Mercurial > hg > nginx-site
annotate xml/en/docs/http/ngx_http_auth_basic_module.xml @ 3095:aea3e104f11d
Reworked auth_basic_user_file documentation.
Some extra details about crypt(3) are provided, emphasizing modular
crypt() usage and commonly available password hashing methods. Also,
added some examples on how to use "openssl passwd" to generate password
hashes, made it clear that {SSHA} passwords are not secure now, and
added a note about passwords being validated on each request.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Sat, 31 Aug 2024 05:19:25 +0300 |
parents | 9eadb98ec770 |
children |
rev | line source |
---|---|
315
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
1 <?xml version="1.0"?> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
2 |
580
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
494
diff
changeset
|
3 <!-- |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
494
diff
changeset
|
4 Copyright (C) Igor Sysoev |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
494
diff
changeset
|
5 Copyright (C) Nginx, Inc. |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
494
diff
changeset
|
6 --> |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
494
diff
changeset
|
7 |
315
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
9 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
10 <module name="Module ngx_http_auth_basic_module" |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
11 link="/en/docs/http/ngx_http_auth_basic_module.html" |
589 | 12 lang="en" |
3095
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
13 rev="12"> |
315
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
14 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
15 <section id="summary"> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
16 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
17 <para> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
18 The <literal>ngx_http_auth_basic_module</literal> module allows |
966 | 19 limiting access to resources by validating the user name and password |
315
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
20 using the “HTTP Basic Authentication” protocol. |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
21 </para> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
22 |
494
244500f24783
- Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents:
351
diff
changeset
|
23 <para> |
244500f24783
- Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents:
351
diff
changeset
|
24 Access can also be limited by |
3043
9eadb98ec770
Free nginx: removed commercial version documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
2831
diff
changeset
|
25 <link doc="ngx_http_access_module.xml">address</link> or by the |
9eadb98ec770
Free nginx: removed commercial version documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
2831
diff
changeset
|
26 <link doc="ngx_http_auth_request_module.xml">result of subrequest</link>. |
494
244500f24783
- Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents:
351
diff
changeset
|
27 Simultaneous limitation of access by address and by password is controlled |
244500f24783
- Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents:
351
diff
changeset
|
28 by the <link doc="ngx_http_core_module.xml" id="satisfy"/> directive. |
244500f24783
- Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents:
351
diff
changeset
|
29 </para> |
244500f24783
- Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents:
351
diff
changeset
|
30 |
315
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
31 </section> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
32 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
33 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
34 <section id="example" name="Example Configuration"> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
35 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
36 <para> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
37 <example> |
351
a4fa80755eab
Consistently strip initial offset in examples.
Ruslan Ermilov <ru@nginx.com>
parents:
315
diff
changeset
|
38 location / { |
a4fa80755eab
Consistently strip initial offset in examples.
Ruslan Ermilov <ru@nginx.com>
parents:
315
diff
changeset
|
39 auth_basic "closed site"; |
a4fa80755eab
Consistently strip initial offset in examples.
Ruslan Ermilov <ru@nginx.com>
parents:
315
diff
changeset
|
40 auth_basic_user_file conf/htpasswd; |
a4fa80755eab
Consistently strip initial offset in examples.
Ruslan Ermilov <ru@nginx.com>
parents:
315
diff
changeset
|
41 } |
315
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
42 </example> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
43 </para> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
44 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
45 </section> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
46 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
47 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
48 <section id="directives" name="Directives"> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
49 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
50 <directive name="auth_basic"> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
51 <syntax><value>string</value> | <literal>off</literal></syntax> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
52 <default>off</default> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
53 <context>http</context> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
54 <context>server</context> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
55 <context>location</context> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
56 <context>limit_except</context> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
57 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
58 <para> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
59 Enables validation of user name and password using the |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
60 “HTTP Basic Authentication” protocol. |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
61 The specified parameter is used as a <value>realm</value>. |
966 | 62 Parameter value can contain variables (1.3.10, 1.2.7). |
2593
eeed494bba51
Unified phrases about configuration levels and inheritance.
Ruslan Ermilov <ru@nginx.com>
parents:
1923
diff
changeset
|
63 The special value <literal>off</literal> cancels the effect |
784
7d15bd7fc58d
The "auth_basic" directive now supports variables.
Ruslan Ermilov <ru@nginx.com>
parents:
655
diff
changeset
|
64 of the <literal>auth_basic</literal> directive |
7d15bd7fc58d
The "auth_basic" directive now supports variables.
Ruslan Ermilov <ru@nginx.com>
parents:
655
diff
changeset
|
65 inherited from the previous configuration level. |
315
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
66 </para> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
67 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
68 </directive> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
69 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
70 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
71 <directive name="auth_basic_user_file"> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
72 <syntax><value>file</value></syntax> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
73 <default/> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
74 <context>http</context> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
75 <context>server</context> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
76 <context>location</context> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
77 <context>limit_except</context> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
78 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
79 <para> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
80 Specifies a file that keeps user names and passwords, |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
81 in the following format: |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
82 <example> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
83 # comment |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
84 name1:password1 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
85 name2:password2:comment |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
86 name3:password3 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
87 </example> |
1560
dad3af7a1019
Documented variables support in auth_basic_user_file.
Ruslan Ermilov <ru@nginx.com>
parents:
990
diff
changeset
|
88 The <value>file</value> name can contain variables. |
315
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
89 </para> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
90 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
91 <para> |
3095
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
92 Passwords are expected to be encrypted by the |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
93 <link url="https://en.wikipedia.org/wiki/Crypt_(C)">crypt() function</link>. |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
94 All password hashing methods as supported by the OS can be used. |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
95 In particular, the following <c-func>crypt</c-func> hashing methods are |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
96 commonly available: |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
97 |
655
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
98 <list type="bullet"> |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
99 |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
100 <listitem> |
3095
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
101 MD5-based <c-func>crypt</c-func> method, <literal>$1$</literal>; |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
102 </listitem> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
103 |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
104 <listitem> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
105 SHA256-based <c-func>crypt</c-func> method, <literal>$5$</literal>; |
655
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
106 </listitem> |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
107 |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
108 <listitem> |
3095
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
109 SHA512-based <c-func>crypt</c-func> method, <literal>$6$</literal>. |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
110 </listitem> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
111 |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
112 </list> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
113 </para> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
114 |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
115 <para> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
116 Additionally, the following cross-platform password types are supported: |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
117 |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
118 <list type="bullet"> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
119 |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
120 <listitem> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
121 hashed with the Apache variant of the MD5-based <c-func>crypt</c-func> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
122 method (<literal>$apr1$</literal>); |
655
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
123 </listitem> |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
124 |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
125 <listitem> |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
126 specified by the |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
127 “<literal>{</literal><value>scheme</value><literal>}</literal><value>data</value>” |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
128 syntax (1.0.3+) as described in |
2831
4add6ae1296f
Updated links to datatracker.ietf.org.
Sergey Kandaurov <pluknet@nginx.com>
parents:
2593
diff
changeset
|
129 <link url="https://datatracker.ietf.org/doc/html/rfc2307#section-5.3">RFC 2307</link>; |
3095
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
130 supported schemes are |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
131 <literal>PLAIN</literal> (an example one, should not be used), |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
132 <literal>SHA</literal> (1.3.13) (plain SHA-1 hashing, |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
133 insecure and should not be used), |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
134 and <literal>SSHA</literal> (salted SHA-1 hashing, |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
135 also insecure by today's standards). |
655
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
136 </listitem> |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
137 |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
138 </list> |
315
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
139 </para> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
140 |
3095
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
141 <para> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
142 Password hashes for common hashing methods can be generated using |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
143 the “<command>openssl passwd</command>” command, for example: |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
144 |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
145 <example> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
146 $ openssl passwd -apr1 secret |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
147 $apr1$x/muFo1c$zwUN24M2TEq.6wg0AZacn0 |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
148 </example> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
149 <example> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
150 $ openssl passwd -6 secret |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
151 $6$FjZ1ss8ytcGmrGFY$1fopTJLuLUGCRlv2YcRPIsZk9uaD9NBOGcKsUay/BLV3RR1ol0ONS08oPTVqA4XBkZ44M7OL4K6NjP9xPKShP0 |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
152 </example> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
153 </para> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
154 |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
155 <para> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
156 Note that HTTP Basic Authentication implies password validation on each |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
157 request, and password hashing method should be choosen with this in mind. |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
158 </para> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
159 |
315
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
160 </directive> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
161 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
162 </section> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
163 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
164 </module> |