NAME

Apache2::UserDirAuthz - simple one directory per username access control

SYNOPSIS

    PerlSetVar userdirrealms example.org,example.com
    
    <Location />
        AuthType Kerberos     # should work with any authtype
        Require valid-user
        PerlAuthzHandler Apache2::UserDirAuthz
    </Location>

DESCRIPTION

When used as a PerlAuthzHandler with Apache+mod_perl, Apache2::UserdirAuthz will perform simple access control, where each user has access to the part of the hierarchy named after their username. For example, a user "tom" will have access to all locations under /tom/, such as /tom/index.html, /tom/logo.png, and so on.

If the username contains an @, the part after the @ can be conditionally stripped off by setting userdirrealms with PerlSetVar. This is useful when using with Kerberos, where usernames are of the form user@realm. To set realm stripping for multiple realms, separate with commas, as demonstrated in the SYNOPSIS.

Any requests for paths outside the user's own prefix result in a 401 response (the handler returns Apache2::Const::HTTP_UNAUTHORIZED).

If the username contains a slash, this is taken literally when constructing the prefix for the (path portion of the) URI. So, if the username is host/foo.example.org@EXAMPLE.ORG, and the EXAMPLE.ORG realm is stripped, then the user will have access to URIs under /host/foo.example.org/.

AUTHOR

Tom Jones <tom.jones@bccx.com>