Apache Module mod_authz_user
Summary
This module provides authorization capabilities so that authenticated users can be allowed or denied access to portions of the web site. mod_authz_user
grants access if the authenticated user is listed in a Require user
directive. Alternatively Require valid-user
can be used to grant access to all successfully authenticated users.
AuthzUserAuthoritative Directive
Setting the AuthzUserAuthoritative
directive explicitly to Off
allows for user authorization to be passed on to lower level modules (as defined in the modules.c
files) if there is no user matching the supplied userID.
By default, control is not passed on and an unknown user will result in an Authentication Required reply. Not setting it to Off
thus keeps the system secure and forces an NCSA compliant behaviour.