Sitemap 1l1p

Apache HTTP Server Version 2.4

<-
Apache > HTTP Server > Documentation > Modules

Apache Module mod_authn_core 4f2y5o

Available Languages:  fr 

Description: Core Authentication
Status: Base
Module Identifier: authn_core_module
Source File: mod_authn_core.c
Compatibility: Available in Apache 2.3 and later

Summary 6m2os

This module provides core authentication capabilities to allow or deny access to portions of the web site. mod_authn_core provides directives that are common to all authentication providers.

Apache!

Topics 2c136y

Directives 1a4l6m

Bugfix checklist 4i2533

See also 27136x

top

Creating Authentication Provider Aliases 2d4i4c

Extended authentication providers can be created within the configuration file and assigned an alias name. The alias providers can then be referenced through the directives AuthDigestProvider in the same way as a base authentication provider. Besides the ability to create and alias an extended provider, it also allows the same extended authentication provider to be reference by multiple locations.

Examples 412u42

This example checks for s in two different text files.

Checking multiple text files 5e416t

# Check here first
<AuthnProviderAlias file file1>
    AuthFile "/www/conf/s1"
</AuthnProviderAlias>

# Then check here
<AuthnProviderAlias file file2>   
    AuthFile "/www/conf/s2"
</AuthnProviderAlias>

<Directory "/var/web/pages/secure">
    AuthBasirovider file1 file2
    
    AuthType Basic
    AuthName "Protected Area"
    Require valid-
</Directory>

The example below creates two different ldap authentication provider aliases based on the ldap provider. This allows a single authenticated location to be serviced by multiple ldap hosts:

Checking multiple LDAP servers 6f21o

<AuthnProviderAlias ldap ldap-alias1>
    AuthLDAPBindDN cn=your,o=ctx
    AuthLDAPBind your
    AuthLDAPURL ldap://ldap.host/o=ctx
</AuthnProviderAlias>
<AuthnProviderAlias ldap ldap-other-alias>
    AuthLDAPBindDN cn=yourother,o=dev
    AuthLDAPBind yourother
    AuthLDAPURL ldap://other.ldap.host/o=dev?cn
</AuthnProviderAlias>

Alias "/secure" "/webpages/secure"
<Directory "/webpages/secure">
    AuthBasirovider ldap-other-alias  ldap-alias1
    
    AuthType Basic
    AuthName "LDAP Protected Place"
    Require valid-
    # Note that Require ldap-* would not work here, since the 
    # AuthnProviderAlias does not provide the config to authorization providers
    # that are implemented in the same module as the authentication provider.
</Directory>
top

AuthName Directive l31d

Description: Authorization realm for use in HTTP authentication
Syntax: AuthName auth-domain
Context: directory, .htaccess
Override: AuthConfig
Status: Base
Module: mod_authn_core

This directive sets the name of the authorization realm for a directory. This realm is given to the client so that the knows which name and to send. AuthName takes a single argument; if the realm name contains spaces, it must be enclosed in quotation marks. It must be accompanied by AuthGroupFile to work.

For example:

AuthName "Top Secret"

The string provided for the AuthName is what will appear in the dialog provided by most browsers.

See also 27136x

top

<AuthnProviderAlias> Directive q466d

Description: Enclose a group of directives that represent an extension of a base authentication provider and referenced by the specified alias
Syntax: <AuthnProviderAlias baseProvider Alias> ... </AuthnProviderAlias>
Context: server config
Status: Base
Module: mod_authn_core

<AuthnProviderAlias> and </AuthnProviderAlias> are used to enclose a group of authentication directives that can be referenced by the alias name using one of the directives AuthDigestProvider.

This directive has no affect on authorization, even for modules that provide both authentication and authorization.
top

AuthType Directive 684r4w

Description: Type of authentication
Syntax: AuthType None|Basic|Digest|Form
Context: directory, .htaccess
Override: AuthConfig
Status: Base
Module: mod_authn_core

This directive selects the type of authentication for a directory. The authentication types available are None, Basic (implemented by mod_auth_form).

To implement authentication, you must also use the mod_authz_.

The authentication type None disables authentication. When authentication is enabled, it is normally inherited by each subsequent configuration section, unless a different authentication type is specified. If no authentication is desired for a subsection of an authenticated section, the authentication type None may be used; in the following example, clients may access the /www/docs/public directory without authenticating:

<Directory "/www/docs">
    AuthType Basic
    AuthName Documents
    AuthBasirovider file
    AuthFile "/usr/local/apache/wd/s"
    Require valid-
</Directory>

<Directory "/www/docs/public">
    AuthType None
    Require all granted
</Directory>
When disabling authentication, note that clients which have already authenticated against another portion of the server's document tree will typically continue to send authentication HTTP headers or cookies with each request, regardless of whether the server actually requires authentication for every resource.

See also 27136x

Available Languages:  fr 

top

Comments 2p1l6j

Notice:
This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our s if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our mailing lists.