Mercurial > hg > nginx-site

view xml/en/docs/http/ngx_http_auth_basic_module.xml @ 655:93d2a54d247c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added information about supported password types.
author Vladimir Homutov <vl@nginx.com>
date Mon, 27 Aug 2012 12:40:50 +0000
parents 764fbac1b8b4
children 7d15bd7fc58d
line wrap: on
line source

<?xml version="1.0"?>

<!--
  Copyright (C) Igor Sysoev
  Copyright (C) Nginx, Inc.
  -->

<!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">

<module name="Module ngx_http_auth_basic_module"
        link="/en/docs/http/ngx_http_auth_basic_module.html"
        lang="en"
        rev="2">

<section id="summary">

<para>
The <literal>ngx_http_auth_basic_module</literal> module allows
to limit access to resources by validating the user name and password
using the “HTTP Basic Authentication” protocol.
</para>

<para>
Access can also be limited by
<link doc="ngx_http_auth_basic_module.xml">address</link>.
Simultaneous limitation of access by address and by password is controlled
by the <link doc="ngx_http_core_module.xml" id="satisfy"/> directive.
</para>

</section>


<section id="example" name="Example Configuration">

<para>
<example>
location / {
    auth_basic           "closed site";
    auth_basic_user_file conf/htpasswd;
}
</example>
</para>

</section>


<section id="directives" name="Directives">

<directive name="auth_basic">
<syntax><value>string</value> | <literal>off</literal></syntax>
<default>off</default>
<context>http</context>
<context>server</context>
<context>location</context>
<context>limit_except</context>

<para>
Enables validation of user name and password using the
“HTTP Basic Authentication” protocol.
The specified parameter is used as a <value>realm</value>.
The parameter <literal>off</literal> allows to cancel the effect of the
<literal>auth_basic</literal> directive inherited from the previous
configuration level.
</para>

</directive>


<directive name="auth_basic_user_file">
<syntax><value>file</value></syntax>
<default/>
<context>http</context>
<context>server</context>
<context>location</context>
<context>limit_except</context>

<para>
Specifies a file that keeps user names and passwords,
in the following format:
<example>
# comment
name1:password1
name2:password2:comment
name3:password3
</example>
</para>

<para>
The following password types are supported:
<list type="bullet">

<listitem>
encrypted with the <c-func>crypt</c-func> function; can be generated using
the “<command>htpasswd</command>” utility from the Apache HTTP Server
distribution or the “<command>openssl passwd</command>” command;
</listitem>

<listitem>
hashed with the Apache variant of the MD5-based password algorithm (apr1);
can be generated with the same tools;
</listitem>

<listitem>
specified by the
“<literal>{</literal><value>scheme</value><literal>}</literal><value>data</value>”
syntax (1.0.3+) as described in
<link url="http://tools.ietf.org/html/rfc2307#section-5.3">RFC 2307</link>;
currently implemented schemes include <literal>PLAIN</literal> (an example one,
should not be used) and <literal>SSHA</literal> (salted SHA-1 hashing, used
by some software packages, notably OpenLDAP and Dovecot).
</listitem>

</list>
</para>

</directive>

</section>

</module>