Apache Reference: <a href="../mod_auth.html">mod

Apache Reference: mod_auth, AuthAuthoritative

AuthAuthoritative

Allow Access Control to Be Passed to Lower-Level Modules
Syntax: AuthAuthoritative on|off
Example: AuthAuthoritative off
Since: Apache 1.2

Setting this directive explicitly to ``off'' permits both authentication and authorization to be passed to lower-level modules (as defined in the Configuration and modules.c files at build time) if no user ID or rule matches the supplied user ID. If a user ID or rule is specified, the usual password and access checks are applied and a failure gives an ``Authorization Required'' reply. The AuthAuthoritative directive is typically used in conjunction with a database module, such as mod_auth_db or mod_auth_dbm. These modules supply the bulk of the user credential checking, although a few administrator-related accesses may fall through to a lower level with a well-protected AuthUserFile.