On 10/23/07, anon6565@xxxxxxxxxxxx <anon6565@xxxxxxxxxxxx> wrote: > Hello, > > AuthName directive: "This directive sets the name of the > authorization realm for a directory. This realm is given to the > client so that the user knows which username and password to send." > > I know how AuthName works in practise, but can someone please > explain what an "authorization realm" is? I take it it is not the > same as a directory? Check RFC 2617. The realm is the area on the server that is accessible under a given set of credentials. In practice, it is usually a specific directory and its subdirectories. But the same realm name may be used for multiple independent directories, and the browser should supply the appropriate username/password without reprompting the user if it knows them for that realm. For security reasons (to prevent stealing passwords), a realm cannot span multiple hostnames. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|