Modules |Directives |FAQ |Glossary |Sitemap
Apache HTTP Server Version 2.4
| Description: | Core Authentication |
|---|---|
| Status: | Base |
| Module Identifier: | authn_core_module |
| Source File: | mod_authn_core.c |
| Compatibility: | Available in Apache 2.3 and later |
This module provides core authentication capabilities to allow or deny access to portions of the web site.mod_authn_core provides directives that are common to all authentication providers.
Extended authentication providers can be created within the configuration file and assigned an alias name. The alias providers can then be referenced through the directivesAuthBasicProvider orAuthDigestProvider in the same way as a base authentication provider. Besides the ability to create and alias an extended provider, it also allows the same extended authentication provider to be reference by multiple locations.
This example checks for passwords in two different text files.
# Check here first<AuthnProviderAlias file file1> AuthUserFile "/www/conf/passwords1"</AuthnProviderAlias># Then check here<AuthnProviderAlias file file2> AuthUserFile "/www/conf/passwords2"</AuthnProviderAlias><Directory "/var/web/pages/secure"> AuthBasicProvider file1 file2 AuthType Basic AuthName "Protected Area" Require valid-user</Directory>
The example below creates two different ldap authentication provider aliases based on the ldap provider. This allows a single authenticated location to be serviced by multiple ldap hosts:
<AuthnProviderAlias ldap ldap-alias1> AuthLDAPBindDN cn=youruser,o=ctx AuthLDAPBindPassword yourpassword AuthLDAPURL ldap://ldap.host/o=ctx</AuthnProviderAlias><AuthnProviderAlias ldap ldap-other-alias> AuthLDAPBindDN cn=yourotheruser,o=dev AuthLDAPBindPassword yourotherpassword AuthLDAPURL ldap://other.ldap.host/o=dev?cn</AuthnProviderAlias>Alias "/secure" "/webpages/secure"<Directory "/webpages/secure"> AuthBasicProvider ldap-other-alias ldap-alias1 AuthType Basic AuthName "LDAP Protected Place" Require valid-user # Note that Require ldap-* would not work here, since the # AuthnProviderAlias does not provide the config to authorization providers # that are implemented in the same module as the authentication provider.</Directory>
| Description: | Authorization realm for use in HTTPauthentication |
|---|---|
| Syntax: | AuthNameauth-domain |
| Context: | directory, .htaccess |
| Override: | AuthConfig |
| Status: | Base |
| Module: | mod_authn_core |
This directive sets the name of the authorization realm for a directory. This realm is given to the client so that the user knows which username and password to send.AuthName takes a single argument; if the realm name contains spaces, it must be enclosed in quotation marks. It must be accompanied byAuthType andRequire directives, and directives such asAuthUserFile andAuthGroupFile to work.
For example:
AuthName "Top Secret"
The string provided for theAuthName is what will appear in the password dialog provided by most browsers.
From 2.4.55,expression syntax can be used inside the directive to produce the name dynamically.
For example:
AuthName "%{HTTP_HOST}"| Description: | Enclose a group of directives that represent anextension of a base authentication provider and referenced bythe specified alias |
|---|---|
| Syntax: | <AuthnProviderAliasbaseProvider Alias>... </AuthnProviderAlias> |
| Context: | server config |
| Status: | Base |
| Module: | mod_authn_core |
<AuthnProviderAlias> and</AuthnProviderAlias> are used to enclose a group of authentication directives that can be referenced by the alias name using one of the directives AuthBasicProvider or AuthDigestProvider.
| Description: | Type of user authentication |
|---|---|
| Syntax: | AuthType None|Basic|Digest|Form |
| Context: | directory, .htaccess |
| Override: | AuthConfig |
| Status: | Base |
| Module: | mod_authn_core |
This directive selects the type of user authentication for a directory. The authentication types available areNone,Basic (implemented bymod_auth_basic),Digest (implemented bymod_auth_digest), andForm (implemented bymod_auth_form).
To implement authentication, you must also use theAuthName andRequire directives. In addition, the server must have an authentication-provider module such asmod_authn_file and an authorization module such asmod_authz_user.
The authentication typeNone disables authentication. When authentication is enabled, it is normally inherited by each subsequentconfiguration section, unless a different authentication type is specified. If no authentication is desired for a subsection of an authenticated section, the authentication typeNone may be used; in the following example, clients may access the/www/docs/public directory without authenticating:
<Directory "/www/docs"> AuthType Basic AuthName Documents AuthBasicProvider file AuthUserFile "/usr/local/apache/passwd/passwords" Require valid-user</Directory><Directory "/www/docs/public"> AuthType None Require all granted</Directory>
From 2.4.55,expression syntax can be used inside the directive to specify the type dynamically.
Copyright 2025 The Apache Software Foundation.
Licensed under theApache License, Version 2.0.