![[APACHE DOCUMENTATION]](../images/sub.gif)
mod_auth.c file ¾È¿¡ Æ÷ÇԵǾî ÀÖÀ¸¸ç,
±âº»°ªÀ¸·Î ÄÄÆÄÀÏ µÇ¾î ÀÖ½À´Ï´Ù. ÀÌ ¸ðµâÀº ÅؽºÆ® ÆÄÀÏÀ»
»ç¿ëÇÑ »ç¿ëÀÚ ÀÎÁõÀ» À§ÇØ Á¦°øµË´Ï´Ù.
AuthGroupFile directive(¼±¾ð)Àº »ç¿ëÀÚ ÀÎÁõÀ» À§ÇÑ »ç¿ëÀÚ ±×·ìÀÇ ¸ñ·ÏÀÌ Æ÷ÇÔµÈ ÅؽºÆ® ÆÄÀÏÀÇ À̸§À» ÁöÁ¤ÇÕ´Ï´Ù. Filename Àº ±×·ìÆÄÀÏÀÇ °æ·Î ÀÔ´Ï´Ù. ¸¸¾à ÀÌ °æ·Î°¡ µå¶óÀÌºê ¸íÀ¸·Î ½ÃÀÛÇÏÁö ¾Ê´Â »ó´ë°æ·Î¶ó¸é, ServerRoot ¿¡ ´ëÇÑ °æ·Î·Î °£ÁÖ µË´Ï´Ù.
±×·ì ÆÄÀÏÀÇ °¢°¢ÀÇ ÁÙÀº ±×·ìÀ̸§°ú ÄÝ·Ð(:)µÚ¿¡ °ø¶õ(space)¿¡ ÀÇÇØ ±¸ºÐµÈ »ç¿ëÀÚ À̸§ÀÌ µû¶ó ¿É´Ï´Ù. ¿¹¸¦ µé¸é ´ÙÀ½°ú °°½À´Ï´Ù.:
mygroup: bob joe anneº¸¾È: AuthGroupFile(»ç¿ëÀÚ±×·ìÆÄÀÏ) Àº À¥¼¹öÀÇ ¹®¼ µð·ºÅ丮 ¹Û¿¡ ÀúÀåÇϵµ·Ï ÇÕ´Ï´Ù. ±×·¸Áö ¾ÊÀ¸¸é Ŭ¶óÀ̾ðÆ® Ãø¿¡¼ »ç¿ëÀÚ±×·ìÆÄÀÏ(AuthGroupFile)À» ´Ù¿î·Îµå ÇÒ ¼öµµ ÀÖ½À´Ï´Ù.
See also AuthName, AuthType and AuthUserFile.
AuthUserFile ¼±¾ð(directive)Àº »ç¿ëÀÚ ÀÎÁõÀ» À§ÇÑ »ç¿ëÀÚ¿Í ºñ¹Ð¹øÈ£ ¸ñ·ÏÀ» Æ÷ÇÔÇÏ´Â ÅؽºÆ® ÆÄÀÏÀÇ À̸§À» ÁöÁ¤ÇÕ´Ï´Ù. Filename Àº »ç¿ëÀÚÆÄÀÏÀÇ °æ·Î ÀÔ´Ï´Ù. ¸¸¾à Àý´ë°æ·Î(µå¶óÀ̺ê¸íÀ¸·Î ½ÃÀÛ)°¡ ¾Æ´Ñ »ó´ë°æ·Î('/'·Î ½ÃÀÛÇÏÁö ¾ÊÀ½) ¶ó¸é ServerRoot ¿¡ ´ëÇÑ °æ·Î·Î °£ÁÖ ÇÏ°Ô µË´Ï´Ù.
»ç¿ëÀÚÆÄÀÏÀÇ °¢°¢ÀÇ ÁÙÀº »ç¿ëÀÚÀ̸§ µÚ¿¡ :(ÄÝ·Ð)À» ¾²°í ºñ¹Ð¹øÈ£°¡ ¿Àµµ·Ï µÇ¾î ÀÖ½À´Ï´Ù.
¹ÙÀ̳ʸ®·Î ¹èÆ÷µÇ´Â ¾ÆÆÄÄ¡¿¡´Â htpasswd
À¯Æ¿¸®Æ¼°¡ Æ÷ÇԵǾî ÀÖ½À´Ï´Ù. ¶Ç´Â src/support
¿¡¼ ãÀ» ¼ö ÀÖ½À´Ï´Ù .ÀÌ À¯Æ¿¸®Æ¼´Â password file(ºñ¹Ð¹øÈ£ÆÄÀÏ)
À» °ü¸®Çϴµ¥ »ç¿ëÇÕ´Ï´Ù. ´õ ÀÚ¼¼ÇÑ ¼³¸íÀº man
page ¸¦ Âü°íÇϸç, °£·«ÇÏ°Ô ¼³¸íÇÏÀÚ¸é,
htpasswd -c Filename username
¸ÇóÀ½ ID·Î 'username' °ú ÇÔ²² 'Filename'À¸·Î ºñ¹Ð¹øÈ£ ÆÄÀÏÀ» »õ·Î¸¸µå´Â ¸í·ÉÀÔ´Ï´Ù. ( -c ¿É¼ÇÀº Æнº¿öµå ÆÄÀÏÀ» ó¸§ ¸¸µé¶§ »ç¿ëÇÕ´Ï´Ù. ) ±×·¯¸é ºñ¹Ð¹øÈ£¸¦ ¹¯½À´Ï´Ù.
htpasswd Filename username2
ºñ¹Ð¹øÈ£ÆÄÀÏ(password file) - 'Filename' ¿¡¼ 'username' À¸·Î »ç¿ëÀÚ¸¦ Ãß°¡ ¶Ç´Â ¼öÁ¤À» ÇÒ ¼ö ÀÖ½À´Ï´Ù.
¿ë·®ÀÌ Å¬ ÆÄÀÏÀ» °Ë»ö ÇÏ´Â °ÍÀº ¸Å¿ì ºñÈ¿À²ÀûÀÔ´Ï´Ù.; ´ë½Å AuthDBMUserFile À» »ç¿ëÇÏ´Â °ÍÀÌ ÁÁ½À´Ï´Ù.
º¸¾È: AuthUserFile(»ç¿ëÀÚÆÄÀÏ) Àº À¥¼¹öÀÇ ¹®¼ µð·ºÅ丮 ¹Û¿¡ ÀúÀåÇϵµ·Ï ÇÕ´Ï´Ù. ±×·¸Áö ¾ÊÀ¸¸é Ŭ¶óÀ̾ðÆ® Ãø¿¡¼ »ç¿ëÀÚÆÄÀÏ(AuthUserFile)À» ´Ù¿î·Îµå ÇÒ ¼öµµ ÀÖ½À´Ï´Ù.
See also AuthName, AuthType and AuthGroupFile.
¡¡
AuthAuthoritative ¼±¾ð(directive)À» ¸í¹éÇÏ°Ô 'off'
·Î ¼ÂÆÃÀº
userID °¡ ¾ø°Å³ª rule Á¦°øµÈ userID¿Í
¸ÅÄ¡µÇÁö ¾ÊÀº °æ¿ì - ÀÎÁõ(authentication) °ú Àú ¼öÁØ ¸ðµâ( Configuration
°ú
modules.c ÆÄÀÏ¿¡¼ Á¤ÀÇ)À» Åë°úÇÒ ¼ö ÀÖ´Â
±ÇÇѺο©(authorization) µÑ´Ù Çã¿ëÀÌ µË´Ï´Ù.
¸¸¾à userID ¿Í/¶Ç´Â ±ÔÄ¢ÀÌ ÁöÁ¤µÇ¾úÀ» °æ¿ì, - ºñ¹Ð¹øÈ£ ¿Í
Á¢¼ÓÀ» È®ÀεǸé Àû¿ëµÇ°í, ½ÇÆÐÇÒ °æ¿ì ±ÇÇѺο©°¡ ¿ä±¸
µÈ´Ù°í ȸ½Å ÇÕ´Ï´Ù.
±×·¡¼ ¸¸¾à Çϳª ÀÌ»óÀÇ ¸ðµâÀÇ µ¥ÀÌŸ º£À̽º¿¡¼ userID °¡ ³ªÅ¸³µ´Ù¸é; ¶Ç´Â ¸¸¾à
So if a userID appears in the database of more than one module; or if a valid require directive applies to more than one module; then the first module will verify the credentials; and no access is passed on; regardless of the AuthAuthoritative setting.
A common use for this is in conjunction with one of the database
modules; such as mod_auth_db.c, mod_auth_dbm.c,
mod_auth_msql.c, and mod_auth_anon.c. These modules
supply the bulk of the user credential checking; but a few
(administrator) related accesses fall through to a lower level with a
well protected AuthUserFile.
°øÅëµÈ »ç¿ë ÇϳªÀÇ µ¥ÀÌŸº£À̽º
¸ðµâ¿¡ mod_auth_db.c, mod_auth_dbm.c,
mod_auth_msql.c, ±×¸®°í mod_auth_anon.c ¿Í °°Àº µ¥ÀÌŸ
º£À̽º ¸ðµâ Áß Çϳª¿Í ÇÔ²²
ÀÌ ¸ðµâÀº .. ¸¦ Áö¿øÇÕ´Ï´Ù. ; ÇÏÁö¸¸ Àß º¸°üµÈ AuthUserFile(»ç¿ëÀÚÆÄÀÏ)
°ú ÇÔ²² Àú¼öÁØ À» ÅëÇØ ¼Ò¼ö
Default: By default; control is not passed on; and an unknown userID or rule will result in an Authorization Required reply. Not setting it thus keeps the system secure; and forces an NCSA compliant behaviour.
±âº»°ªÀº Åë°úÇÒ ¼ö ¾øµµ·Ï Á¦¾î ÇÕ´Ï´Ù. ; ¾Ë¼ö ¾ø´Â userID ³ª ±ÔÄ¢Àº ±ÇÇÑÀÌ ¾ø´Ù´Â
Security: Do consider the implications of allowing a user to allow fall-through in his .htaccess file; and verify that this is really what you want; Generally it is easier to just secure a single .htpasswd file, than it is to secure a database such as mSQL. Make sure that the AuthUserFile is stored outside the document tree of the web-server; do not put it in the directory that it protects. Otherwise, clients will be able to download the AuthUserFile.
º¸¾È:
See also AuthName, AuthType and AuthGroupFile.
