Description: | Provides group and attribute authorization of browser users. |
---|---|
Module Identifier: | uwa_module |
Description: | Activates authorization checking |
---|---|
Syntax: | AuthType type |
Context: | .htaccess |
Override: | none |
AuthType
activates mod_uwa if the
specified type is one that the module recognizes:
Presently uwnetid and shibboleth.
Authtype shibboleth
Description: | Deactivates mod_uwa. |
---|---|
Syntax: | AuthGroupFile etc.
|
Context: | .htaccess |
Override: | none |
Presence of an AuthGroupFile
directive deactivates mod_uwa.
Description: | Identifies the ldap server for all queries |
---|---|
Syntax: | UWAuthLdapServer server:port |
Context: | server config |
Override: | none |
UWAuthLdapServer
Identify the ldap server for person, group and course information.
UWAuthLdapServer groups.u.washington.edu:389
Description: | Identifies the ldap server for person queries |
---|---|
Syntax: | UWAuthPersonLdapServer server:port |
Context: | server config |
Override: | none |
UWAuthLdapServer
Identify the ldap server for person info: affiliation, type.
UWAuthPersonLdapServer pds.u.washington.edu:389
Description: | Identifies the ldap server for group and course queries |
---|---|
Syntax: | UWAuthGroupLdapServer server:port |
Context: | server config |
Override: | none |
UWAuthLdapServer
Identify the ldap server for group info: groups, courses.
UWAuthGroupLdapServer groups.u.washington.edu:389
Description: | Defines an application identifier |
---|---|
Syntax: | UWAuthCertDB cert_db_file
|
Context: | server config |
Override: | none |
UWAuthCertDB
Identifies the SSL certificate CA database to use for authenticating
the ldap server's certificate.
The file must be readable by the user and group of the server.
UWAuthCertDB /usr/local/apache/conf/certdb.crt
Description: | Identifies the SSL certificate to use to authenticate to the ldap server. |
---|---|
Syntax: | UWAuthBindCert cert_file
|
Context: | server config |
Override: | none |
UWAuthBindCert
Identifies the SSL certificate to use for authenticating
to the ldap server.
The file must be readable by the user and group of the server.
UWAuthBindCert /usr/local/apache/conf/my.crt
Description: | Identifies the key for the authentication certificate. |
---|---|
Syntax: | UWAuthBindKey key_file
|
Context: | server config |
Override: | none |
UWAuthBindKey
Identifies the key for the authentication certificate.
The file must be readable by the user and group of the server.
UWAuthBindKey /usr/local/apache/conf/my.key
Description: | Names the cookie to use for session control. |
---|---|
Syntax: | UWAuthCookie cookie_name
|
Context: | server config |
Override: | none |
UWAuthCookie
Identifies the name of the cookie for mod_uwa to use for session control.
UWAuthCookie my_auth
Description: | Toggles requirement that pages requesting course information must be owners of that course. |
---|---|
Syntax: | UWAuthRequireCourseOwnership On|Off
|
Context: | server config |
Override: | none |
When the UWAuthRequireCourseOwnership
flag is set, course information can be utilized only be owners of that course.
Specifically, the web resource must be owned (in the UNIX filesystem sense) by
an owner (e.g., an instructor) of a particular course if any "require course" directives
are to be used.
UWAuthRequireCourseOwnership On
Description: | Toggles "implicit-or" logic for multi-line and multi-directory authorization directives. |
---|---|
Syntax: | UWAuthImplicitOr On|Off
|
Context: | server config |
Override: | none |
When the UWAuthImplicitOr
flag is set, independent authorization directives will be combined by a logical OR.
Default is to AND them.
UWAuthImplicitOr On
Description: | Describes an authorization requirement |
---|---|
Syntax: | require requirement
|
Context: | .htaccess |
Override: | none |
Require
defines an authorization requirement.
A simple requirement is a condition plus an argument.
condition | arg | meaning |
---|---|---|
valid-user | (none) | User must have a valid UWNet ID |
user arg | UWNet ID | User must be the specified id |
type arg | faculty staff student ... |
User must be the specified type |
group arg | group name | User must be the in the specified group |
course arg | course name | User must be the in the specified course. |
ugroup arg | unix group name | User must be the in the specified unix group |
In addition, simple requirements may be combined with the logical operators and, or, and not.. Use parentheses to specify operator precedence.
Courses are identified by the quarter, year and SLN, e.g. WIN2007.1021. Quarter prefixes are WIN, SPR, SUM and AUT. Students, instructors, and TAs are all considered to be members of a course.
require user spud carot potato
require group u:cac:all or user spud