Helicon Ape

mod_authz_groupfile

Overview

mod_authz_groupfile module provides authorization to specific parts of the site based on user's group membership.

Quick start

Sample mod_auth_basic & mod_authz_groupfile configuration in .htaccess

# Authentication type
AuthType Basic
# Name of area authentication will be used for (aka realm)
AuthName "secret area"
# Authentication provider. Here - mod_authn_file
AuthBasicProvider file
# Path to password file
AuthUserFile  c:\inetpub\users\.htpasswds
# Path to group file
AuthGroupFile c:\inetpub\users\.groups
# Access will be granted to all authenticated users from 'admins' group
Require group admins

Sample of .htpasswds file:

john:jhnpswd
bill:billsecret
jack:jack123

Sample of .groups file:

# admins group
admins: john jack

# users group
users: john bill jack

Related articles and topics

Directives

Name Context Description
AuthGroupFile S V D .h sets the name of a text file containing the list of user groups for authorization
AuthzGroupFileAuthoritative S V D .h sets whether authorization will be passed on to lower level modules

AuthGroupFile

AuthGroupFile directive specifies the name of the text file containing the list of user groups for user authorization. File-path is the path to the group file. If it is not absolute, it is treated as relative to the current configuration file ( httpd.conf or .htaccess ).

Syntax

AuthGroupFile file-path

Each line of the group file contains a groupname, colon and space-separated members usernames.

operators: bill george barak

Security note! Don't locate AuthGroupFile inside the directory that it protects and inside web-server document tree. Otherwise, clients will have a chance to download groups file.

AuthzGroupFileAuthoritative

Sets whether authorization will be passed on to lower level modules. If AuthzGroupFileAuthoritative is set to off and no group got matched against specified userID, group authorization will be passed to lower level modules (if any).

Syntax

AuthzGroupFileAuthoritative On|Off

Default

AuthzGroupFileAuthoritative On