Mercurial > hg > nginx-site

annotate xml/en/docs/http/ngx_http_auth_basic_module.xml @ 990:f10ebd7c60b4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fixed incorrect link.
author Ruslan Ermilov <ru@nginx.com>
date Wed, 02 Oct 2013 13:29:56 +0400
parents 6316a7579448
children dad3af7a1019
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
315
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
1 <?xml version="1.0"?>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
2
580
be54c443235a Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents: 494
diff changeset
3 <!--
be54c443235a Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents: 494
diff changeset
4 Copyright (C) Igor Sysoev
be54c443235a Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents: 494
diff changeset
5 Copyright (C) Nginx, Inc.
be54c443235a Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents: 494
diff changeset
6 -->
be54c443235a Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents: 494
diff changeset
7
315
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
9
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
10 <module name="Module ngx_http_auth_basic_module"
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
11 link="/en/docs/http/ngx_http_auth_basic_module.html"
589
764fbac1b8b4 Added document revision.
Ruslan Ermilov <ru@nginx.com>
parents: 580
diff changeset
12 lang="en"
971
6316a7579448 Documented the "ngx_http_auth_request" module.
Vladimir Homutov <vl@nginx.com>
parents: 966
diff changeset
13 rev="6">
315
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
14
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
15 <section id="summary">
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
16
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
17 <para>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
18 The <literal>ngx_http_auth_basic_module</literal> module allows
966
95c3c3bbf1ce Text review.
Egor Nikitin <yegor.nikitin@gmail.com>
parents: 840
diff changeset
19 limiting access to resources by validating the user name and password
315
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
20 using the “HTTP Basic Authentication” protocol.
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
21 </para>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
22
494
244500f24783 - Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents: 351
diff changeset
23 <para>
244500f24783 - Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents: 351
diff changeset
24 Access can also be limited by
990
f10ebd7c60b4 Fixed incorrect link.
Ruslan Ermilov <ru@nginx.com>
parents: 971
diff changeset
25 <link doc="ngx_http_access_module.xml">address</link> or by the
971
6316a7579448 Documented the "ngx_http_auth_request" module.
Vladimir Homutov <vl@nginx.com>
parents: 966
diff changeset
26 <link doc="ngx_http_auth_request_module.xml">result of subrequest</link>.
494
244500f24783 - Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents: 351
diff changeset
27 Simultaneous limitation of access by address and by password is controlled
244500f24783 - Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents: 351
diff changeset
28 by the <link doc="ngx_http_core_module.xml" id="satisfy"/> directive.
244500f24783 - Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents: 351
diff changeset
29 </para>
244500f24783 - Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents: 351
diff changeset
30
315
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
31 </section>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
32
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
33
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
34 <section id="example" name="Example Configuration">
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
35
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
36 <para>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
37 <example>
351
a4fa80755eab Consistently strip initial offset in examples.
Ruslan Ermilov <ru@nginx.com>
parents: 315
diff changeset
38 location / {
a4fa80755eab Consistently strip initial offset in examples.
Ruslan Ermilov <ru@nginx.com>
parents: 315
diff changeset
39 auth_basic "closed site";
a4fa80755eab Consistently strip initial offset in examples.
Ruslan Ermilov <ru@nginx.com>
parents: 315
diff changeset
40 auth_basic_user_file conf/htpasswd;
a4fa80755eab Consistently strip initial offset in examples.
Ruslan Ermilov <ru@nginx.com>
parents: 315
diff changeset
41 }
315
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
42 </example>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
43 </para>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
44
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
45 </section>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
46
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
47
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
48 <section id="directives" name="Directives">
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
49
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
50 <directive name="auth_basic">
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
51 <syntax><value>string</value> | <literal>off</literal></syntax>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
52 <default>off</default>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
53 <context>http</context>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
54 <context>server</context>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
55 <context>location</context>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
56 <context>limit_except</context>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
57
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
58 <para>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
59 Enables validation of user name and password using the
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
60 “HTTP Basic Authentication” protocol.
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
61 The specified parameter is used as a <value>realm</value>.
966
95c3c3bbf1ce Text review.
Egor Nikitin <yegor.nikitin@gmail.com>
parents: 840
diff changeset
62 Parameter value can contain variables (1.3.10, 1.2.7).
95c3c3bbf1ce Text review.
Egor Nikitin <yegor.nikitin@gmail.com>
parents: 840
diff changeset
63 The special value <literal>off</literal> allows cancelling the effect
784
7d15bd7fc58d The "auth_basic" directive now supports variables.
Ruslan Ermilov <ru@nginx.com>
parents: 655
diff changeset
64 of the <literal>auth_basic</literal> directive
7d15bd7fc58d The "auth_basic" directive now supports variables.
Ruslan Ermilov <ru@nginx.com>
parents: 655
diff changeset
65 inherited from the previous configuration level.
315
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
66 </para>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
67
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
68 </directive>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
69
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
70
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
71 <directive name="auth_basic_user_file">
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
72 <syntax><value>file</value></syntax>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
73 <default/>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
74 <context>http</context>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
75 <context>server</context>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
76 <context>location</context>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
77 <context>limit_except</context>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
78
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
79 <para>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
80 Specifies a file that keeps user names and passwords,
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
81 in the following format:
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
82 <example>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
83 # comment
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
84 name1:password1
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
85 name2:password2:comment
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
86 name3:password3
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
87 </example>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
88 </para>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
89
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
90 <para>
655
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
91 The following password types are supported:
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
92 <list type="bullet">
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
93
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
94 <listitem>
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
95 encrypted with the <c-func>crypt</c-func> function; can be generated using
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
96 the “<command>htpasswd</command>” utility from the Apache HTTP Server
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
97 distribution or the “<command>openssl passwd</command>” command;
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
98 </listitem>
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
99
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
100 <listitem>
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
101 hashed with the Apache variant of the MD5-based password algorithm (apr1);
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
102 can be generated with the same tools;
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
103 </listitem>
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
104
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
105 <listitem>
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
106 specified by the
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
107 “<literal>{</literal><value>scheme</value><literal>}</literal><value>data</value>”
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
108 syntax (1.0.3+) as described in
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
109 <link url="http://tools.ietf.org/html/rfc2307#section-5.3">RFC 2307</link>;
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
110 currently implemented schemes include <literal>PLAIN</literal> (an example one,
836
f563967a4f59 Auth basic: ${SHA} password scheme.
Ruslan Ermilov <ru@nginx.com>
parents: 784
diff changeset
111 should not be used), <literal>SHA</literal> (1.3.13) (plain SHA-1
f563967a4f59 Auth basic: ${SHA} password scheme.
Ruslan Ermilov <ru@nginx.com>
parents: 784
diff changeset
112 hashing, should not be used) and <literal>SSHA</literal> (salted SHA-1 hashing,
f563967a4f59 Auth basic: ${SHA} password scheme.
Ruslan Ermilov <ru@nginx.com>
parents: 784
diff changeset
113 used by some software packages, notably OpenLDAP and Dovecot).
f563967a4f59 Auth basic: ${SHA} password scheme.
Ruslan Ermilov <ru@nginx.com>
parents: 784
diff changeset
114 <note>
f563967a4f59 Auth basic: ${SHA} password scheme.
Ruslan Ermilov <ru@nginx.com>
parents: 784
diff changeset
115 Support for <literal>SHA</literal> scheme was added only to aid
f563967a4f59 Auth basic: ${SHA} password scheme.
Ruslan Ermilov <ru@nginx.com>
parents: 784
diff changeset
116 in migration from other web servers.
966
95c3c3bbf1ce Text review.
Egor Nikitin <yegor.nikitin@gmail.com>
parents: 840
diff changeset
117 It should not be used for new passwords, since unsalted SHA-1 hashing
836
f563967a4f59 Auth basic: ${SHA} password scheme.
Ruslan Ermilov <ru@nginx.com>
parents: 784
diff changeset
118 that it employs is vulnerable to
f563967a4f59 Auth basic: ${SHA} password scheme.
Ruslan Ermilov <ru@nginx.com>
parents: 784
diff changeset
119 <link url="http://en.wikipedia.org/wiki/Rainbow_attack">rainbow table</link>
f563967a4f59 Auth basic: ${SHA} password scheme.
Ruslan Ermilov <ru@nginx.com>
parents: 784
diff changeset
120 attacks.
f563967a4f59 Auth basic: ${SHA} password scheme.
Ruslan Ermilov <ru@nginx.com>
parents: 784
diff changeset
121 </note>
655
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
122 </listitem>
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
123
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
124 </list>
315
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
125 </para>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
126
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
127 </directive>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
128
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
129 </section>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
130
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
131 </module>