1<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3
4<html xmlns="http://www.w3.org/1999/xhtml">
5  <head>
6    <meta name="generator" content="HTML Tidy, see www.w3.org" />
7
8    <title>Apache module mod_auth_anon.c</title>
9  </head>
10  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
11
12  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
13  vlink="#000080" alink="#FF0000">
14        <div align="CENTER">
15      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" />
16
17      <h3>Apache HTTP Server Version 1.3</h3>
18    </div>
19
20
21    <h1 align="CENTER">Module mod_auth_anon</h1>
22    This module allows "anonymous" user access to authenticated
23    areas.
24
25    <p><a href="module-dict.html#Status"
26    rel="Help"><strong>Status:</strong></a> Extension<br />
27     <a href="module-dict.html#SourceFile"
28    rel="Help"><strong>Source File:</strong></a>
29    mod_auth_anon.c<br />
30     <a href="module-dict.html#ModuleIdentifier"
31    rel="Help"><strong>Module Identifier:</strong></a>
32    anon_auth_module<br />
33     <a href="module-dict.html#Compatibility"
34    rel="Help"><strong>Compatibility:</strong></a> Available in
35    Apache 1.1 and later.</p>
36
37    <h2>Summary</h2>
38
39    <p>This module does access control in a manner similar to
40    anonymous-ftp sites; <em>i.e.</em> have a 'magic' user id
41    'anonymous' and the email address as a password. These email
42    addresses can be logged.</p>
43
44    <p>Combined with other (database) access control methods, this
45    allows for effective user tracking and customization according
46    to a user profile while still keeping the site open for
47    'unregistered' users. One advantage of using Auth-based user
48    tracking is that, unlike magic-cookies and funny URL
49    pre/postfixes, it is completely browser independent and it
50    allows users to share URLs.</p>
51
52    <h2><a id="Directives" name="Directives">Directives</a></h2>
53
54    <ul>
55      <li><a href="#anonymous">Anonymous</a></li>
56
57      <li><a href="#Authoritative">Anonymous_Authoritative</a></li>
58
59      <li><a href="#LogEmail">Anonymous_LogEmail</a></li>
60
61      <li><a href="#MustGiveEmail">Anonymous_MustGiveEmail</a></li>
62
63      <li><a href="#NoUserID">Anonymous_NoUserID</a></li>
64
65      <li><a href="#VerifyEmail">Anonymous_VerifyEmail</a></li>
66    </ul>
67
68    <h2><a id="Example" name="Example">Example</a></h2>
69    The example below (when combined with the Auth directives of a
70    htpasswd-file based (or GDM, mSQL <em>etc.</em>) base access
71    control system allows users in as 'guests' with the following
72    properties:
73
74    <ul>
75      <li>It insists that the user enters a userId.
76      (<code>Anonymous_NoUserId</code>)</li>
77
78      <li>It insists that the user enters a password.
79      (<code>Anonymous_MustGiveEmail</code>)</li>
80
81      <li>The password entered must be a valid email address, ie.
82      contain at least one '@' and a '.'.
83      (<code>Anonymous_VerifyEmail</code>)</li>
84
85      <li>The userID must be one of <code>anonymous guest www test
86      welcome</code> and comparison is <strong>not</strong> case
87      sensitive.</li>
88
89      <li>And the Email addresses entered in the passwd field are
90      logged to the error log file
91      (<code>Anonymous_LogEmail</code>)</li>
92    </ul>
93
94    <p>Excerpt of httpd.conf:</p>
95
96    <blockquote>
97<pre>
98Anonymous_NoUserId      off
99Anonymous_MustGiveEmail on
100Anonymous_VerifyEmail    on
101Anonymous_LogEmail      on
102Anonymous        anonymous guest www test welcome
103
104AuthName                "Use 'anonymous' &amp; Email address for guest entry"
105AuthType                basic
106
107# An AuthUserFile/AuthDBUserFile/AuthDBMUserFile
108# directive must be specified, or use
109# Anonymous_Authoritative for public access.
110# In the .htaccess for the public directory, add:
111&lt;Files *&gt;
112Order Deny,Allow
113Allow from all
114
115Require valid-user
116&lt;/Files&gt;
117</pre>
118    </blockquote>
119    <hr />
120
121    <h2><a id="anonymous" name="anonymous">Anonymous
122    directive</a></h2>
123    <a href="directive-dict.html#Syntax"
124    rel="Help"><strong>Syntax:</strong></a> Anonymous <em>user</em>
125    [<em>user</em>] ...<br />
126     <a href="directive-dict.html#Default"
127    rel="Help"><strong>Default:</strong></a> none<br />
128     <a href="directive-dict.html#Context"
129    rel="Help"><strong>Context:</strong></a> directory,
130    .htaccess<br />
131     <a href="directive-dict.html#Override"
132    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
133     <a href="directive-dict.html#Status"
134    rel="Help"><strong>Status:</strong></a> Extension<br />
135     <a href="directive-dict.html#Module"
136    rel="Help"><strong>Module:</strong></a> mod_auth_anon
137
138    <p>A list of one or more 'magic' userIDs which are allowed
139    access without password verification. The userIDs are space
140    separated. It is possible to use the ' and " quotes to allow a
141    space in a userID as well as the \ escape character.</p>
142
143    <p>Please note that the comparison is
144    <strong>case-IN-sensitive</strong>.<br />
145     I strongly suggest that the magic username
146    '<code>anonymous</code>' is always one of the allowed
147    userIDs.</p>
148
149    <p>Example:<br />
150     <code>Anonymous anonymous "Not Registered" 'I don\'t
151    know'</code></p>
152
153    <p>This would allow the user to enter without password
154    verification by using the userId's 'anonymous',
155    'AnonyMous','Not Registered' and 'I Don't Know'.</p>
156    <hr />
157
158    <h2><a id="Authoritative"
159    name="Authoritative">Anonymous_Authoritative directive</a></h2>
160    <a href="directive-dict.html#Syntax"
161    rel="Help"><strong>Syntax:</strong></a> Anonymous_Authoritative
162    on|off<br />
163     <a href="directive-dict.html#Default"
164    rel="Help"><strong>Default:</strong></a>
165    <code>Anonymous_Authoritative off</code><br />
166     <a href="directive-dict.html#Context"
167    rel="Help"><strong>Context:</strong></a> directory,
168    .htaccess<br />
169     <a href="directive-dict.html#Override"
170    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
171     <a href="directive-dict.html#Status"
172    rel="Help"><strong>Status:</strong></a> Extension<br />
173     <a href="directive-dict.html#Module"
174    rel="Help"><strong>Module:</strong></a> mod_auth_anon
175
176    <p>When set 'on', there is no fall-through to other
177    authorization methods. So if a userID does not match the values
178    specified in the <code>Anonymous</code> directive, access is
179    denied.</p>
180
181    <p>Be sure you know what you are doing when you decide to
182    switch it on. And remember that it is the linking order of the
183    modules (in the Configuration / Make file) which details the
184    order in which the Authorization modules are queried.</p>
185    <hr />
186
187    <h2><a id="LogEmail" name="LogEmail">Anonymous_LogEmail
188    directive</a></h2>
189    <a href="directive-dict.html#Syntax"
190    rel="Help"><strong>Syntax:</strong></a> Anonymous_LogEmail
191    on|off<br />
192     <a href="directive-dict.html#Default"
193    rel="Help"><strong>Default:</strong></a>
194    <code>Anonymous_LogEmail on</code><br />
195     <a href="directive-dict.html#Context"
196    rel="Help"><strong>Context:</strong></a> directory,
197    .htaccess<br />
198     <a href="directive-dict.html#Override"
199    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
200     <a href="directive-dict.html#Status"
201    rel="Help"><strong>Status:</strong></a> Extension<br />
202     <a href="directive-dict.html#Module"
203    rel="Help"><strong>Module:</strong></a> mod_auth_anon
204
205    <p>When set 'on', the default, the 'password' entered (which
206    hopefully contains a sensible email address) is logged in the
207    error log. The message is logged at a level of <code>info</code>,
208    and so you must have <a href="core.html#loglevel">LogLevel</a> set
209    to at least <code>info</code> in order to see this message.</p>
210
211    <p>Log entries will look like the following example:</p>
212
213    <pre>
214[Fri Apr 26 14:49:50 2002] [info] [client 192.168.1.105] Anonymous: Passwd <user@example.com> Accepted
215</pre>
216
217    <hr />
218
219    <h2><a id="MustGiveEmail"
220    name="MustGiveEmail">Anonymous_MustGiveEmail directive</a></h2>
221
222    <a href="directive-dict.html#Syntax"
223    rel="Help"><strong>Syntax:</strong></a> Anonymous_MustGiveEmail
224    on|off<br />
225     <a href="directive-dict.html#Default"
226    rel="Help"><strong>Default:</strong></a>
227    <code>Anonymous_MustGiveEmail on</code><br />
228     <a href="directive-dict.html#Context"
229    rel="Help"><strong>Context:</strong></a> directory,
230    .htaccess<br />
231     <a href="directive-dict.html#Override"
232    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
233     <a href="directive-dict.html#Status"
234    rel="Help"><strong>Status:</strong></a> Extension<br />
235     <a href="directive-dict.html#Module"
236    rel="Help"><strong>Module:</strong></a> mod_auth_anon
237
238    <p>Specifies whether the user must specify an email address as
239    the password. This prohibits blank passwords.</p>
240    <hr />
241
242    <h2><a id="NoUserID" name="NoUserID">Anonymous_NoUserID
243    directive</a></h2>
244    <a href="directive-dict.html#Syntax"
245    rel="Help"><strong>Syntax:</strong></a> Anonymous_NoUserID
246    on|off<br />
247     <a href="directive-dict.html#Default"
248    rel="Help"><strong>Default:</strong></a>
249    <code>Anonymous_NoUserID off</code><br />
250     <a href="directive-dict.html#Context"
251    rel="Help"><strong>Context:</strong></a> directory,
252    .htaccess<br />
253     <a href="directive-dict.html#Override"
254    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
255     <a href="directive-dict.html#Status"
256    rel="Help"><strong>Status:</strong></a> Extension<br />
257     <a href="directive-dict.html#Module"
258    rel="Help"><strong>Module:</strong></a> mod_auth_anon
259
260    <p>When set 'on', users can leave the userID (and perhaps the
261    password field) empty. This can be very convenient for
262    MS-Explorer users who can just hit return or click directly on
263    the OK button; which seems a natural reaction.</p>
264    <hr />
265
266    <h2><a id="VerifyEmail"
267    name="VerifyEmail">Anonymous_VerifyEmail directive</a></h2>
268    <a href="directive-dict.html#Syntax"
269    rel="Help"><strong>Syntax:</strong></a> Anonymous_VerifyEmail
270    on|off<br />
271     <a href="directive-dict.html#Default"
272    rel="Help"><strong>Default:</strong></a>
273    <code>Anonymous_VerifyEmail off</code><br />
274     <a href="directive-dict.html#Context"
275    rel="Help"><strong>Context:</strong></a> directory,
276    .htaccess<br />
277     <a href="directive-dict.html#Override"
278    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
279     <a href="directive-dict.html#Status"
280    rel="Help"><strong>Status:</strong></a> Extension<br />
281     <a href="directive-dict.html#Module"
282    rel="Help"><strong>Module:</strong></a> mod_auth_anon
283
284    <p>When set 'on' the 'password' entered is checked for at least
285    one '@' and a '.' to encourage users to enter valid email
286    addresses (see the above <code>Auth_LogEmail</code>).
287        <hr />
288
289    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
290    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
291    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
292
293    </p>
294  </body>
295</html>
296
297