You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by nd...@apache.org on 2002/12/12 08:02:57 UTC
cvs commit: httpd-2.0/docs/manual/mod mod_auth_basic.html.en mod_auth_basic.xml mod_authn_dbm.html.en mod_authn_dbm.xml
nd 2002/12/11 23:02:57
Modified: docs/manual/mod mod_auth_basic.html.en mod_auth_basic.xml
mod_authn_dbm.html.en mod_authn_dbm.xml
Log:
reformatting, markup and picking nits
Revision Changes Path
1.9 +4 -3 httpd-2.0/docs/manual/mod/mod_auth_basic.html.en
Index: mod_auth_basic.html.en
===================================================================
RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_auth_basic.html.en,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- mod_auth_basic.html.en 11 Dec 2002 20:50:34 -0000 1.8
+++ mod_auth_basic.html.en 12 Dec 2002 07:02:57 -0000 1.9
@@ -62,16 +62,17 @@
<strong>no userID</strong> or <strong>rule</strong> matching the
supplied userID. If there is a userID and/or rule specified, the usual
password and access checks will be applied and a failure will give
- an Authorization Required reply.</p>
+ an "Authentication Required" reply.</p>
<p>So if a userID appears in the database of more than one module;
or if a valid <code class="directive"><a href="../mod/core.html#require">Require</a></code>
directive applies to more than one module; then the first module
will verify the credentials; and no access is passed on;
- regardless of the AuthAuthoritative setting.</p>
+ regardless of the <code class="directive">AuthBasicAuthoritative</code>
+ setting.</p>
<p>By default control is not passed on and an unknown userID or
- rule will result in an Authorization Required reply. Not setting
+ rule will result in an "Authentication Required" reply. Not setting
it thus keeps the system secure and forces an NCSA compliant
behaviour.</p>
1.6 +4 -3 httpd-2.0/docs/manual/mod/mod_auth_basic.xml
Index: mod_auth_basic.xml
===================================================================
RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_auth_basic.xml,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- mod_auth_basic.xml 9 Dec 2002 22:19:13 -0000 1.5
+++ mod_auth_basic.xml 12 Dec 2002 07:02:57 -0000 1.6
@@ -72,16 +72,17 @@
<strong>no userID</strong> or <strong>rule</strong> matching the
supplied userID. If there is a userID and/or rule specified, the usual
password and access checks will be applied and a failure will give
- an Authorization Required reply.</p>
+ an "Authentication Required" reply.</p>
<p>So if a userID appears in the database of more than one module;
or if a valid <directive module="core">Require</directive>
directive applies to more than one module; then the first module
will verify the credentials; and no access is passed on;
- regardless of the AuthAuthoritative setting.</p>
+ regardless of the <directive>AuthBasicAuthoritative</directive>
+ setting.</p>
<p>By default control is not passed on and an unknown userID or
- rule will result in an Authorization Required reply. Not setting
+ rule will result in an "Authentication Required" reply. Not setting
it thus keeps the system secure and forces an NCSA compliant
behaviour.</p>
</usage>
1.9 +9 -8 httpd-2.0/docs/manual/mod/mod_authn_dbm.html.en
Index: mod_authn_dbm.html.en
===================================================================
RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_authn_dbm.html.en,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- mod_authn_dbm.html.en 11 Dec 2002 20:50:34 -0000 1.8
+++ mod_authn_dbm.html.en 12 Dec 2002 07:02:57 -0000 1.9
@@ -94,15 +94,16 @@
the user file.</p>
<p>The user file is keyed on the username. The value for a user is
- the <code>crypt()</code> encrypted password, optionally followed
- by a colon and arbitrary data. The colon and the data following it
- will be ignored by the server.</p>
+ the encrypted password, optionally followed by a colon and arbitrary
+ data. The colon and the data following it will be ignored by the
+ server.</p>
- <p>Security: make sure that the
- <code class="directive">AuthDBMUserFile</code> is stored outside the
- document tree of the web-server; do <em>not</em> put it in the
- directory that it protects. Otherwise, clients will be able to
- download the <code class="directive">AuthDBMUserFile</code>.</p>
+ <div class="warning"><h3>Security:</h3>
+ <p>Make sure that the <code class="directive">AuthDBMUserFile</code> is stored
+ outside the document tree of the web-server; do <em>not</em> put it in
+ the directory that it protects. Otherwise, clients will be able to
+ download the <code class="directive">AuthDBMUserFile</code>.</p>
+ </div>
<p>Important compatibility note: The implementation of
<code>dbmopen</code> in the apache modules reads the string length of
1.6 +9 -8 httpd-2.0/docs/manual/mod/mod_authn_dbm.xml
Index: mod_authn_dbm.xml
===================================================================
RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_authn_dbm.xml,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- mod_authn_dbm.xml 9 Dec 2002 22:19:13 -0000 1.5
+++ mod_authn_dbm.xml 12 Dec 2002 07:02:57 -0000 1.6
@@ -49,15 +49,16 @@
the user file.</p>
<p>The user file is keyed on the username. The value for a user is
- the <code>crypt()</code> encrypted password, optionally followed
- by a colon and arbitrary data. The colon and the data following it
- will be ignored by the server.</p>
+ the encrypted password, optionally followed by a colon and arbitrary
+ data. The colon and the data following it will be ignored by the
+ server.</p>
- <p>Security: make sure that the
- <directive>AuthDBMUserFile</directive> is stored outside the
- document tree of the web-server; do <em>not</em> put it in the
- directory that it protects. Otherwise, clients will be able to
- download the <directive>AuthDBMUserFile</directive>.</p>
+ <note type="warning"><title>Security:</title>
+ <p>Make sure that the <directive>AuthDBMUserFile</directive> is stored
+ outside the document tree of the web-server; do <em>not</em> put it in
+ the directory that it protects. Otherwise, clients will be able to
+ download the <directive>AuthDBMUserFile</directive>.</p>
+ </note>
<p>Important compatibility note: The implementation of
<code>dbmopen</code> in the apache modules reads the string length of