Apache Module mod_auth_basic
Summary
This module allows the use of HTTP Basic Authentication to restrict access by looking up users in the given providers. HTTP Digest Authentication is provided by mod_auth_digest
. This module should usually be combined with at least one authentication module such as mod_authn_file
and one authorization module such as mod_authz_user
.
AuthBasicAuthoritative Directive
Normally, each authorization module listed in AuthBasicProvider
will attempt to verify the user, and if the user is not found in any provider, access will be denied. Setting the AuthBasicAuthoritative
directive explicitly to Off
allows for both authentication and authorization to be passed on to other non-provider-based modules if there is no userID or rule matching the supplied userID. This should only be necessary when combining mod_auth_basic
with third-party modules that are not configured with the AuthBasicProvider
directive. When using such modules, the order of processing is determined in the modules' source code and is not configurable.
AuthBasicProvider Directive
The AuthBasicProvider
directive sets which provider is used to authenticate the users for this location. The default file
provider is implemented by the mod_authn_file
module. Make sure that the chosen provider module is present in the server.
Example
<Location /secure>
AuthType basic
AuthName "private area"
AuthBasicProvider dbm
AuthDBMType SDBM
AuthDBMUserFile /www/etc/dbmpasswd
Require valid-user
</Location>
Providers are implemented by mod_authn_dbm
, mod_authn_file
, mod_authn_dbd
, and mod_authnz_ldap
.