You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by pe...@apache.org on 2001/12/11 02:47:24 UTC
cvs commit: httpd-docs-1.3/htdocs/manual/howto auth.html
pepper 01/12/10 17:47:24
Modified: htdocs/manual/howto auth.html
Log:
Fixed a few typos.
Fixed some HTML tags (case, href/name/id)
Added a mention of multiple 'arguments' to allow/deny, and an example. This should probably be more explicit, but I'm not sure of the details (should we show with leading/trailing periods, and explain that IPs are assumed to be the left side, but hostnames are assumed to be the right side?).
Revision Changes Path
1.3 +39 -38 httpd-docs-1.3/htdocs/manual/howto/auth.html
Index: auth.html
===================================================================
RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/howto/auth.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- auth.html 2001/11/28 02:57:03 1.2
+++ auth.html 2001/12/11 01:47:24 1.3
@@ -10,7 +10,7 @@
vlink="#000080" alink="#FF0000">
<!--#include virtual="header.html" -->
-<h1 align="CENTER">Authentication, Authorization, and Access
+<h1 align="center">Authentication, Authorization, and Access
Control</h1>
<a name="TOC"></a>
@@ -191,7 +191,7 @@
stores it along with the authentication realm, so that if other
resources are requested from the same realm, the same username
and password can be returned to authenticate that request
- without requiring the user to type them in again. This cacheing
+ without requiring the user to type them in again. This caching
is usually just for the current browser session, but some
browsers allow you to store them permanently, so that you never
have to type in your password again.</p>
@@ -328,38 +328,38 @@
<table cellpadding="3">
<tr>
- <td align="LEFT">AuthType</td>
+ <td align="left">AuthType</td>
- <td align="LEFT" valign="TOP" width="360">Authentication
+ <td align="left" valign="top" width="360">Authentication
type being used. In this case, it will be set to
<tt>Basic</tt></td>
</tr>
<tr>
- <td align="LEFT">AuthName</td>
+ <td align="left">AuthName</td>
- <td align="LEFT" valign="TOP" width="360">The
+ <td align="left" valign="top" width="360">The
authentication realm or name</td>
</tr>
<tr>
- <td align="LEFT">AuthUserFile</td>
+ <td align="left">AuthUserFile</td>
- <td align="LEFT" valign="TOP" width="360">The location of
+ <td align="left" valign="top" width="360">The location of
the password file</td>
</tr>
<tr>
- <td align="LEFT">AuthGroupFile</td>
+ <td align="left">AuthGroupFile</td>
- <td align="LEFT" valign="TOP" width="360">The location of
+ <td align="left" valign="top" width="360">The location of
the group file, if any</td>
</tr>
<tr>
- <td align="LEFT">Require</td>
+ <td align="left">Require</td>
- <td align="LEFT" valign="TOP" width="360">The
+ <td align="left" valign="top" width="360">The
requirement(s) which must be satisfied in order to grant
admission</td>
</tr>
@@ -496,7 +496,7 @@
and password is ugly. It contains text that you did not
indicate that you wanted in there. It looks different in
Internet Explorer and Netscape, and contains different text.
- And it askes for fields that the user might not understand -
+ And it asks for fields that the user might not understand -
for example, Netscape asks the user to type in their ``User
ID'', and they might not know what that means. Or, you might
want to provide additional explanatory text so that the user
@@ -505,7 +505,7 @@
<p>Unfortunately, these things are features of the browser, and
cannot be controlled from the server side. If you want the
login to look different, then you will need to implement your
- own authenticatin scheme. There is no way to change what this
+ own authentication scheme. There is no way to change what this
login box looks like if you are using basic authentication.</p>
<h3><a name="persistpass"></a><br />
@@ -580,8 +580,8 @@
<p>Not only that, but remember that the username and password
are passed with every request, not just when the user first
types them in. So the packet sniffer need not be listening at a
- particularly strategic time, byt just be listening for long
- enough to see any request come across the wire.</p>
+ particularly strategic time, but just for long enough to see
+ any single request come across the wire.</p>
<p>And, in addition to that, the content itself is also going
across the network in the clear, and so if the web site
@@ -606,7 +606,7 @@
<h2><a name="digestworks">How digest auth works</a></h2>
- <p>Digest authentication is implemeted by the module
+ <p>Digest authentication is implemented by the module
<tt>mod_auth_digest</tt>. There is an older module,
<tt>mod_digest</tt>, which implemented an older version of the
digest authentication specification, but which will probably
@@ -642,9 +642,9 @@
<p>As with basic authentication, a simple utility is provided
to create and maintain the password file which will be used to
- detmine whether a particular user's name and password are
+ determine whether a particular user's name and password are
valid. This utility is called <tt>htdigest</tt>, and will be
- located in the <tt>bin</tt> diretory of wherever you installed
+ located in the <tt>bin</tt> directory of wherever you installed
Apache. If you installed Apache from some variety of package
manager, <tt>htdigest</tt> is likely to have been placed
somewhere in your path.</p>
@@ -675,44 +675,44 @@
<p>Once you have created a password file, you need to tell
Apache about it in order to start using it as a source of
- authenticated user inormation. This configuration is done with
+ authenticated user information. This configuration is done with
the following directives:</p>
<table cellpadding="3">
<tr>
- <td align="LEFT">AuthType</td>
+ <td align="left">AuthType</td>
- <td align="LEFT" valign="TOP" width="360">Authentication
+ <td align="left" valign="top" width="360">Authentication
type being used. In this case, it will be set to
<tt>Digest</tt></td>
</tr>
<tr>
- <td align="LEFT">AuthName</td>
+ <td align="left">AuthName</td>
- <td align="LEFT" valign="TOP" width="360">The
+ <td align="left" valign="top" width="360">The
authentication realm or name</td>
</tr>
<tr>
- <td align="LEFT">AuthDigestFile</td>
+ <td align="left">AuthDigestFile</td>
- <td align="LEFT" valign="TOP" width="360">The location of
+ <td align="left" valign="top" width="360">The location of
the password file</td>
</tr>
<tr>
- <td align="LEFT">AuthDigestGroupFile</td>
+ <td align="left">AuthDigestGroupFile</td>
- <td align="LEFT" valign="TOP" width="360">Location of the
+ <td align="left" valign="top" width="360">Location of the
group file, if any</td>
</tr>
<tr>
- <td align="LEFT">Require</td>
+ <td align="left">Require</td>
- <td align="LEFT" valign="TOP" width="360">The
- requirement(s) which must be satisfied in order ot grant
+ <td align="left" valign="top" width="360">The
+ requirement(s) which must be satisfied in order to grant
admission</td>
</tr>
</table>
@@ -856,7 +856,7 @@
BSDs, and Linux, they are exactly the same thing. You should
pick whichever of the two modules makes the most sense on your
particular platform of choice. If you do not have DB support on
- your platforn, you may need to install it. You download an
+ your platform, you may need to install it. You download an
implementation of DB at <tt>http://www.sleepycat.com/</tt>. <a
id="11415" name="11415"></a></p>
@@ -982,7 +982,7 @@
<p>Passwords are stored in Unix <tt>crypt</tt> format, just as
they were in the "regular" password files. The 'salt' that is
- created in the middle there is part of the process, cenerating
+ created in the middle there is part of the process, generating
a random starting point for that encryption. The technique
being used is called a 'tied hash'. The idea is to tie a
built-in data structure to the contents of the file, such that
@@ -1078,7 +1078,8 @@
<p>where <i>address</i> is an IP address (or a partial IP
address) or a fully qualified domain name (or a partial domain
- name).</p>
+ name); you may provide multiple addresses or domain names, if
+ desired.</p>
<p>For example, if you have someone spamming your message
board, and you want to keep them out, you could do the
@@ -1099,7 +1100,7 @@
you can specify just part of an address or domain name:</p>
<pre>
deny from 192.101.205
-deny from cyberthugs.com
+deny from cyberthugs.com moreidiots.com
deny from ke
</pre>
@@ -1148,14 +1149,14 @@
</Directory>
</pre>
- <p>In this scenario, users will be let in ir they either have a
+ <p>In this scenario, users will be let in if they either have a
password, or if they are in the internal network.</p>
<h1><a name="summary">Summary</a></h1>
<p>The various authentication modules provide a number of ways
to restrict access to your host based on the identity of the
- user. They offere a somewhat standard interface to this
+ user. They offer a somewhat standard interface to this
functionality, but provide different back-end mechanisms for
actually authenticating the user.</p>
@@ -1174,7 +1175,7 @@
<dd>There are actually a number of implementations that get
around this limitation. MLDBM is one of them, for example.
However, for the purposes of this discussion, we'll just deal
- with standard Berkeley DB, which is likeley to have shipped
+ with standard Berkeley DB, which is likely to have shipped
with whatever operating system you are already running.</dd>
<dt><a name="foot2">... file</a><a