diff options
| author | Sergey Poznyakoff <gray@gnu.org.ua> | 2020-02-27 14:09:07 +0200 |
|---|---|---|
| committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2020-02-27 17:40:57 +0200 |
| commit | a7d03cd5f6ab8884ee2f2ef89c3e514c811c2c9f (patch) | |
| tree | f3fa9be0eac61cf4d015ac8d447db88a44d9f566 /doc/ping903.conf.5 | |
| parent | 9b546466f4e0f34a63e5f49c752dffea3ef9a47a (diff) | |
| download | ping903-a7d03cd5f6ab8884ee2f2ef89c3e514c811c2c9f.tar.gz ping903-a7d03cd5f6ab8884ee2f2ef89c3e514c811c2c9f.tar.bz2 | |
Document basic authorization
Diffstat (limited to 'doc/ping903.conf.5')
| -rw-r--r-- | doc/ping903.conf.5 | 54 |
1 files changed, 53 insertions, 1 deletions
diff --git a/doc/ping903.conf.5 b/doc/ping903.conf.5 index 7c29de9..c6835f3 100644 --- a/doc/ping903.conf.5 +++ b/doc/ping903.conf.5 @@ -150,9 +150,61 @@ first IP in the list is encountered, whichever occurs first. and the network mask in dotted quad, or the length of the network mask in decimal. +.SS HTTP Authorization configuration +It is suggested that HTTP entry points be protected by the HTTP +authorization. This is especially critical for \fB/config\fR and +below, which allows the requester to modify \fBping903\fR +configuration. This version of \fBping903\fR supports HTTP basic +authorization. +.TP +\fBauth basic\fR \fIMETHOD\fR \fIURL\fR \fIPWFILE\fR \fIREALM\fR +This statement enables basic authentication for \fIURL\fR when +accessed using the given HTTP \fIMETHOD\fR. + +\fIMETHOD\fR is either one of HTTP methods (\fBGET\fR, \fBPOST\fR, +etc.) or a wildcard \fB*\fR matching any method. + +\fIURL\fR is the \fBping903\fR URL. It is treated as a prefix, i.e. +the statement takes effect for anything below that URL as well. The +\fIURL\fR can also contain +.BR glob (7) +wildcards. + +\fIPWFILE\fR is the name of a textual file containing the list of +users and passwords for user authentication. This file is compatible +with Apache \fBmod_authn_file\fR module and can be generated using +the Apache +.BR htpasswd (1) +utility. + +\fIREALM\fR sets the realm to be used in the authentication. The +realm is used by the client to determine what user name and password +to send for a given authenticated area. If \fIREALM\fR contains +whitespace, it must be enclosed in double-quotes. Within a +double-quoted string any occurrence of double-quote or backslash must +be escaped by prefixing it with a backslash character. + +These parameters are mandatory only for the very first occurrence of the +\fBauth\fR statements. The statements that follow it may omit the +\fIIPFILE\fR and/or \fIREALM\fR, if they are the same as in the +preceding statement. For example, the following statements protect +modifications to the \fBping903\fR configuration with basic +authorization: +.sp +.nf +auth basic POST /config /etc/ping903/htpasswd Modification +auth basic PUT /config +.fi +.sp +Notice, that an incoming HTTP request is matched against each +\fBauth\fR statement in turn, in the order they appear in the +configuration file, and it is the first matching statement that +takes effect. Therefore, place more specific METHOD/URL combinations +before more general ones. .SH SEE ALSO .BR ping903 (8), -.BR ping903q (1). +.BR ping903q (1), +.BR ping903.cred (5). .SH COPYRIGHT Copyright \(co 2020 Sergey Poznyakoff .br |