You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by bn...@apache.org on 2006/01/06 17:15:22 UTC
svn commit: r366519 - in /httpd/httpd/branches/authz-dev/docs/manual/mod:
mod_authn_alias.xml mod_authnz_ldap.xml mod_authz_dbd.xml mod_authz_dbm.xml
mod_authz_groupfile.xml mod_authz_owner.xml mod_authz_user.xml mod_ldap.xml
Author: bnicholes
Date: Fri Jan 6 08:15:13 2006
New Revision: 366519
URL: http://svn.apache.org/viewcvs?rev=366519&view=rev
Log:
Remove the references to all of the AuthzXXXAuthoritative directives in the documentation since these directives no longer exist
Modified:
httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authn_alias.xml
httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authnz_ldap.xml
httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_dbd.xml
httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_dbm.xml
httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_groupfile.xml
httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_owner.xml
httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_user.xml
httpd/httpd/branches/authz-dev/docs/manual/mod/mod_ldap.xml
Modified: httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authn_alias.xml
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authn_alias.xml?rev=366519&r1=366518&r2=366519&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authn_alias.xml (original)
+++ httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authn_alias.xml Fri Jan 6 08:15:13 2006
@@ -76,7 +76,6 @@
AuthType Basic<br />
AuthName LDAP_Protected_Place<br />
- AuthzLDAPAuthoritative off<br />
require valid-user<br />
</indent>
</Directory><br />
Modified: httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authnz_ldap.xml
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authnz_ldap.xml?rev=366519&r1=366518&r2=366519&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authnz_ldap.xml (original)
+++ httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authnz_ldap.xml Fri Jan 6 08:15:13 2006
@@ -301,9 +301,7 @@
<p>If this directive exists, <module>mod_authnz_ldap</module> grants
access to any user that has successfully authenticated during the
search/bind phase. Requires that <module>mod_authz_user</module> be
- loaded and that the
- <directive module="mod_authnz_ldap">AuthzLDAPAuthoritative</directive>
- directive be set to off.</p>
+ loaded.</p>
</section>
<section id="requser"><title>require ldap-user</title>
@@ -573,17 +571,10 @@
that gets created in the web</p>
<example><pre>
AuthLDAPURL "the url"
-AuthzLDAPAuthoritative off
AuthGroupFile <em>mygroupfile</em>
require group <em>mygroupfile</em>
</pre></example>
- <p><directive module="mod_authnz_ldap">AuthzLDAPAuthoritative</directive>
- must be off to allow <module>mod_authnz_ldap</module> to decline group
- authentication so that Apache will fall back to file
- authentication for checking group membership. This allows the
- FrontPage-managed group file to be used.</p>
-
<section id="howitworks"><title>How It Works</title>
<p>FrontPage restricts access to a web by adding the <code>require
@@ -642,25 +633,6 @@
</ul>
</section>
</section>
-
-<directivesynopsis>
-<name>AuthzLDAPAuthoritative</name>
-<description>Prevent other authentication modules from
-authenticating the user if this one fails</description>
-<syntax>AuthzLDAPAuthoritative on|off</syntax>
-<default>AuthzLDAPAuthoritative on</default>
-<contextlist><context>directory</context><context>.htaccess</context>
-</contextlist>
-<override>AuthConfig</override>
-
-<usage>
- <p>Set to <code>off</code> if this module should let other
- authentication modules attempt to authenticate the user, should
- authentication with this module fail. Control is only passed on
- to lower modules if there is no DN or rule that matches the
- supplied user name (as passed by the client).</p>
-</usage>
-</directivesynopsis>
<directivesynopsis>
<name>AuthLDAPBindDN</name>
Modified: httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_dbd.xml
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_dbd.xml?rev=366519&r1=366518&r2=366519&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_dbd.xml (original)
+++ httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_dbd.xml Fri Jan 6 08:15:13 2006
@@ -182,40 +182,4 @@
</usage>
</directivesynopsis>
-<directivesynopsis>
-<name>AuthzDBDAuthoritative</name>
-<description>Sets whether authorization will be passed on to lower level
-modules</description>
-<syntax>AuthzDBDAuthoritative On|Off</syntax>
-<default>AuthzDBDAuthoritative On</default>
-<contextlist><context>directory</context></contextlist>
-
-<usage>
- <p>Setting the <directive>AuthzDBDAuthoritative</directive>
- directive explicitly to <code>Off</code> allows group authorization
- to be handled by another authz module if the userID is not
- in any authorized dbd-group. If there are any groups
- specified, the usual checks will be applied and a failure will
- give an Authentication Required reply.</p>
-
- <p>So if a userID appears in the database of more than one module;
- or if a valid <directive module="core">Require</directive>
- directive applies to more than one module; then the first module
- will verify the credentials; and no access is passed on;
- regardless of the <directive>AuthAuthoritative</directive> setting.</p>
-
- <p>A common use for this is in conjunction with one of the
- auth providers; such or
- <module>mod_authn_file</module>. Whereas this DBD module supplies
- the bulk of the user credential checking; a few (administrator) related
- accesses fall through to a lower level with a well protected
- <code>.htpasswd</code> file.</p>
-
- <p>By default, control is not passed on and an unknown group
- will result in an Authentication Required reply. Not
- setting it thus keeps the system secure and forces an NCSA
- compliant behaviour.</p>
-</usage>
-</directivesynopsis>
-
</modulesynopsis>
Modified: httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_dbm.xml
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_dbm.xml?rev=366519&r1=366518&r2=366519&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_dbm.xml (original)
+++ httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_dbm.xml Fri Jan 6 08:15:13 2006
@@ -119,51 +119,4 @@
</usage>
</directivesynopsis>
-<directivesynopsis>
-<name>AuthzDBMAuthoritative</name>
-<description>Sets whether authorization will be passed on to lower level
-modules</description>
-<syntax>AuthzDBMAuthoritative On|Off</syntax>
-<default>AuthzDBMAuthoritative On</default>
-<contextlist><context>directory</context><context>.htaccess</context>
-</contextlist>
-<override>AuthConfig</override>
-
-<usage>
- <p>Setting the <directive>AuthzDBMAuthoritative</directive>
- directive explicitly to <code>Off</code> allows group authorization
- to be passed on to lower level modules (as defined in the
- <code>modules.c</code> file) if there is no group found
- for the the supplied userID. If there are any groups
- specified, the usual checks will be applied and a failure will
- give an Authentication Required reply.</p>
-
- <p>So if a userID appears in the database of more than one module;
- or if a valid <directive module="core">Require</directive>
- directive applies to more than one module; then the first module
- will verify the credentials; and no access is passed on;
- regardless of the <directive>AuthAuthoritative</directive> setting.</p>
-
- <p>A common use for this is in conjunction with one of the
- auth providers; such as <module>mod_authn_dbm</module> or
- <module>mod_authn_file</module>. Whereas this DBM module supplies
- the bulk of the user credential checking; a few (administrator) related
- accesses fall through to a lower level with a well protected
- <code>.htpasswd</code> file.</p>
-
- <p>By default, control is not passed on and an unknown group
- will result in an Authentication Required reply. Not
- setting it thus keeps the system secure and forces an NCSA
- compliant behaviour.</p>
-
- <note type="warning"><title>Security</title>
- <p>Do consider the implications of allowing a user to
- allow fall-through in his .htaccess file; and verify that this
- is really what you want; Generally it is easier to just secure
- a single <code>.htpasswd</code> file, than it is to secure a
- database which might have more access interfaces.</p>
- </note>
-</usage>
-</directivesynopsis>
-
</modulesynopsis>
Modified: httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_groupfile.xml
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_groupfile.xml?rev=366519&r1=366518&r2=366519&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_groupfile.xml (original)
+++ httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_groupfile.xml Fri Jan 6 08:15:13 2006
@@ -75,36 +75,4 @@
</usage>
</directivesynopsis>
-<directivesynopsis>
-<name>AuthzGroupFileAuthoritative</name>
-<description>Sets whether authorization will be passed on to lower level
-modules</description>
-<syntax>AuthzGroupFileAuthoritative On|Off</syntax>
-<default>AuthzGroupFileAuthoritative On</default>
-<contextlist><context>directory</context><context>.htaccess</context>
-</contextlist>
-<override>AuthConfig</override>
-
-<usage>
- <p>Setting the <directive>AuthzGroupFileAuthoritative</directive>
- directive explicitly to <code>Off</code> allows for
- group authorization to be passed on to lower level modules (as defined
- in the <code>modules.c</code> files) if there is <strong>no
- group</strong> matching the supplied userID.</p>
-
- <p>By default, control is not passed on and an unknown group
- will result in an Authentication Required reply. Not
- setting it thus keeps the system secure and forces an NCSA
- compliant behaviour.</p>
-
- <note type="warning"><title>Security</title>
- <p>Do consider the implications of allowing a user to
- allow fall-through in his <code>.htaccess</code> file; and verify
- that this is really what you want; Generally it is easier to just
- secure a single <code>.htpasswd</code> file, than it is to secure
- a database which might have more access interfaces.</p>
- </note>
-</usage>
-</directivesynopsis>
-
</modulesynopsis>
Modified: httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_owner.xml
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_owner.xml?rev=366519&r1=366518&r2=366519&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_owner.xml (original)
+++ httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_owner.xml Fri Jan 6 08:15:13 2006
@@ -132,39 +132,4 @@
</section>
</section>
-<directivesynopsis>
-<name>AuthzOwnerAuthoritative</name>
-<description>Sets whether authorization will be passed on to lower level
-modules</description>
-<syntax>AuthzOwnerAuthoritative On|Off</syntax>
-<default>AuthzOwnerAuthoritative On</default>
-<contextlist><context>directory</context><context>.htaccess</context>
-</contextlist>
-<override>AuthConfig</override>
-
-<usage>
- <p>Setting the <directive>AuthzOwnerAuthoritative</directive>
- directive explicitly to <code>Off</code> allows for
- user authorization to be passed on to lower level modules (as defined
- in the <code>modules.c</code> files) if:</p>
-
- <ul>
- <li>in the case of <code>file-owner</code> the file-system owner does not
- match the supplied web-username or could not be determined, or</li>
-
- <li>in the case of <code>file-group</code> the file-system group does not
- contain the supplied web-username or could not be determined.</li>
- </ul>
-
- <p>Note that setting the value to <code>Off</code> also allows the
- combination of <code>file-owner</code> and <code>file-group</code>, so
- access will be allowed if either one or the other (or both) match.</p>
-
- <p>By default, control is not passed on and an authorization failure
- will result in an "Authentication Required" reply. Not
- setting it to <code>Off</code> thus keeps the system secure and forces
- an NCSA compliant behaviour.</p>
-</usage>
-</directivesynopsis>
-
</modulesynopsis>
Modified: httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_user.xml
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_user.xml?rev=366519&r1=366518&r2=366519&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_user.xml (original)
+++ httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_user.xml Fri Jan 6 08:15:13 2006
@@ -40,28 +40,4 @@
<seealso><directive module="core">Require</directive></seealso>
<seealso><directive module="core">Satisfy</directive></seealso>
-<directivesynopsis>
-<name>AuthzUserAuthoritative</name>
-<description>Sets whether authorization will be passed on to lower level
-modules</description>
-<syntax>AuthzUserAuthoritative On|Off</syntax>
-<default>AuthzUserAuthoritative On</default>
-<contextlist><context>directory</context><context>.htaccess</context>
-</contextlist>
-<override>AuthConfig</override>
-
-<usage>
- <p>Setting the <directive>AuthzUserAuthoritative</directive>
- directive explicitly to <code>Off</code> allows for
- user authorization to be passed on to lower level modules (as defined
- in the <code>modules.c</code> files) if there is <strong>no
- user</strong> matching the supplied userID.</p>
-
- <p>By default, control is not passed on and an unknown user
- will result in an Authentication Required reply. Not
- setting it to <code>Off</code> thus keeps the system secure and forces
- an NCSA compliant behaviour.</p>
-</usage>
-</directivesynopsis>
-
</modulesynopsis>
Modified: httpd/httpd/branches/authz-dev/docs/manual/mod/mod_ldap.xml
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/docs/manual/mod/mod_ldap.xml?rev=366519&r1=366518&r2=366519&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/docs/manual/mod/mod_ldap.xml (original)
+++ httpd/httpd/branches/authz-dev/docs/manual/mod/mod_ldap.xml Fri Jan 6 08:15:13 2006
@@ -81,7 +81,6 @@
Allow from yourdomain.example.com<br />
AuthLDAPEnabled on<br />
AuthLDAPURL ldap://127.0.0.1/dc=example,dc=com?uid?one<br />
- AuthLDAPAuthoritative on<br />
require valid-user<br />
</indent>
</Location>
@@ -212,7 +211,6 @@
Allow from yourdomain.example.com<br />
AuthLDAPEnabled on<br />
AuthLDAPURL ldaps://127.0.0.1/dc=example,dc=com?uid?one<br />
- AuthLDAPAuthoritative on<br />
require valid-user<br />
</indent>
</Location>
@@ -234,7 +232,6 @@
AuthLDAPEnabled on<br />
LDAPTrustedMode TLS
AuthLDAPURL ldap://127.0.0.1/dc=example,dc=com?uid?one<br />
- AuthLDAPAuthoritative on<br />
require valid-user<br />
</indent>
</Location>
@@ -287,7 +284,6 @@
AuthLDAPEnabled on<br />
LDAPTrustedClientCert CERT_NICKNAME <nickname> [password]<br />
AuthLDAPURL ldaps://127.0.0.1/dc=example,dc=com?uid?one<br />
- AuthLDAPAuthoritative on<br />
require valid-user<br />
</indent>
</Location>
@@ -355,7 +351,6 @@
LDAPTrustedClientCert CERT_BASE64 /certs/cert1.pem<br />
LDAPTrustedClientCert KEY_BASE64 /certs/key1.pem<br />
AuthLDAPURL ldaps://127.0.0.1/dc=example,dc=com?uid?one<br />
- AuthLDAPAuthoritative on<br />
require valid-user<br />
</indent>
</Location>