Mercurial > hg > nginx-site
view xml/en/docs/http/ngx_http_auth_basic_module.xml @ 1093:e9d8300a46ef
Fixup previous commit.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 04 Mar 2014 19:22:07 +0400 |
parents | f10ebd7c60b4 |
children | dad3af7a1019 |
line wrap: on
line source
<?xml version="1.0"?> <!-- Copyright (C) Igor Sysoev Copyright (C) Nginx, Inc. --> <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> <module name="Module ngx_http_auth_basic_module" link="/en/docs/http/ngx_http_auth_basic_module.html" lang="en" rev="6"> <section id="summary"> <para> The <literal>ngx_http_auth_basic_module</literal> module allows limiting access to resources by validating the user name and password using the “HTTP Basic Authentication” protocol. </para> <para> Access can also be limited by <link doc="ngx_http_access_module.xml">address</link> or by the <link doc="ngx_http_auth_request_module.xml">result of subrequest</link>. Simultaneous limitation of access by address and by password is controlled by the <link doc="ngx_http_core_module.xml" id="satisfy"/> directive. </para> </section> <section id="example" name="Example Configuration"> <para> <example> location / { auth_basic "closed site"; auth_basic_user_file conf/htpasswd; } </example> </para> </section> <section id="directives" name="Directives"> <directive name="auth_basic"> <syntax><value>string</value> | <literal>off</literal></syntax> <default>off</default> <context>http</context> <context>server</context> <context>location</context> <context>limit_except</context> <para> Enables validation of user name and password using the “HTTP Basic Authentication” protocol. The specified parameter is used as a <value>realm</value>. Parameter value can contain variables (1.3.10, 1.2.7). The special value <literal>off</literal> allows cancelling the effect of the <literal>auth_basic</literal> directive inherited from the previous configuration level. </para> </directive> <directive name="auth_basic_user_file"> <syntax><value>file</value></syntax> <default/> <context>http</context> <context>server</context> <context>location</context> <context>limit_except</context> <para> Specifies a file that keeps user names and passwords, in the following format: <example> # comment name1:password1 name2:password2:comment name3:password3 </example> </para> <para> The following password types are supported: <list type="bullet"> <listitem> encrypted with the <c-func>crypt</c-func> function; can be generated using the “<command>htpasswd</command>” utility from the Apache HTTP Server distribution or the “<command>openssl passwd</command>” command; </listitem> <listitem> hashed with the Apache variant of the MD5-based password algorithm (apr1); can be generated with the same tools; </listitem> <listitem> specified by the “<literal>{</literal><value>scheme</value><literal>}</literal><value>data</value>” syntax (1.0.3+) as described in <link url="http://tools.ietf.org/html/rfc2307#section-5.3">RFC 2307</link>; currently implemented schemes include <literal>PLAIN</literal> (an example one, should not be used), <literal>SHA</literal> (1.3.13) (plain SHA-1 hashing, should not be used) and <literal>SSHA</literal> (salted SHA-1 hashing, used by some software packages, notably OpenLDAP and Dovecot). <note> Support for <literal>SHA</literal> scheme was added only to aid in migration from other web servers. It should not be used for new passwords, since unsalted SHA-1 hashing that it employs is vulnerable to <link url="http://en.wikipedia.org/wiki/Rainbow_attack">rainbow table</link> attacks. </note> </listitem> </list> </para> </directive> </section> </module>