Apache HTTP Server Version 2.0
Apache HTTP Server Version 2.0
| Description: | Basic authentication |
|---|---|
| Status: | Base |
| Module Identifier: | auth_basic_module |
| Source File: | mod_auth_basic.c |
| Compatibility: | Available in Apache 2.0.44 and later |
This module allows the use of HTTP Basic Authentication to
restrict access by looking up users in the given providers.
HTTP Digest Authentication is provided by
mod_auth_digest.
| Description: | Sets whether authorization and authentication are passed to lower level modules |
|---|---|
| Syntax: | AuthBasicAuthoritative on|off |
| Default: | AuthBasicAuthoritative on |
| Context: | directory, .htaccess |
| Override: | AuthConfig |
| Status: | Base |
| Module: | mod_auth_basic |
Setting the AuthBasicAuthoritative directive
explicitly to 'off' allows for both
authentication and authorization to be passed on to lower level
modules (as defined in the Configuration and
modules.c files) if there is no
userID or rule matching the supplied
userID. If there is a userID and/or rule specified; the usual
password and access checks will be applied and a failure will give
an Authorization Required reply.
So if a userID appears in the database of more than one module;
or if a valid Require
directive applies to more than one module; then the first module
will verify the credentials; and no access is passed on;
regardless of the AuthAuthoritative setting.
By default; control is not passed on; and an unknown userID or rule will result in an Authorization Required reply. Not setting it thus keeps the system secure; and forces an NCSA compliant behaviour.
| Description: | Sets the authentication provider(s) for this location |
|---|---|
| Syntax: | AuthBasicProvider provider-name |
| Context: | directory, .htaccess |
| Override: | AuthConfig |
| Status: | Base |
| Module: | mod_auth_basic |
The AuthBasicProvider directive sets
which provider is used to authenticate the users for this location.
See mod_authn_dbm, mod_authn_file
for providers.
