Mercurial > hg > nginx-site

annotate xml/en/docs/http/ngx_http_auth_basic_module.xml @ 3095:aea3e104f11d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Reworked auth_basic_user_file documentation. Some extra details about crypt(3) are provided, emphasizing modular crypt() usage and commonly available password hashing methods. Also, added some examples on how to use "openssl passwd" to generate password hashes, made it clear that {SSHA} passwords are not secure now, and added a note about passwords being validated on each request.
author Maxim Dounin <mdounin@mdounin.ru>
date Sat, 31 Aug 2024 05:19:25 +0300
parents 9eadb98ec770
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
315
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
1 <?xml version="1.0"?>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
2
580
be54c443235a Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents: 494
diff changeset
3 <!--
be54c443235a Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents: 494
diff changeset
4 Copyright (C) Igor Sysoev
be54c443235a Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents: 494
diff changeset
5 Copyright (C) Nginx, Inc.
be54c443235a Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents: 494
diff changeset
6 -->
be54c443235a Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents: 494
diff changeset
7
315
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
9
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
10 <module name="Module ngx_http_auth_basic_module"
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
11 link="/en/docs/http/ngx_http_auth_basic_module.html"
589
764fbac1b8b4 Added document revision.
Ruslan Ermilov <ru@nginx.com>
parents: 580
diff changeset
12 lang="en"
3095
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
13 rev="12">
315
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
14
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
15 <section id="summary">
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
16
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
17 <para>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
18 The <literal>ngx_http_auth_basic_module</literal> module allows
966
95c3c3bbf1ce Text review.
Egor Nikitin <yegor.nikitin@gmail.com>
parents: 840
diff changeset
19 limiting access to resources by validating the user name and password
315
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
20 using the “HTTP Basic Authentication” protocol.
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
21 </para>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
22
494
244500f24783 - Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents: 351
diff changeset
23 <para>
244500f24783 - Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents: 351
diff changeset
24 Access can also be limited by
3043
9eadb98ec770 Free nginx: removed commercial version documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 2831
diff changeset
25 <link doc="ngx_http_access_module.xml">address</link> or by the
9eadb98ec770 Free nginx: removed commercial version documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 2831
diff changeset
26 <link doc="ngx_http_auth_request_module.xml">result of subrequest</link>.
494
244500f24783 - Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents: 351
diff changeset
27 Simultaneous limitation of access by address and by password is controlled
244500f24783 - Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents: 351
diff changeset
28 by the <link doc="ngx_http_core_module.xml" id="satisfy"/> directive.
244500f24783 - Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents: 351
diff changeset
29 </para>
244500f24783 - Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents: 351
diff changeset
30
315
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
31 </section>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
32
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
33
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
34 <section id="example" name="Example Configuration">
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
35
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
36 <para>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
37 <example>
351
a4fa80755eab Consistently strip initial offset in examples.
Ruslan Ermilov <ru@nginx.com>
parents: 315
diff changeset
38 location / {
a4fa80755eab Consistently strip initial offset in examples.
Ruslan Ermilov <ru@nginx.com>
parents: 315
diff changeset
39 auth_basic "closed site";
a4fa80755eab Consistently strip initial offset in examples.
Ruslan Ermilov <ru@nginx.com>
parents: 315
diff changeset
40 auth_basic_user_file conf/htpasswd;
a4fa80755eab Consistently strip initial offset in examples.
Ruslan Ermilov <ru@nginx.com>
parents: 315
diff changeset
41 }
315
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
42 </example>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
43 </para>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
44
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
45 </section>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
46
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
47
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
48 <section id="directives" name="Directives">
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
49
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
50 <directive name="auth_basic">
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
51 <syntax><value>string</value> | <literal>off</literal></syntax>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
52 <default>off</default>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
53 <context>http</context>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
54 <context>server</context>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
55 <context>location</context>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
56 <context>limit_except</context>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
57
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
58 <para>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
59 Enables validation of user name and password using the
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
60 “HTTP Basic Authentication” protocol.
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
61 The specified parameter is used as a <value>realm</value>.
966
95c3c3bbf1ce Text review.
Egor Nikitin <yegor.nikitin@gmail.com>
parents: 840
diff changeset
62 Parameter value can contain variables (1.3.10, 1.2.7).
2593
eeed494bba51 Unified phrases about configuration levels and inheritance.
Ruslan Ermilov <ru@nginx.com>
parents: 1923
diff changeset
63 The special value <literal>off</literal> cancels the effect
784
7d15bd7fc58d The "auth_basic" directive now supports variables.
Ruslan Ermilov <ru@nginx.com>
parents: 655
diff changeset
64 of the <literal>auth_basic</literal> directive
7d15bd7fc58d The "auth_basic" directive now supports variables.
Ruslan Ermilov <ru@nginx.com>
parents: 655
diff changeset
65 inherited from the previous configuration level.
315
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
66 </para>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
67
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
68 </directive>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
69
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
70
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
71 <directive name="auth_basic_user_file">
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
72 <syntax><value>file</value></syntax>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
73 <default/>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
74 <context>http</context>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
75 <context>server</context>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
76 <context>location</context>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
77 <context>limit_except</context>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
78
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
79 <para>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
80 Specifies a file that keeps user names and passwords,
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
81 in the following format:
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
82 <example>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
83 # comment
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
84 name1:password1
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
85 name2:password2:comment
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
86 name3:password3
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
87 </example>
1560
dad3af7a1019 Documented variables support in auth_basic_user_file.
Ruslan Ermilov <ru@nginx.com>
parents: 990
diff changeset
88 The <value>file</value> name can contain variables.
315
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
89 </para>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
90
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
91 <para>
3095
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
92 Passwords are expected to be encrypted by the
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
93 <link url="https://en.wikipedia.org/wiki/Crypt_(C)">crypt() function</link>.
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
94 All password hashing methods as supported by the OS can be used.
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
95 In particular, the following <c-func>crypt</c-func> hashing methods are
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
96 commonly available:
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
97
655
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
98 <list type="bullet">
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
99
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
100 <listitem>
3095
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
101 MD5-based <c-func>crypt</c-func> method, <literal>$1$</literal>;
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
102 </listitem>
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
103
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
104 <listitem>
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
105 SHA256-based <c-func>crypt</c-func> method, <literal>$5$</literal>;
655
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
106 </listitem>
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
107
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
108 <listitem>
3095
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
109 SHA512-based <c-func>crypt</c-func> method, <literal>$6$</literal>.
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
110 </listitem>
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
111
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
112 </list>
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
113 </para>
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
114
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
115 <para>
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
116 Additionally, the following cross-platform password types are supported:
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
117
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
118 <list type="bullet">
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
119
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
120 <listitem>
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
121 hashed with the Apache variant of the MD5-based <c-func>crypt</c-func>
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
122 method (<literal>$apr1$</literal>);
655
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
123 </listitem>
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
124
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
125 <listitem>
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
126 specified by the
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
127 “<literal>{</literal><value>scheme</value><literal>}</literal><value>data</value>”
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
128 syntax (1.0.3+) as described in
2831
4add6ae1296f Updated links to datatracker.ietf.org.
Sergey Kandaurov <pluknet@nginx.com>
parents: 2593
diff changeset
129 <link url="https://datatracker.ietf.org/doc/html/rfc2307#section-5.3">RFC 2307</link>;
3095
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
130 supported schemes are
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
131 <literal>PLAIN</literal> (an example one, should not be used),
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
132 <literal>SHA</literal> (1.3.13) (plain SHA-1 hashing,
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
133 insecure and should not be used),
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
134 and <literal>SSHA</literal> (salted SHA-1 hashing,
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
135 also insecure by today's standards).
655
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
136 </listitem>
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
137
93d2a54d247c Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents: 589
diff changeset
138 </list>
315
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
139 </para>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
140
3095
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
141 <para>
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
142 Password hashes for common hashing methods can be generated using
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
143 the “<command>openssl passwd</command>” command, for example:
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
144
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
145 <example>
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
146 $ openssl passwd -apr1 secret
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
147 $apr1$x/muFo1c$zwUN24M2TEq.6wg0AZacn0
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
148 </example>
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
149 <example>
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
150 $ openssl passwd -6 secret
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
151 $6$FjZ1ss8ytcGmrGFY$1fopTJLuLUGCRlv2YcRPIsZk9uaD9NBOGcKsUay/BLV3RR1ol0ONS08oPTVqA4XBkZ44M7OL4K6NjP9xPKShP0
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
152 </example>
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
153 </para>
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
154
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
155 <para>
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
156 Note that HTTP Basic Authentication implies password validation on each
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
157 request, and password hashing method should be choosen with this in mind.
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
158 </para>
aea3e104f11d Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3043
diff changeset
159
315
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
160 </directive>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
161
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
162 </section>
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
163
e00f8f8c0486 Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
164 </module>