1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
3<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
4        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
5              This file is generated from xml source: DO NOT EDIT
6        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
7      -->
8<title>mod_authn_core - Apache HTTP Server</title>
9<link href="/style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
10<link href="/style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
11<link href="/style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="/style/css/prettify.css" />
12<script src="/style/scripts/prettify.min.js" type="text/javascript">
13</script>
14
15<link href="/images/favicon.ico" rel="shortcut icon" /></head>
16<body>
17<div id="page-header">
18<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p>
19<p class="apache">Apache HTTP Server Version 2.4</p>
20<img alt="" src="/images/feather.gif" /></div>
21<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="/images/left.gif" /></a></div>
22<div id="path">
23<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.4</a> &gt; <a href="./">Modules</a></div>
24<div id="page-content">
25<div id="preamble"><h1>Apache Module mod_authn_core</h1>
26<div class="toplang">
27<p><span>Available Languages: </span><a href="/en/mod/mod_authn_core.html" title="English">&nbsp;en&nbsp;</a> |
28<a href="/fr/mod/mod_authn_core.html" hreflang="fr" rel="alternate" title="Fran�ais">&nbsp;fr&nbsp;</a></p>
29</div>
30<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Core Authentication</td></tr>
31<tr><th><a href="module-dict.html#Status">Status:</a></th><td>Base</td></tr>
32<tr><th><a href="module-dict.html#ModuleIdentifier">Module�Identifier:</a></th><td>authn_core_module</td></tr>
33<tr><th><a href="module-dict.html#SourceFile">Source�File:</a></th><td>mod_authn_core.c</td></tr>
34<tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.3 and later</td></tr></table>
35<h3>Summary</h3>
36
37    <p>This module provides core authentication capabilities to
38    allow or deny access to portions of the web site.
39    <code class="module"><a href="/mod/mod_authn_core.html">mod_authn_core</a></code> provides directives that are
40    common to all authentication providers.</p>
41</div>
42<div id="quickview"><h3 class="directives">Directives</h3>
43<ul id="toc">
44<li><img alt="" src="/images/down.gif" /> <a href="#authname">AuthName</a></li>
45<li><img alt="" src="/images/down.gif" /> <a href="#authnprovideralias">&lt;AuthnProviderAlias&gt;</a></li>
46<li><img alt="" src="/images/down.gif" /> <a href="#authtype">AuthType</a></li>
47</ul>
48<h3>Topics</h3>
49<ul id="topics">
50<li><img alt="" src="/images/down.gif" /> <a href="#authnalias">Creating Authentication Provider Aliases</a></li>
51</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
52<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
53<div class="section">
54<h2><a name="authnalias" id="authnalias">Creating Authentication Provider Aliases</a></h2>
55
56    <p>Extended authentication providers can be created
57    within the configuration file and assigned an alias name.  The alias
58    providers can then be referenced through the directives
59    <code class="directive"><a href="/mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code> or
60    <code class="directive"><a href="/mod/mod_auth_digest.html#authdigestprovider">AuthDigestProvider</a></code> in
61    the same way as a base authentication provider.  Besides the ability
62    to create and alias an extended provider, it also allows the same
63    extended authentication provider to be reference by multiple
64    locations.</p>
65
66    <h3><a name="example" id="example">Examples</a></h3>
67
68        <p>This example checks for passwords in two different text
69        files.</p>
70
71        <div class="example"><h3>Checking multiple text password files</h3><pre class="prettyprint lang-config"># Check here first
72&lt;AuthnProviderAlias file file1&gt;
73    AuthUserFile /www/conf/passwords1
74&lt;/AuthnProviderAlias&gt;
75
76# Then check here
77&lt;AuthnProviderAlias file file2&gt;   
78    AuthUserFile /www/conf/passwords2
79&lt;/AuthnProviderAlias&gt;
80
81&lt;Directory /var/web/pages/secure&gt;
82    AuthBasicProvider file1 file2
83    
84    AuthType Basic
85    AuthName "Protected Area"
86    Require valid-user
87&lt;/Directory&gt;</pre>
88</div>
89
90        <p>The example below creates two different ldap authentication
91        provider aliases based on the ldap provider.  This allows
92        a single authenticated location to be serviced by multiple ldap
93        hosts:</p>
94
95        <div class="example"><h3>Checking multiple LDAP servers</h3><pre class="prettyprint lang-config">&lt;AuthnProviderAlias ldap ldap-alias1&gt;
96    AuthLDAPBindDN cn=youruser,o=ctx
97    AuthLDAPBindPassword yourpassword
98    AuthLDAPURL ldap://ldap.host/o=ctx
99&lt;/AuthnProviderAlias&gt;
100&lt;AuthnProviderAlias ldap ldap-other-alias&gt;
101    AuthLDAPBindDN cn=yourotheruser,o=dev
102    AuthLDAPBindPassword yourotherpassword
103    AuthLDAPURL ldap://other.ldap.host/o=dev?cn
104&lt;/AuthnProviderAlias&gt;
105
106Alias /secure /webpages/secure
107&lt;Directory /webpages/secure&gt;
108    Order deny,allow
109    Allow from all
110    
111    AuthBasicProvider ldap-other-alias  ldap-alias1
112    
113    AuthType Basic
114    AuthName "LDAP Protected Place"
115    Require valid-user
116    # Note that Require ldap-* would not work here, since the 
117    # AuthnProviderAlias does not provide the config to authorization providers
118    # that are implemented in the same module as the authentication provider.
119&lt;/Directory&gt;</pre>
120</div>
121    
122
123</div>
124<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
125<div class="directive-section"><h2><a name="AuthName" id="AuthName">AuthName</a> <a name="authname" id="authname">Directive</a></h2>
126<table class="directive">
127<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Authorization realm for use in HTTP
128authentication</td></tr>
129<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthName <var>auth-domain</var></code></td></tr>
130<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
131<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
132<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
133<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authn_core</td></tr>
134</table>
135    <p>This directive sets the name of the authorization realm for a
136    directory. This realm is given to the client so that the user
137    knows which username and password to send.
138    <code class="directive">AuthName</code> takes a single argument; if the
139    realm name contains spaces, it must be enclosed in quotation
140    marks.  It must be accompanied by <code class="directive"><a href="#authtype">AuthType</a></code> and <code class="directive"><a href="/mod/mod_authz_core.html#require">Require</a></code> directives, and directives such
141    as <code class="directive"><a href="/mod/mod_authn_file.html#authuserfile">AuthUserFile</a></code> and
142    <code class="directive"><a href="/mod/mod_authz_groupfile.html#authgroupfile">AuthGroupFile</a></code> to
143    work.</p>
144
145   <p>For example:</p>
146
147   <pre class="prettyprint lang-config">AuthName "Top Secret"</pre>
148
149
150    <p>The string provided for the <code>AuthName</code> is what will
151    appear in the password dialog provided by most browsers.</p>
152
153<h3>See also</h3>
154<ul>
155<li><a href="/howto/auth.html">Authentication, Authorization, and
156    Access Control</a></li>
157<li><code class="module"><a href="/mod/mod_authz_core.html">mod_authz_core</a></code></li>
158</ul>
159</div>
160<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
161<div class="directive-section"><h2><a name="AuthnProviderAlias" id="AuthnProviderAlias">&lt;AuthnProviderAlias&gt;</a> <a name="authnprovideralias" id="authnprovideralias">Directive</a></h2>
162<table class="directive">
163<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enclose a group of directives that represent an
164extension of a base authentication provider and referenced by
165the specified alias</td></tr>
166<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>&lt;AuthnProviderAlias <var>baseProvider Alias</var>&gt;
167... &lt;/AuthnProviderAlias&gt;</code></td></tr>
168<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
169<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
170<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authn_core</td></tr>
171</table>
172    <p><code>&lt;AuthnProviderAlias&gt;</code> and
173    <code>&lt;/AuthnProviderAlias&gt;</code> are used to enclose a group of
174    authentication directives that can be referenced by the alias name
175    using one of the directives <code class="directive"><a href="/mod/mod_auth_basic.html#authbasicprovider">
176    AuthBasicProvider</a></code> or <code class="directive"><a href="/mod/mod_auth_digest.html#authdigestprovider">
177    AuthDigestProvider</a></code>.</p>
178
179
180</div>
181<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
182<div class="directive-section"><h2><a name="AuthType" id="AuthType">AuthType</a> <a name="authtype" id="authtype">Directive</a></h2>
183<table class="directive">
184<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Type of user authentication</td></tr>
185<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthType None|Basic|Digest|Form</code></td></tr>
186<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
187<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
188<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
189<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authn_core</td></tr>
190</table>
191    <p>This directive selects the type of user authentication for a
192    directory. The authentication types available are <code>None</code>,
193    <code>Basic</code> (implemented by
194    <code class="module"><a href="/mod/mod_auth_basic.html">mod_auth_basic</a></code>), <code>Digest</code>
195    (implemented by <code class="module"><a href="/mod/mod_auth_digest.html">mod_auth_digest</a></code>), and
196    <code>Form</code> (implemented by <code class="module"><a href="/mod/mod_auth_form.html">mod_auth_form</a></code>).</p>
197
198    <p>To implement authentication, you must also use the <code class="directive"><a href="#authname">AuthName</a></code> and <code class="directive"><a href="/mod/mod_authz_core.html#require">Require</a></code> directives.  In addition, the
199    server must have an authentication-provider module such as
200    <code class="module"><a href="/mod/mod_authn_file.html">mod_authn_file</a></code> and an authorization module such
201    as <code class="module"><a href="/mod/mod_authz_user.html">mod_authz_user</a></code>.</p>
202
203    <p>The authentication type <code>None</code> disables authentication.
204    When authentication is enabled, it is normally inherited by each
205    subsequent <a href="/sections.html#mergin">configuration section</a>,
206    unless a different authentication type is specified.  If no
207    authentication is desired for a subsection of an authenticated
208    section, the authentication type <code>None</code> may be used;
209    in the following example, clients may access the
210    <code>/www/docs/public</code> directory without authenticating:</p>
211
212    <pre class="prettyprint lang-config">&lt;Directory /www/docs&gt;
213    AuthType Basic
214    AuthName Documents
215    AuthBasicProvider file
216    AuthUserFile /usr/local/apache/passwd/passwords
217    Require valid-user
218&lt;/Directory&gt;
219
220&lt;Directory /www/docs/public&gt;
221    AuthType None
222    Require all granted
223&lt;/Directory&gt;</pre>
224
225
226    <div class="note">When disabling authentication, note that clients which have
227    already authenticated against another portion of the server's document
228    tree will typically continue to send authentication HTTP headers
229    or cookies with each request, regardless of whether the server
230    actually requires authentication for every resource.</div>
231
232<h3>See also</h3>
233<ul>
234<li><a href="/howto/auth.html">Authentication, Authorization,
235    and Access Control</a></li>
236</ul>
237</div>
238</div>
239<div class="bottomlang">
240<p><span>Available Languages: </span><a href="/en/mod/mod_authn_core.html" title="English">&nbsp;en&nbsp;</a> |
241<a href="/fr/mod/mod_authn_core.html" hreflang="fr" rel="alternate" title="Fran�ais">&nbsp;fr&nbsp;</a></p>
242</div><div class="top"><a href="#page-header"><img src="/images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>
243<script type="text/javascript"><!--//--><![CDATA[//><!--
244var comments_shortname = 'httpd';
245var comments_identifier = 'http://httpd.apache.org/docs/2.4/mod/mod_authn_core.html';
246(function(w, d) {
247    if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
248        d.write('<div id="comments_thread"><\/div>');
249        var s = d.createElement('script');
250        s.type = 'text/javascript';
251        s.async = true;
252        s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
253        (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
254    }
255    else { 
256        d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
257    }
258})(window, document);
259//--><!]]></script></div><div id="footer">
260<p class="apache">Copyright 2014 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
261<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
262if (typeof(prettyPrint) !== 'undefined') {
263    prettyPrint();
264}
265//--><!]]></script>
266</body></html>