protect
rule has an associated protection setup
file. It specifies valid authentication schemes, password and group
files, and password server-id.
authenticate
field:
authenticate Basic, KerberosV4KerberosV4 authentication is here only as an example; it has not been implemented as part of the library.
mask-group
in setup file (and you
don't need any ACL files):
mask-group group, user, group@address, ...Group definition has the same syntax as in group file.
In this case you don't need the mask-group
in setup
file.
mask-group
and an ACL, in
which case both conditions must be met. This is typically used so
that mask-group
defines a general group of people allowed
to access the tree, and ACLs restrict access even further.
Basic
scheme is one of the valid schemes there should
be the following fields in the protection file:
server-id OurCollaboration passwordfile /WWW/Admin/passwd groupfile /WWW/Admin/groupPassword and group files must be absolute pathnames.
The purpose of server-id
is to inform the browser about
which password file is used; different protection setups (different
collaborations) on the same machine can use different password file
and that would otherwise confuse pseudo-intelligent clients trying to
automatically figure out which password to send.
Same server-ids on different machines (or different ports on the same machine) are considered different by clients (otherwise this would be a security hole).
AL 12 December 1993