AuthOrder

Name

AuthOrder -- Configure auth module checking order

Synopsis

AuthOrder [ module-name...]

Default

None

Context

server config, <VirtualHost>, <Global>

Module

mod_core

Compatibility

1.2.8rc1 and later

Description

The AuthOrder directive configures the names of auth modules, and the order in which they will be checked when authenticating a user.

At least one module name must be given; there is no maximum number of modules that can be listed. The listed module names must the full name of the source file, e.g. "mod_auth_unix.c". To see a full list of module names, use "proftpd -l". Do not use "mod_auth.c", as that module is the authentication front end module, and is necessary.

You can make an auth module be "authoritative" by appending an asterisk (*) after the module name. Usually this is done for the "mod_auth_pam.c" module, to ensure that the login fails if the PAM check fails.

Examples

  # Use only AuthUserFiles when authenticating, and not the system's /etc/passwd
  AuthOrder mod_auth_file.c
  # If the user's information is not in LDAP, they're not a user to use
  # this server.
  AuthOrder mod_ldap.c
  # Use SQL tables first, then LDAP, for authentication
  AuthOrder mod_sql.c mod_ldap.c
  # Use the normal system /etc/passwd and PAM, but make sure that PAM is
  # authoritative about accepting or rejecting the login
  AuthOrder mod_auth_pam.c* mod_auth_unix.c