typedef struct {
/* For HTTP Basic Authentication
* Given a username and password, expected to return AUTH_GRANTED
* if we can validate this user/password combination.
*/
authn_status (*check_password)(request_rec *r, const char *user, const char *password);
/* For HTTP Digest Authentication
* Given a user and realm, expected to return AUTH_USER_FOUND if we
* can find a md5 hash of ‘user:realm:password'
*/
authn_status (*get_realm_hash)(request_rec *r, const char *user,const char *realm, char **rethash);
} authn_provider;
Whereas the first function check_password serves to verifya supplied passwordfor the username, the second serves only to look up an MD5 hash and return it
for mod_auth_digest to process.
Satisfy Any
Determining Whether to Require Both or Just One of Host and User.
The logic of the security phase in the Apache core is shown here, in pseudocode form:
If (Satisfy Any) {
run access_checker
if (allowed by access checker) {
ALLOW access; skip check_user_id and auth_checker hooks
} else {
if (configured for authentication) {
run check_user_id
if (user id is valid) {
run auth_checker; outcome is ALLOW or DENY
} else {
DENY access
}
}
}
} else { /* Satisfy ALL is the default */
run access_checker
if (allowed by access checker) {
if (configured for authentication) {
run check_user_id
if (user id is valid) {
run auth_checker; outcome is ALLOW or DENY
} else {
DENY access
}
}
} else {
DENY access; skip check_user_id and auth_checker hooks
}
}
/* For HTTP Basic Authentication
* Given a username and password, expected to return AUTH_GRANTED
* if we can validate this user/password combination.
*/
authn_status (*check_password)(request_rec *r, const char *user, const char *password);
/* For HTTP Digest Authentication
* Given a user and realm, expected to return AUTH_USER_FOUND if we
* can find a md5 hash of ‘user:realm:password'
*/
authn_status (*get_realm_hash)(request_rec *r, const char *user,const char *realm, char **rethash);
} authn_provider;
Whereas the first function check_password serves to verifya supplied passwordfor the username, the second serves only to look up an MD5 hash and return it
for mod_auth_digest to process.
Satisfy Any
Determining Whether to Require Both or Just One of Host and User.
The logic of the security phase in the Apache core is shown here, in pseudocode form:
If (Satisfy Any) {
run access_checker
if (allowed by access checker) {
ALLOW access; skip check_user_id and auth_checker hooks
} else {
if (configured for authentication) {
run check_user_id
if (user id is valid) {
run auth_checker; outcome is ALLOW or DENY
} else {
DENY access
}
}
}
} else { /* Satisfy ALL is the default */
run access_checker
if (allowed by access checker) {
if (configured for authentication) {
run check_user_id
if (user id is valid) {
run auth_checker; outcome is ALLOW or DENY
} else {
DENY access
}
}
} else {
DENY access; skip check_user_id and auth_checker hooks
}
}