AuthDBGroupFile

Syntax: AuthDBGroupFile filename
Context: directory, .htaccess
Override: AuthConfig
Status: Extension
Module: mod_auth_db

The AuthDBGroupFile directive sets the name of a DB file containing the list of user groups for user authentication. Filename is the absolute path to the group file.

The group file is keyed on the username. The value for a user is a comma-separated list of the groups to which the users belongs. There must be no whitespace within the value, and it must never contain any colons.

Security: make sure that the AuthDBGroupFile is stored outside the document tree of the web-server; do not put it in the directory that it protects. Otherwise, clients will be able to download the AuthDBGroupFile unless otherwise protected.

Combining Group and Password DB files: In some cases it is easier to manage a single database which contains both the password and group details for each user. This simplifies any support programs that need to be written: they now only have to deal with writing to and locking a single DBM file. This can be accomplished by first setting the group and password files to point to the same DB file:

AuthDBGroupFile /www/userbase AuthDBUserFile /www/userbase

The key for the single DB record is the username. The value consists of

Unix Crypt-ed Password : List of Groups [ : (ignored) ]

The password section contains the Unix crypt() password as before. This is followed by a colon and the comma separated list of groups. Other data may optionally be left in the DB file after another colon; it is ignored by the authentication module.

See also AuthName, AuthType and AuthDBUserFile.