summaryrefslogtreecommitdiff
path: root/docs/manual/mod/mod_auth_db.html
diff options
context:
space:
mode:
Diffstat (limited to 'docs/manual/mod/mod_auth_db.html')
-rw-r--r--docs/manual/mod/mod_auth_db.html36
1 files changed, 27 insertions, 9 deletions
diff --git a/docs/manual/mod/mod_auth_db.html b/docs/manual/mod/mod_auth_db.html
index 6bd64171e7..6e283c08e6 100644
--- a/docs/manual/mod/mod_auth_db.html
+++ b/docs/manual/mod/mod_auth_db.html
@@ -113,16 +113,34 @@ See also <A HREF="core.html#authname">AuthName</A>,
<strong>Status:</strong> Base<br>
<strong>Module:</strong> mod_auth<p>
-Setting the AuthDBAuthoritative directive explicitly to <b>'off'</b> allows for both authentification and authorization to be passed on to lower level modules (as defined in the <code>Configuration</code> and <code>modules.c</code> file if there is <b>no userID</b> or <b>rule</b> matching the supplied userID. If there is a userID and/or rule specified; the usual password and access checks will be applied and a failure will give an Authorization Required reply.
+Setting the AuthDBAuthoritative directive explicitly to <b>'off'</b>
+allows for both authentication and authorization to be passed on
+to lower level modules (as defined in the <code>Configuration</code>
+and <code>modules.c</code> file if there is <b>no userID</b> or
+<b>rule</b> matching the supplied userID. If there is a userID
+and/or rule specified; the usual password and access checks will
+be applied and a failure will give an Authorization Required reply.
<p>
-So if a userID appears in the database of more than one module; or if a valid require directive applies to more than one module; then the first module will verify the credentials; and no access is passed on; regardless of the AuthAuthoritative setting.
-<p>
-A common use for this is in conjection with one of the basic auth modules; such
-as <a href="mod_auth.html"><code>mod_auth.c</code></a>. Whereas this DB module supplies the bulk of the user credential checking; a few (administrator) related accesses fall through to a lower level with a well protected .htpasswd file.
-<p>
-<b>Default:</b> By default; control is not passed on; and an unkown userID or rule will result in an Authorization Required reply. Not setting it thus keeps the system secure; and forces an NSCA compliant behaviour.
-<p>
-Security: Do consider the implications of allowing a user to allow fall-through in his .htaccess file; and verify that this is really what you want; Generally it is easier to just secure a single .htpasswd file, than it is to secure a database which might have more access interfaces.
+So if a userID appears in the database of more than one module; or
+if a valid require directive applies to more than one module; then
+the first module will verify the credentials; and no access is
+passed on; regardless of the AuthAuthoritative setting. <p>
+
+A common use for this is in conjunction with one of the basic auth
+modules; such as <a href="mod_auth.html"><code>mod_auth.c</code></a>.
+Whereas this DB module supplies the bulk of the user credential
+checking; a few (administrator) related accesses fall through to
+a lower level with a well protected .htpasswd file. <p>
+
+<b>Default:</b> By default; control is not passed on; and an unknown
+userID or rule will result in an Authorization Required reply. Not
+setting it thus keeps the system secure; and forces an NSCA compliant
+behaviour. <p>
+Security: Do consider the implications of allowing a user to allow
+fall-through in his .htaccess file; and verify that this is really
+what you want; Generally it is easier to just secure a single
+.htpasswd file, than it is to secure a database which might have
+more access interfaces.
<p>
See also <A HREF="core.html#authname">AuthName</A>,
View Lorry Controller Status