[svnbook] r4335 committed - Finish issue 58 ("plain password authentication with Apache")....
svnbook at googlecode.com
svnbook at googlecode.com
Fri Jan 18 14:13:56 CST 2013
Revision: 4335
Author: cmpilato at gmail.com
Date: Fri Jan 18 12:13:41 2013
Log: Finish issue 58 ("plain password authentication with Apache").
* en/book/ch06-server-configuration.xml
(svn.serverconfig.httpd.authn.basic, svn.serverconfig.httpd.authn.digest):
Point out which Apache modules are required for Basic and Digest
authentication, as well as the way to select the file-based authn
provider for those types.
http://code.google.com/p/svnbook/source/detail?r=4335
Modified:
/trunk/en/book/ch06-server-configuration.xml
=======================================
--- /trunk/en/book/ch06-server-configuration.xml Fri Jan 18 07:40:18 2013
+++ /trunk/en/book/ch06-server-configuration.xml Fri Jan 18 12:13:41 2013
@@ -1949,10 +1949,29 @@
$
</screen>
</informalexample>
+
+ <para>Next, ensure that Apache has access to the modules which
+ provide the Basic authentication and related
+ functionality: <literal>mod_auth_basic</literal>,
+ <literal>mod_authn_file</literal>, and
+ <literal>mod_authz_user</literal>. In many cases, these
+ modules are compiled into <command>httpd</command> itself,
+ but if not, you might need to explicitly load one or more of
+ them using the <literal>LoadModule</literal> directive:</para>
- <para>Next, add some more directives inside the
- <literal><Location></literal> block to tell Apache how
- to use the password file:</para>
+ <informalexample>
+ <programlisting>
+LoadModule auth_basic_module modules/mod_auth_basic.so
+LoadModule authn_file_module modules/mod_authn_file.so
+LoadModule authz_user_module moduels/mod_authz_user.so
+</programlisting>
+ </informalexample>
+
+ <para>After ensuring the Apache has access to the required
+ functionality, you'll need to add some more directives
+ inside the <literal><Location></literal> block to tell
+ Apache what type of authentication you wish to use, and just
+ how to to so:</para>
<informalexample>
<programlisting>
@@ -1963,6 +1982,7 @@
# Authentication: Basic
AuthName "Subversion repository"
AuthType Basic
+ AuthBasicProvider file
AuthUserFile /etc/svn-auth.htpasswd
</Location>
</programlisting>
@@ -1982,6 +2002,12 @@
authentication to use.</para>
</listitem>
<listitem>
+ <para><literal>AuthBasicProvider</literal> specifies the
+ Basic authentication provider to use for the location.
+ In our example, we wish to consult a local password
+ file.</para>
+ </listitem>
+ <listitem>
<para><literal>AuthUserFile</literal> specifies the
location of the password file to use.</para>
</listitem>
@@ -2008,6 +2034,7 @@
# Authentication: Basic
AuthName "Subversion repository"
AuthType Basic
+ AuthBasicProvider file
AuthUserFile /etc/svn-auth.htpasswd
# Authorization: Authenticated users only
@@ -2020,6 +2047,17 @@
for more detail on the <literal>Require</literal> directive
and other ways to set authorization policies.</para>
+ <note>
+ <para>The default value of the
+ <literal>AuthBasicProvider</literal> option is
+ <literal>file</literal>, so we won't bother including
+ it in future examples. Just know that if in a broader
+ context you've set this value to something else, you'll
+ need to explicitly reset it to <literal>file</literal>
+ within your Subversion <literal><Location></literal>
+ block in order to get that behavior.</para>
+ </note>
+
</sect3>
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-->
@@ -2037,8 +2075,10 @@
verifies that the hashes match.</para>
<para>Configuring Apache to use Digest authentication is
- straightforward, with only small variations on our prior
- example:</para>
+ straightforward. You'll need to ensure that
+ the <literal>mod_auth_digest</literal> module is available
+ (instead of <literal>mod_auth_basic</literal>), and then
+ make a few small variations on our prior example:</para>
<informalexample>
<programlisting>
@@ -2049,6 +2089,7 @@
# Authentication: Digest
AuthName "Subversion repository"
AuthType Digest
+ AuthDigestProvider file
AuthUserFile /etc/svn-auth.htdigest
# Authorization: Authenticated users only
@@ -2060,16 +2101,28 @@
<para>Notice that <literal>AuthType</literal> is now set to
<literal>Digest</literal>, and we specify a different path
for <literal>AuthUserFile</literal>. Digest authentication
- uses a different file format than Basic authentication; it
- is created using Apache's <command>htdigest</command>
+ uses a different file format than Basic authentication,
+ created and managed using Apache's <command>htdigest</command>
utility<footnote><para>See
<ulink
url="http://httpd.apache.org/docs/current/programs/htdigest.html"
- />.</para></footnote> rather
- than <command>htpasswd</command>. Digest authentication
- also has the additional concept of a
+ />.</para></footnote> rather than <command>htpasswd</command>.
+ Digest authentication also has the additional concept of a
<quote>realm</quote>, which must match the value of the
- <literal>AuthName</literal> directive. The password file
- can be created as follows:</para>
+ <literal>AuthName</literal> directive.</para>
+
+ <note>
+ <para>For digest authentication, the authentication provider
+ is selected using the <literal>AuthDigestProvider</literal>
+ as shown in the previous example. As was the case with
+ the <literal>AuthBasicProvider</literal> directive,
+ <literal>file</literal> is the default value of the
+ <literal>AuthDigestProvider</literal> option, so this
+ line is not strictly required unless you need to override
+ a different value thereof inherited from a broader
+ configuration context.</para>
+ </note>
+
+ <para>The password file can be created as follows:</para>
<informalexample>
<screen>
More information about the svnbook-dev
mailing list