> On 10/23/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > AuthName directive: "This directive sets the name of the > > authorization realm for a directory. This realm is given to the > > client so that the user knows which username and password to send." > > > > I know how AuthName works in practise, but can someone please > > explain what an "authorization realm" is? I take it it is not the > > same as a directory?
On 23.10.07 12:56, Joshua Slive wrote: > The realm is the area on the server that is accessible under a given > set of credentials. In practice, it is usually a specific directory > and its subdirectories. But the same realm name may be used for > multiple independent directories, and the browser should supply the > appropriate username/password without reprompting the user if it knows > them for that realm. For security reasons (to prevent stealing > passwords), a realm cannot span multiple hostnames. Note that when you use different access rights (in subdirectories or different paths), you must use different realms. Otherwise, the browser (and the user) may get confused that once it can get to the area, once not. OTOH, when usine the same privileges in more directories within the same server, you may use the same realms. So, when you have webserver with some public (unprotected) data, more (protected) applications, each in the different subdirectory, and admin area under each of them, where all applications have the same userlist (e.g. valid_user with the same user database) and each admin area the same list/group of admins, You can use one realm for applications and one realm for admin areas. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Depression is merely anger without enthusiasm. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
