On 10/23/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Hello, > > AuthName directive: "This directive sets the name of the > authorization realm for a directory. This realm is given to the > client so that the user knows which username and password to send." > > I know how AuthName works in practise, but can someone please > explain what an "authorization realm" is? I take it it is not the > same as a directory?
Check RFC 2617. The realm is the area on the server that is accessible under a given set of credentials. In practice, it is usually a specific directory and its subdirectories. But the same realm name may be used for multiple independent directories, and the browser should supply the appropriate username/password without reprompting the user if it knows them for that realm. For security reasons (to prevent stealing passwords), a realm cannot span multiple hostnames. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]