- NeoWebServerConf key value
- NeoWebDirConf key value
Per-server and Per-directory configuration of the Tcl interpreter. Each command sets a variable of the same name within the trusted interpreter. Available via mod_neoscript.c. See Variables for more information.
- NeoWebUserConf key value
Per-directory configuration of the Tcl slave interpreter via .htaccess. The global Tcl array NeoWebUserConf is set according to .htaccess files found by the server. NeoWebUserConf is the only configuration under user control (it may also be set in a per-directory configuration within access.conf). This can be used to customize or modify behaviors of general purpose tcl code called within documents. Standard merging rules are followed. Note that unlike the other configuration commands which set Tcl array variables, the NeoWebUserConf array is set only in the slave (user's) interpreter. If the trusted interpreter wants to know about it, it must interrogate the slave. Available via mod_neoscript.c.
- TclAuthBasic procname arg1 arg2 ...
- TclAuthAccess procname arg1 arg2 ...
These directives may be used in access.conf or .htaccess files to define a Tcl procedure to be used for authenticating users. Any number of arguments may be specified for the Tcl procedures. The TclAuthBasic proc call is assembled by appending the user name to end of the list of arguments. The proc must return a DES-encrypted string which will be compared with the string entered by the user. If a user is not found in your database, return an empty string. Available via mod_auth_tcl.c.
Two additional arguments are likewise appended to the given TclAuthAccess proc and args for each Require directive given within a <Limit> directive. The procedure is then called. The return value should be one of "OK", "AUTH_REQUIRED", or an empty string. OK accepts the user as valid. AUTH_REQUIRED will deny access. Any other return value will mean to continue checking (possibly) additional Require directives in turn. If the list is exhausted without an "OK", the result is a failure to authenticate access.
Examples of TclAuthBasic and TclAuthAccess can be found in common.tcl in the server configuration directory. The example postgres_auth proc checks a local db file cache for passwords before actually connecting to our Postgres95 server. This is a good idea in any situation when one realizes the enormous number of hits to such a database can be incurred when authenticating access to a directory. We have not yet had the need for an TclAuthAccess proc beyond simply accepting "Require valid-user" directives.
If an error is caught, it is logged and is treated as an authentication failer.
- UidUserDir id dir
- GidUserDir id dir
Per user and per group UserDir configuration. Configures a UserDir for a specific id or id range.
If id contains a - it is parsed as an id number range. Otherwise, it is translated into a numeric id by looking it up in the appropriate system file (/etc/passwd or /etc/group).
dir is the subdirectory to append to the users home directory just as in UserDir. If dir is disabled then ~user expansion for the given user or user range is disabled, and attempts to access return the FORBIDDEN code. This was primarily implemented to disable access to the system hierarchy via ~root or ~bin for example.
Example:
UidUserDir 0-199 disabled
- ForbidUserSubdir path
Provides a means for protecting certain user subdirectories from access. During expansion of ~user, if the subdirectory requested matches path then it is disallowed. Attempts to access return the DECLINED code. If you use UserDir public_html in your srm.conf you may wonder why one needs this. It's useful if you set UserDir to ".", which is likely if you are running a dedicated web server where home directories are primarily web sites and nothing else.
