Apache HTTP Server Version 2.2
Please note
This document refers to the 2.2 version of Apache httpd, which is no longer maintained. The active release is documented here. If you have not already upgraded, please follow this link for more information.
You may follow this link to go to the current version of this document.
Directive
| Description: | Sets whether authorization and authentication are passed to lower level modules |
|---|---|
| Syntax: | AuthBasicAuthoritative On|Off |
| Default: | AuthBasicAuthoritative On |
| Context: | directory, .htaccess |
| Override: | AuthConfig |
| Status: | Base |
| Module: | mod_auth_basic |
Normally, each authorization module listed in AuthBasicProvider will attempt
to verify the user, and if the user is not found in any provider,
access will be denied. Setting the
AuthBasicAuthoritative directive explicitly
to Off allows for both authentication and
authorization to be passed on to other non-provider-based modules
if there is no userID or rule
matching the supplied userID. This should only be necessary when
combining mod_auth_basic with third-party modules
that are not configured with the AuthBasicProvider
directive. When using such modules, the order of processing
is determined in the modules' source code and is not configurable.
AuthBasicProvider Directive
| Description: | Sets the authentication provider(s) for this location |
|---|---|
| Syntax: | AuthBasicProvider provider-name
[provider-name] ... |
| Default: | AuthBasicProvider file |
| Context: | directory, .htaccess |
| Override: | AuthConfig |
| Status: | Base |
| Module: | mod_auth_basic |
The AuthBasicProvider directive sets
which provider is used to authenticate the users for this location.
The default file provider is implemented
by the mod_authn_file module. Make sure
that the chosen provider module is present in the server.
Example
<Location /secure>
AuthType basic
AuthName "private area"
AuthBasicProvider dbm
AuthDBMType SDBM
AuthDBMUserFile /www/etc/dbmpasswd
Require valid-user
</Location>
Providers are queried in order until a provider finds a match for the requested username, at which point this sole provider will attempt to check the password. A failure to verify the password does not result in control being passed on to subsequent providers.
Providers are implemented by mod_authn_dbm,
mod_authn_file, mod_authn_dbd,
and mod_authnz_ldap.
Comments
Notice:
This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our mailing lists.