Mercurial > hg > nginx-site
comparison xml/en/docs/mail/ngx_mail_auth_http_module.xml @ 1256:ebfcd76e23b6
Mail auth: corrected articles, rephrased some parts.
| author | Yaroslav Zhuravlev <yar@nginx.com> |
|---|---|
| date | Thu, 17 Jul 2014 15:21:10 +0400 |
| parents | e48d4309e7f2 |
| children | 06322891b4e3 |
comparison
equal
deleted
inserted
replaced
| 1255:e48d4309e7f2 | 1256:ebfcd76e23b6 |
|---|---|
| 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> | 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
| 9 | 9 |
| 10 <module name="Module ngx_mail_auth_http_module" | 10 <module name="Module ngx_mail_auth_http_module" |
| 11 link="/en/docs/mail/ngx_mail_auth_http_module.html" | 11 link="/en/docs/mail/ngx_mail_auth_http_module.html" |
| 12 lang="en" | 12 lang="en" |
| 13 rev="4"> | 13 rev="5"> |
| 14 | 14 |
| 15 <section id="directives" name="Directives"> | 15 <section id="directives" name="Directives"> |
| 16 | 16 |
| 17 <directive name="auth_http"> | 17 <directive name="auth_http"> |
| 18 <syntax><value>URL</value></syntax> | 18 <syntax><value>URL</value></syntax> |
| 33 <default/> | 33 <default/> |
| 34 <context>mail</context> | 34 <context>mail</context> |
| 35 <context>server</context> | 35 <context>server</context> |
| 36 | 36 |
| 37 <para> | 37 <para> |
| 38 Appends the specified header to requests to the authentication server. | 38 Appends the specified header to requests sent to the authentication server. |
| 39 This header can be used as the shared secret to verify | 39 This header can be used as the shared secret to verify |
| 40 that the request comes from nginx. | 40 that the request comes from nginx. |
| 41 For example: | 41 For example: |
| 42 <example> | 42 <example> |
| 43 auth_http_header X-Auth-Key "secret_string"; | 43 auth_http_header X-Auth-Key "secret_string"; |
| 63 | 63 |
| 64 | 64 |
| 65 <section id="protocol" name="Protocol"> | 65 <section id="protocol" name="Protocol"> |
| 66 | 66 |
| 67 <para> | 67 <para> |
| 68 The HTTP is used to communicate with the authentication server. | 68 The HTTP protocol is used to communicate with the authentication server. |
| 69 The data in the response body is ignored, and the information is passed only in | 69 The data in the response body is ignored, the information is passed only in |
| 70 the headers. | 70 the headers. |
| 71 </para> | 71 </para> |
| 72 | 72 |
| 73 <para> | 73 <para> |
| 74 Examples of requests and responses: | 74 Examples of requests and responses: |
| 113 (the attempt number is passed in the <header>Auth-Login-Attempt</header> | 113 (the attempt number is passed in the <header>Auth-Login-Attempt</header> |
| 114 header). | 114 header). |
| 115 </para> | 115 </para> |
| 116 | 116 |
| 117 <para> | 117 <para> |
| 118 When the APOP or CRAM-MD5 are used, a request-response will look as follows. | 118 When the APOP or CRAM-MD5 are used, request-response will look as follows: |
| 119 <example> | 119 <example> |
| 120 GET /auth HTTP/1.0 | 120 GET /auth HTTP/1.0 |
| 121 Host: localhost | 121 Host: localhost |
| 122 Auth-Method: apop | 122 Auth-Method: apop |
| 123 Auth-User: user | 123 Auth-User: user |
| 137 Auth-Pass: plain-text-pass | 137 Auth-Pass: plain-text-pass |
| 138 </example> | 138 </example> |
| 139 </para> | 139 </para> |
| 140 | 140 |
| 141 <para> | 141 <para> |
| 142 If the <header>Auth-User</header> header exists in a response, | 142 If the <header>Auth-User</header> header exists in the response, |
| 143 it overrides the username used to authenticate with the backend. | 143 it overrides the username used to authenticate with the backend. |
| 144 </para> | 144 </para> |
| 145 | 145 |
| 146 <para> | 146 <para> |
| 147 For the SMTP, the response additionally takes into account | 147 For the SMTP, the response additionally takes into account |
| 148 the <header>Auth-Error-Code</header> header — if exists, it is used | 148 the <header>Auth-Error-Code</header> header — if exists, it is used |
| 149 as a response code in case of an error. | 149 as a response code in case of an error. |
| 150 Otherwise, the 535 5.7.0 code will be added to | 150 Otherwise, the 535 5.7.0 code will be added to |
| 151 the <header>Auth-Status</header>. | 151 the <header>Auth-Status</header> header. |
| 152 </para> | 152 </para> |
| 153 | 153 |
| 154 <para> | 154 <para> |
| 155 For example, if the following response is received | 155 For example, if the following response is received |
| 156 from the authentication server: | 156 from the authentication server: |
| 166 </example> | 166 </example> |
| 167 </para> | 167 </para> |
| 168 | 168 |
| 169 <para> | 169 <para> |
| 170 If proxying SMTP does not require authentication, | 170 If proxying SMTP does not require authentication, |
| 171 a request will look as follows. | 171 the request will look as follows: |
| 172 <example> | 172 <example> |
| 173 GET /auth HTTP/1.0 | 173 GET /auth HTTP/1.0 |
| 174 Host: localhost | 174 Host: localhost |
| 175 Auth-Method: none | 175 Auth-Method: none |
| 176 Auth-User: | 176 Auth-User: |