90a5c9 |
</body></html>
|