You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by tr...@apache.org on 2009/09/11 17:15:57 UTC
svn commit: r813873 - /httpd/mod_fcgid/trunk/docs/manual/mod/mod_fcgid.xml
Author: trawick
Date: Fri Sep 11 15:15:56 2009
New Revision: 813873
URL: http://svn.apache.org/viewvc?rev=813873&view=rev
Log:
add initial documentation for FastCgi{AccessChecker|Authenticator|Authorizer}
note the current limitation, which is based on mapping any AAA
application(s) onto the devno/inode of the request URI
Modified:
httpd/mod_fcgid/trunk/docs/manual/mod/mod_fcgid.xml
Modified: httpd/mod_fcgid/trunk/docs/manual/mod/mod_fcgid.xml
URL: http://svn.apache.org/viewvc/httpd/mod_fcgid/trunk/docs/manual/mod/mod_fcgid.xml?rev=813873&r1=813872&r2=813873&view=diff
==============================================================================
--- httpd/mod_fcgid/trunk/docs/manual/mod/mod_fcgid.xml (original)
+++ httpd/mod_fcgid/trunk/docs/manual/mod/mod_fcgid.xml Fri Sep 11 15:15:56 2009
@@ -138,13 +138,34 @@
<directivesynopsis>
<name>FastCgiAccessChecker</name>
- <description>a absolute access checker file path</description>
+ <description>full path to FastCGI access checker</description>
<syntax>FastCgiAccessChecker <em>command</em></syntax>
<default><em>none</em></default>
<contextlist><context>directory</context> <context>.htaccess</context></contextlist>
<override>FileInfo</override>
<usage>
- <p>TODO</p>
+ <p>Access checking or, more formally, access control, is a procedure
+ which verifies that the client is allowed to access a resource, using
+ some mechanism other than authentication and authorization.</p>
+
+ <p>Key environment variables passed to the application for access
+ checking are:</p>
+
+ <dl>
+ <dt><code>FCGI_APACHE_ROLE</code></dt>
+ <dd>set to <code>ACCESS_CHECKER</code>; by checking the current role,
+ the same FastCGI application can handle multiple stages of request
+ processing</dd>
+ </dl>
+
+ <p>The application must output a <code>Status</code> line to indicate
+ the result of authentication.</p>
+
+ <note type="warning"><title>Warning</title>
+ <p>Currently, only one FastCGI application of any type (AAA or handler)
+ can be used for a particular request URI. Otherwise, the wrong FastCGI
+ application may be invoked for one or more phases of request processing.</p>
+ </note>
</usage>
</directivesynopsis>
@@ -162,13 +183,41 @@
<directivesynopsis>
<name>FastCgiAuthenticator</name>
- <description>a absolute authenticator file path</description>
+ <description>full path to FastCGI authenticator</description>
<syntax>FastCgiAuthenticator <em>command</em></syntax>
<default><em>none</em></default>
<contextlist><context>directory</context> <context>.htaccess</context></contextlist>
<override>FileInfo</override>
<usage>
- <p>TODO</p>
+ <p>Authentication is the procedure which verifies that the user is
+ who they claim they are. This directive specifies the full path to
+ a FastCGI application which will handle authentication for a particular
+ context, such as a directory.</p>
+
+ <p>Key environment variables passed to the application on authentication
+ are:</p>
+
+ <dl>
+ <dt><code>REMOTE_USER</code></dt>
+ <dd>set to the user id of the client</dd>
+
+ <dt><code>REMOTE_PASSWD</code></dt>
+ <dd>set to the plain text password provided by the client</dd>
+
+ <dt><code>FCGI_APACHE_ROLE</code></dt>
+ <dd>set to <code>AUTHENTICATOR</code>; by checking the current role,
+ the same FastCGI application can handle multiple stages of request
+ processing</dd>
+ </dl>
+
+ <p>The application must output a <code>Status</code> line to indicate
+ the result of authentication.</p>
+
+ <note type="warning"><title>Warning</title>
+ <p>Currently, only one FastCGI application of any type (AAA or handler)
+ can be used for a particular request URI. Otherwise, the wrong FastCGI
+ application may be invoked for one or more phases of request processing.</p>
+ </note>
</usage>
</directivesynopsis>
@@ -186,13 +235,39 @@
<directivesynopsis>
<name>FastCgiAuthorizer</name>
- <description>a absolute authorizer file path</description>
+ <description>full path to FastCGI authorizer</description>
<syntax>FastCgiAuthorizer <em>command</em></syntax>
<default><em>none</em></default>
<contextlist><context>directory</context> <context>.htaccess</context></contextlist>
<override>FileInfo</override>
<usage>
- <p>TODO</p>
+ <p>Authorization is the procedure which verifies that the user is
+ allowed to access a particular resource. This directive specifies
+ the full path to a FastCGI application which will handle authorization
+ for a particular context, such as a directory.</p>
+
+ <p>Key environment variables passed to the application on authorization
+ are:</p>
+
+ <dl>
+ <dt><code>REMOTE_USER</code></dt>
+ <dd>set to the user id of the client, which has already been
+ authenticated</dd>
+
+ <dt><code>FCGI_APACHE_ROLE</code></dt>
+ <dd>set to <code>AUTHORIZER</code>; by checking the current role, the
+ same FastCGI application can handle multiple stages of request
+ processing</dd>
+ </dl>
+
+ <p>The application must output a <code>Status</code> line to indicate
+ the result of authorization.</p>
+
+ <note type="warning"><title>Warning</title>
+ <p>Currently, only one FastCGI application of any type (AAA or handler)
+ can be used for a particular request URI. Otherwise, the wrong FastCGI
+ application may be invoked for one or more phases of request processing.</p>
+ </note>
</usage>
</directivesynopsis>