NAME
Apache2::UserdirAuthz - simple one directory per username access control
SYNOPSIS
PerlSetVar userdirrealms example.org,example.com
<Location />
AuthType Kerberos # should work with any authtype
Require valid-user
PerlAuthzHandler Apache2::UserdirAuthz
</Location>
DESCRIPTION
When used as a PerlAuthzHandler with Apache+mod_perl, Apache2::UserdirAuthz will perform simple access control, where each user has access to the part of the hierarchy named after their username. For example, a user "tom" will have access to all locations under /tom/
, such as /tom/index.html
, /tom/logo.png
, and so on.
If the username contains an @, the part after the @ can be conditionally stripped off by setting userdirrealms
with PerlSetVar
. This is useful when using with Kerberos, where usernames are of the form user@realm
. To set realm stripping for multiple realms, separate with commas, as demonstrated in the SYNOPSIS.
Any requests for paths outside the user's own prefix result in a 401 response (the handler returns Apache2::Const::HTTP_UNAUTHORIZED
).
If the username contains a slash, this is taken literally when constructing the prefix for the (path portion of the) URI. So, if the username is host/foo.example.org@EXAMPLE.ORG
, and the EXAMPLE.ORG
realm is stripped, then the user will have access to URIs under /host/foo.example.org/
.
AUTHOR
Tom Jones <tom.jones@bccx.com>