- username
-
Case sensitive.
-
- empty string
-
Empty string matches to empty username.
- wildcard
-
Literal * (star) char matches to any username.
- unix user group
-
%group notation authenticates all users member of group system group.
-
- password
-
Case sensitive.
One of these:
-
- empty string
-
Only empty password is accepted.
- wildcard
-
A single * (star) char matches to any password, even an empty password.
- password hash
-
Strings started by $ (dollar) char are interpreted as a digest hash.
See mkpasswd(1).
examples: "$1$aFBGam4v$z0wUB7iFufOhE/NRj0Er00", "$5$0YGs3cvE$ubrjqObb7wfGAFsSucbveVRhpjbm5DhvJAIWoUzPza2", "$apr1$4SEyzsx/$HvLYCSuQO8fv4BoyiHSM//"
- PAM service call
-
Strings started by @ (at) char are interpreted as pam(7) service and given password and username will be passed to the named service for authentication.
examples: "@login"
- Base64 encoded string
-
Strings started by = (equal) char are decoded with base64.
examples: "=cGE1NVcwcmQ="
- encrypted password
-
Strings 13 chars long are interpreted as crypt(3) hash.
examples: "oENuccxr.wqEg"
- cleartext
-
Any other string interpreted as a cleartext password.
-
- CIDR
-
Comma-separated list of CIDR addresses the visitor's IP must match to.
Currently only IPv4 CIDR addresses are supported.
Empty string and * match to any value.
examples: "10.0.0.0/24", "127.0.0.1", "192.168.1.1,192.168.1.2"
- method
-
Comma-separated list of case insensitive HTTP method names.
Empty string and * match to any value.
Examples: "GET", "POST", "HEAD", "GET,HEAD"
- scheme
-
Comma-separated list of case insensitive URI scheme names.
Empty string and * match to any value.
examples: "http", "https"