Mercurial > hg > nginx-site
annotate xml/en/docs/http/ngx_http_auth_basic_module.xml @ 3099:9cfda14d0109 default tip
freenginx-1.27.4
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 03 Sep 2024 13:15:18 +0300 |
parents | aea3e104f11d |
children |
rev | line source |
---|---|
315
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
1 <?xml version="1.0"?> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
2 |
580
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
494
diff
changeset
|
3 <!-- |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
494
diff
changeset
|
4 Copyright (C) Igor Sysoev |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
494
diff
changeset
|
5 Copyright (C) Nginx, Inc. |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
494
diff
changeset
|
6 --> |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
494
diff
changeset
|
7 |
315
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
9 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
10 <module name="Module ngx_http_auth_basic_module" |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
11 link="/en/docs/http/ngx_http_auth_basic_module.html" |
589 | 12 lang="en" |
3095
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
13 rev="12"> |
315
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
14 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
15 <section id="summary"> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
16 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
17 <para> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
18 The <literal>ngx_http_auth_basic_module</literal> module allows |
966 | 19 limiting access to resources by validating the user name and password |
315
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
20 using the “HTTP Basic Authentication” protocol. |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
21 </para> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
22 |
494
244500f24783
- Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents:
351
diff
changeset
|
23 <para> |
244500f24783
- Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents:
351
diff
changeset
|
24 Access can also be limited by |
3043
9eadb98ec770
Free nginx: removed commercial version documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
2831
diff
changeset
|
25 <link doc="ngx_http_access_module.xml">address</link> or by the |
9eadb98ec770
Free nginx: removed commercial version documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
2831
diff
changeset
|
26 <link doc="ngx_http_auth_request_module.xml">result of subrequest</link>. |
494
244500f24783
- Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents:
351
diff
changeset
|
27 Simultaneous limitation of access by address and by password is controlled |
244500f24783
- Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents:
351
diff
changeset
|
28 by the <link doc="ngx_http_core_module.xml" id="satisfy"/> directive. |
244500f24783
- Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents:
351
diff
changeset
|
29 </para> |
244500f24783
- Cross linked ngx_http_access_module and ngx_http_auth_basic_module,
Ruslan Ermilov <ru@nginx.com>
parents:
351
diff
changeset
|
30 |
315
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
31 </section> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
32 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
33 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
34 <section id="example" name="Example Configuration"> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
35 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
36 <para> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
37 <example> |
351
a4fa80755eab
Consistently strip initial offset in examples.
Ruslan Ermilov <ru@nginx.com>
parents:
315
diff
changeset
|
38 location / { |
a4fa80755eab
Consistently strip initial offset in examples.
Ruslan Ermilov <ru@nginx.com>
parents:
315
diff
changeset
|
39 auth_basic "closed site"; |
a4fa80755eab
Consistently strip initial offset in examples.
Ruslan Ermilov <ru@nginx.com>
parents:
315
diff
changeset
|
40 auth_basic_user_file conf/htpasswd; |
a4fa80755eab
Consistently strip initial offset in examples.
Ruslan Ermilov <ru@nginx.com>
parents:
315
diff
changeset
|
41 } |
315
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
42 </example> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
43 </para> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
44 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
45 </section> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
46 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
47 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
48 <section id="directives" name="Directives"> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
49 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
50 <directive name="auth_basic"> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
51 <syntax><value>string</value> | <literal>off</literal></syntax> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
52 <default>off</default> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
53 <context>http</context> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
54 <context>server</context> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
55 <context>location</context> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
56 <context>limit_except</context> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
57 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
58 <para> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
59 Enables validation of user name and password using the |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
60 “HTTP Basic Authentication” protocol. |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
61 The specified parameter is used as a <value>realm</value>. |
966 | 62 Parameter value can contain variables (1.3.10, 1.2.7). |
2593
eeed494bba51
Unified phrases about configuration levels and inheritance.
Ruslan Ermilov <ru@nginx.com>
parents:
1923
diff
changeset
|
63 The special value <literal>off</literal> cancels the effect |
784
7d15bd7fc58d
The "auth_basic" directive now supports variables.
Ruslan Ermilov <ru@nginx.com>
parents:
655
diff
changeset
|
64 of the <literal>auth_basic</literal> directive |
7d15bd7fc58d
The "auth_basic" directive now supports variables.
Ruslan Ermilov <ru@nginx.com>
parents:
655
diff
changeset
|
65 inherited from the previous configuration level. |
315
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
66 </para> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
67 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
68 </directive> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
69 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
70 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
71 <directive name="auth_basic_user_file"> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
72 <syntax><value>file</value></syntax> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
73 <default/> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
74 <context>http</context> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
75 <context>server</context> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
76 <context>location</context> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
77 <context>limit_except</context> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
78 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
79 <para> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
80 Specifies a file that keeps user names and passwords, |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
81 in the following format: |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
82 <example> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
83 # comment |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
84 name1:password1 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
85 name2:password2:comment |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
86 name3:password3 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
87 </example> |
1560
dad3af7a1019
Documented variables support in auth_basic_user_file.
Ruslan Ermilov <ru@nginx.com>
parents:
990
diff
changeset
|
88 The <value>file</value> name can contain variables. |
315
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
89 </para> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
90 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
91 <para> |
3095
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
92 Passwords are expected to be encrypted by the |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
93 <link url="https://en.wikipedia.org/wiki/Crypt_(C)">crypt() function</link>. |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
94 All password hashing methods as supported by the OS can be used. |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
95 In particular, the following <c-func>crypt</c-func> hashing methods are |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
96 commonly available: |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
97 |
655
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
98 <list type="bullet"> |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
99 |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
100 <listitem> |
3095
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
101 MD5-based <c-func>crypt</c-func> method, <literal>$1$</literal>; |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
102 </listitem> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
103 |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
104 <listitem> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
105 SHA256-based <c-func>crypt</c-func> method, <literal>$5$</literal>; |
655
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
106 </listitem> |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
107 |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
108 <listitem> |
3095
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
109 SHA512-based <c-func>crypt</c-func> method, <literal>$6$</literal>. |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
110 </listitem> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
111 |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
112 </list> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
113 </para> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
114 |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
115 <para> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
116 Additionally, the following cross-platform password types are supported: |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
117 |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
118 <list type="bullet"> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
119 |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
120 <listitem> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
121 hashed with the Apache variant of the MD5-based <c-func>crypt</c-func> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
122 method (<literal>$apr1$</literal>); |
655
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
123 </listitem> |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
124 |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
125 <listitem> |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
126 specified by the |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
127 “<literal>{</literal><value>scheme</value><literal>}</literal><value>data</value>” |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
128 syntax (1.0.3+) as described in |
2831
4add6ae1296f
Updated links to datatracker.ietf.org.
Sergey Kandaurov <pluknet@nginx.com>
parents:
2593
diff
changeset
|
129 <link url="https://datatracker.ietf.org/doc/html/rfc2307#section-5.3">RFC 2307</link>; |
3095
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
130 supported schemes are |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
131 <literal>PLAIN</literal> (an example one, should not be used), |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
132 <literal>SHA</literal> (1.3.13) (plain SHA-1 hashing, |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
133 insecure and should not be used), |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
134 and <literal>SSHA</literal> (salted SHA-1 hashing, |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
135 also insecure by today's standards). |
655
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
136 </listitem> |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
137 |
93d2a54d247c
Added information about supported password types.
Vladimir Homutov <vl@nginx.com>
parents:
589
diff
changeset
|
138 </list> |
315
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
139 </para> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
140 |
3095
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
141 <para> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
142 Password hashes for common hashing methods can be generated using |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
143 the “<command>openssl passwd</command>” command, for example: |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
144 |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
145 <example> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
146 $ openssl passwd -apr1 secret |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
147 $apr1$x/muFo1c$zwUN24M2TEq.6wg0AZacn0 |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
148 </example> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
149 <example> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
150 $ openssl passwd -6 secret |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
151 $6$FjZ1ss8ytcGmrGFY$1fopTJLuLUGCRlv2YcRPIsZk9uaD9NBOGcKsUay/BLV3RR1ol0ONS08oPTVqA4XBkZ44M7OL4K6NjP9xPKShP0 |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
152 </example> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
153 </para> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
154 |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
155 <para> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
156 Note that HTTP Basic Authentication implies password validation on each |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
157 request, and password hashing method should be choosen with this in mind. |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
158 </para> |
aea3e104f11d
Reworked auth_basic_user_file documentation.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3043
diff
changeset
|
159 |
315
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
160 </directive> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
161 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
162 </section> |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
163 |
e00f8f8c0486
Translated ngx_http_access_module, ngx_http_addition_module,
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
164 </module> |