Changeset 1777
- Timestamp:
- 08/12/08 08:44:40 (3 months ago)
- Files:
-
- cherokee/trunk/doc/TOC.txt (modified) (2 diffs)
- cherokee/trunk/doc/modules_validators_htdigest.txt (modified) (3 diffs)
- cherokee/trunk/doc/modules_validators_htpasswd.txt (modified) (4 diffs)
- cherokee/trunk/doc/modules_validators_ldap.txt (modified) (2 diffs)
- cherokee/trunk/doc/modules_validators_pam.txt (modified) (2 diffs)
- cherokee/trunk/doc/modules_validators_plain.txt (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
cherokee/trunk/doc/TOC.txt
r1776 r1777 50 50 Embedding Cherokee <9> link:cookbook_embedding_cherokee.html[] 51 51 Managing logs <5> link:cookbook_managing_logs.html[] <rotations and cherokee-tweak?> 52 Authentication [8] <3> link:cookbook_authentication.html[ ]52 Authentication [8] <3> link:cookbook_authentication.html[Authentication] 53 53 SSL/TLS, certs [13]<6> link:cookbook_ssl.html[] 54 54 Setting up PHP <4> link:cookbook_php.html[] … … 82 82 - link:modules_loggers_w3c.html[w3c] 83 83 . link:modules_validators.html[Validators] 84 - link:modules_validators_plain.html[Plain] 85 - link:modules_validators_htpasswd.html[htpasswd] 86 - link:modules_validators_htdigest.html[htdigest] 84 87 ////// 85 - htdigest [7.2] link:modules_validators_htdigest.html[htdigest]86 - htpasswd [7.1] link:modules_validators_htpasswd.html[htpasswd]87 88 - ldap [7.1] link:modules_validators_ldap.html[LDAP] 88 89 - mysql [7.3] link:modules_validators_mysql.html[MySQL] 90 ////// 89 91 - link:modules_validators_pam.html[PAM] 90 - plain [7.5] link:modules_validators_plain.html[Plain]91 //////92 92 93 93 ********************************* cherokee/trunk/doc/modules_validators_htdigest.txt
r1647 r1777 1 Htdigest Validator 2 ~~~~~~~~~~~~~~~~~~ 1 Validator: Htdigest 2 ~~~~~~~~~~~~~~~~~~~ 3 3 4 The htdigest validator can use a flat-file generated by the Apache link:http://httpd.apache.org/docs/2.0/programs/htdigest.html[htdigest] 4 The htdigest validator can use a flat-file generated by the Apache 5 link:http://httpd.apache.org/docs/2.0/programs/htdigest.html[htdigest] 5 6 command. 6 7 … … 9 10 10 11 [grid="rows"] 11 ` `~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~12 `~~~~~~~~~~~~~~~`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 12 13 Parameter , Description 13 14 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ … … 23 24 ^^^^^^^ 24 25 26 Here is an example of what could be reflected in the 27 link:dev_cherokee.conf.html[cherokee.conf] configuration file after 28 setting up this authentication mechanism. Refer to the 29 link:cookbook_authentication.html[Authentication] recipe for a full 30 hands-on approach. 31 25 32 ---- 26 vserver!default!directory!/secret/! 33 vserver!10!rule!500!auth = htdigest 34 vserver!10!rule!500!auth!methods = basic 35 vserver!10!rule!500!auth!passwdfile = /var/www/passwd.htdigest 36 vserver!10!rule!500!auth!realm = secret 37 vserver!10!rule!500!match = directory 38 vserver!10!rule!500!match!directory = /auth 39 vserver!10!rule!500!match!final = 0 40 vserver!10!rule!500!only_secure = 0 27 41 ---- 28 29 cherokee/trunk/doc/modules_validators_htpasswd.txt
r1647 r1777 2 2 ~~~~~~~~~~~~~~~~~~ 3 3 4 This validator uses htpasswd files, which are very common on Apache web sever environments. 5 It stores one line per entry with the user name and a hash of the password. 4 This validator uses htpasswd files, which are very common on Apache 5 web sever environments. It stores one line per entry with the user 6 name and a hash of the password. 6 7 7 8 Cherokee supports the following hash algorithms: … … 11 12 * Apache MD5 12 13 * SHA1 13 * crypt. 14 * crypt. 14 15 15 The htpasswd validator can use a flat-file generated by the Apache 16 link:http://httpd.apache.org/docs/2.0/programs/htpasswd.html[htpasswd] 16 The htpasswd validator can use a flat-file generated by the Apache 17 link:http://httpd.apache.org/docs/2.0/programs/htpasswd.html[htpasswd] 17 18 command. 18 19 … … 21 22 22 23 [grid="rows"] 23 ` `~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~24 `~~~~~~~~~~~~~~~~`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 24 25 Parameter , Description 25 26 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ … … 34 35 Example 35 36 ^^^^^^^ 37 38 Here is an example of what could be reflected in the 39 link:dev_cherokee.conf.html[cherokee.conf] configuration file after 40 setting up this authentication mechanism. Refer to the 41 link:cookbook_authentication.html[Authentication] recipe for a full 42 hands-on approach. 43 36 44 ---- 37 vserver!default!directory!/secret/! 45 vserver!10!rule!500!auth = htpasswd 46 vserver!10!rule!500!auth!methods = basic 47 vserver!10!rule!500!auth!passwdfile = /var/www/passwd.htpasswd 48 vserver!10!rule!500!auth!realm = secret 49 vserver!10!rule!500!match = directory 50 vserver!10!rule!500!match!directory = /auth 51 vserver!10!rule!500!match!final = 0 52 vserver!10!rule!500!only_secure = 0 38 53 ---- 39 cherokee/trunk/doc/modules_validators_ldap.txt
r1724 r1777 1 LDAP Validator 2 ~~~~~~~~~~~~~~ 1 Validator: LDAP 2 ~~~~~~~~~~~~~~~ 3 3 The LDAP validator allows you to authenticate a user using the 4 4 Lightweight Directory Access Protocol v3. … … 8 8 9 9 [grid="rows"] 10 ` `~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~11 Parameter ,Description10 `~~~~~~~~~~~~~~~`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 11 Parameter , Description 12 12 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 13 __server__ ,Name of the host providing the LDAP service.14 __port__ ,Optional. Port number of the LDAP service. \13 __server__ , Name of the host providing the LDAP service. 14 __port__ , Optional. Port number of the LDAP service. \ 15 15 Default: __389__. 16 __binddn__ ,Optional. Bind Distinguished Name (`user`). If none \16 __binddn__ , Optional. Bind Distinguished Name (`user`). If none \ 17 17 is provided and anonymous bind will be attempted. 18 __bindpw__ ,Bind Password (`password`).19 __basedn__ ,Base Distinguished Name.20 __filter__ ,A filter that defines the conditions that must be \18 __bindpw__ , Bind Password (`password`). 19 __basedn__ , Base Distinguished Name. 20 __filter__ , A filter that defines the conditions that must be \ 21 21 fulfilled in order for the search to match a given \ 22 22 entry. 23 __tls__ ,Optional. Enable the use of TLS based integrity. \23 __tls__ , Optional. Enable the use of TLS based integrity. \ 24 24 Defaults to __0__. 25 __ca_file__ ,Optional. It's the CA filename. Must be provided \26 if TLS is enabled. 25 __ca_file__ , Optional. It's the CA filename. Must be provided \ 26 if TLS is enabled. 27 27 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 28 28 cherokee/trunk/doc/modules_validators_pam.txt
r1776 r1777 1 Pam Validator 2 ~~~~~~~~~~~~~ 1 Validator: PAM 2 ~~~~~~~~~~~~~~ 3 3 4 4 The pam validator uses the *Pluggable Authentication Module* to validate the … … 28 28 vserver!10!rule!500!auth!methods = basic 29 29 vserver!10!rule!500!auth!realm = secret 30 vserver!10!rule!500!match = directory 31 vserver!10!rule!500!match!directory = /auth 32 vserver!10!rule!500!match!final = 0 33 vserver!10!rule!500!only_secure = 0 30 34 ---- cherokee/trunk/doc/modules_validators_plain.txt
r1647 r1777 1 Plain Validator 2 ~~~~~~~~~~~~~~~ 1 Validator: Plain 2 ~~~~~~~~~~~~~~~~ 3 3 4 4 The plain validator uses a flat-file to authenticate users. … … 14 14 15 15 [grid="rows"] 16 ` `~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~17 Parameter ,Description16 `~~~~~~~~~~~~~~~`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 17 Parameter , Description 18 18 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 19 __passwdfile__ ,Required. The location of the user/pass file.19 __passwdfile__ , Required. The location of the user/pass file. 20 20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 21 21 … … 28 28 ^^^^^^^ 29 29 30 Here is an example of what could be reflected in the 31 link:dev_cherokee.conf.html[cherokee.conf] configuration file after 32 setting up this authentication mechanism. Refer to the 33 link:cookbook_authentication.html[Authentication] recipe for a full 34 hands-on approach. 35 30 36 ---- 31 vserver!default!directory!/secret/! 37 vserver!10!rule!500!auth = plain 38 vserver!10!rule!500!auth!methods = basic 39 vserver!10!rule!500!auth!passwdfile = /var/www/passwd.plain 40 vserver!10!rule!500!auth!realm = secret 41 vserver!10!rule!500!match = directory 42 vserver!10!rule!500!match!directory = /auth 43 vserver!10!rule!500!match!final = 0 44 vserver!10!rule!500!only_secure = 0 32 45 ---- 33 46 34 The directory secret requieres a valid login/password pair from the /var/passwordsweb. They can authenticate with Basic or the Digest methos. 35 You can place the password file outside the web tree, in this way, remote users won't be able to fetch the list. 47 The parameter that specifies the file containing the pairs 48 'user:password' is mandatory. `Plain` authentication can use both 49 `Basic` and `Digest` schemes. 50 51 You can and should place the password file outside the web tree to 52 prevent remote users from accessing the list. 36 53 37 54 image::media/images/admin_validators_plain.png[Validator Plain] 55 56 This could be the contents of the the file `/var/www/passwd` specified 57 in this example: 58 59 **** 60 testuser:testpassword 61 cherokee:webserver 62 **** 63 64 This would only allow access to the users `cherokee` and `testuser`.