summaryrefslogtreecommitdiffstats
path: root/docs/manual/mod/mod_authn_file.xml
blob: dc7a8f470d4f8dcc0bccffb6fedc4b66bcf88e9f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
<!-- $LastChangedRevision$ -->

<!--
 Copyright 2002-2004 The Apache Software Foundation

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at

     http://www.apache.org/licenses/LICENSE-2.0

 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
-->

<modulesynopsis metafile="mod_authn_file.xml.meta">

<name>mod_authn_file</name>
<description>User authentication using text files</description>
<status>Base</status>
<sourcefile>mod_authn_file.c</sourcefile>
<identifier>authn_file_module</identifier>
<compatibility>Available in Apache 2.1 and later</compatibility>

<summary>
    <p>This module provides authentication front-ends such as
    <module>mod_auth_digest</module> and <module>mod_auth_basic</module>
    to authenticate users by looking up users in plain text password files.
    Similar functionality is provided by <module>mod_authn_dbm</module>.</p>

    <p>When using <module>mod_auth_basic</module> or
    <module>mod_auth_digest</module>, this module is invoked via the
    <directive module="mod_auth_basic">AuthBasicProvider</directive> or
    <directive module="mod_auth_digest">AuthDigestProvider</directive>
    with the <code>file</code> value.</p>
</summary>
<seealso>
  <directive module="mod_auth_basic">AuthBasicProvider</directive>
</seealso>
<seealso>
  <directive module="mod_auth_digest">AuthDigestProvider</directive>
</seealso>
<seealso><a href="../programs/htpasswd.html">htpasswd</a></seealso>
<seealso><a href="../programs/htdigest.html">htdigest</a></seealso>
 
<directivesynopsis>
<name>AuthUserFile</name>
<description>Sets the name of a text file containing the list of users and
passwords for authentication</description>
<syntax>AuthUserFile <var>file-path</var></syntax>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>

<usage>
    <p>The <directive>AuthUserFile</directive> directive sets the name
    of a textual file containing the list of users and passwords for
    user authentication. <var>File-path</var> is the path to the user
    file. If it is not absolute, it is treated as relative to the
    <directive module="core">ServerRoot</directive>.</p>

    <p>Each line of the user file contains a username followed by
    a colon, followed by the encrypted password. If the same user
    ID is defined multiple times, <module>mod_authn_file</module> will
    use the first occurrence to verify the password.</p>

    <p>The utility <a href="../programs/htpasswd.html">htpasswd</a>
    which is installed as part of the binary distribution, or which
    can be found in <code>src/support</code>, is used to maintain
    the password file for <em>HTTP Basic Authentication</em>. See the
    <a href="../programs/htpasswd.html">man page</a> for more details.
    In short:</p>

    <p>Create a password file <code>Filename</code> with
    <code>username</code> as the initial ID. It will prompt for
    the password:</p>

    <example>
      htpasswd -c Filename username
    </example>

    <p>Add or modify <code>username2</code> in the password file
    <code>Filename</code>:</p>

    <example>
      htpasswd Filename username2
    </example>

    <p>Note that searching large text files is <em>very</em>
    inefficient; <directive
    module="mod_authn_dbm">AuthDBMUserFile</directive> should be used
    instead.</p>

    <p>If you are using <em>HTTP Digest Authentication</em>, the <a
    href="../programs/htpasswd.html">htpasswd</a> tool is not sufficient.
    You have to use <a href="../programs/htdigest.html">htdigest</a>
    instead. Note that you cannot mix user data for Digest Authentication
    and Basic Authentication within the same file.</p>

    <note type="warning"><title>Security</title>
      <p>Make sure that the <directive>AuthUserFile</directive> is
      stored outside the document tree of the web-server. Do
      <strong>not</strong> put it in the directory that it protects.
      Otherwise, clients may be able to download the
      <directive>AuthUserFile</directive>.</p>
    </note>
</usage>
</directivesynopsis>

</modulesynopsis>