APACHE_1_3_42/htdocs/manual/mod/mod_digest.html - httpd - Git at Google

 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

 <html xmlns="http://www.w3.org/1999/xhtml">
   <head>
     <meta name="generator" content="HTML Tidy, see www.w3.org" />

     <title>Apache module mod_digest</title>
   </head>
   <!-- Background white, links blue (unvisited), navy (visited), red (active) -->

   <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
   vlink="#000080" alink="#FF0000">
     <!--#include virtual="header.html" -->

     <h1 align="CENTER">Module mod_digest</h1>

     <p>This module provides for user authentication using MD5
     Digest Authentication.</p>

     <p><a href="module-dict.html#Status"
     rel="Help"><strong>Status:</strong></a> Extension<br />
      <a href="module-dict.html#SourceFile"
     rel="Help"><strong>Source File:</strong></a> mod_digest.c<br />
      <a href="module-dict.html#ModuleIdentifier"
     rel="Help"><strong>Module Identifier:</strong></a>
     digest_module<br />
      <a href="module-dict.html#Compatibility"
     rel="Help"><strong>Compatibility:</strong></a> Available in
     Apache 1.1 and later.</p>

     <h2>Summary</h2>

     <p>This module implements an older version of the MD5 Digest
     Authentication specification.  While suitable for most modern
     browsers, mod_digest is known to not work with Microsoft
     Internet Explorer. Please see <a
     href="mod_auth_digest.html">mod_auth_digest</a> for a module
     which implements the most recent version of the standard
     and does not suffer from the same limitations as mod_digest.</p>

     <h2>Directives</h2>

     <ul>
       <li><a href="#authdigestfile">AuthDigestFile</a></li>
     </ul>

     <h2>Using Digest Authentication</h2>

     <p>Using MD5 Digest authentication is very simple. Simply set
     up authentication normally. However, use "AuthType Digest" and
     "AuthDigestFile" instead of the normal "AuthType Basic" and
     "AuthUserFile".</p>

     <p>As to make sure that replay is not possible across
     sections of the site, or across sites (assuming a realm,
     userid and password are valid in that wider context) a
     secret nonce prefix can be configured with the
     core directive <a href="core.html#AuthDigestRealmSeed">AuthDigestRealmSeed</a>.
     </p>
     <p>If none if configured a sensible, but not particular
     secure, default is used. When used in load balancing
     situations the prefix should be shared across servers.
     </p>
     <p>The experimental <a href="mod_auth_digest.html">mod_auth_digest</a>
     module offers a number of additinal protections against replay.
     </p>

     <p>Everything else should remain the same.</p>

     <p>MD5 authentication provides a more secure password system,
     but only works with supporting browsers. As of this writing
     (December 2003) most major browsers, including
     <a href="http://www.microsoft.com/windows/ie/">MS Internet Explorer</a>,
     <a href="http://www.opera.com/">Opera</a>,
     <a href="http://www.netscape.com/">Netscape</a>,
     <a href="http://www.mozilla.org/">Mozilla</a>, and
     <a href="http://www.w3.org/Amaya/">Amaya</a>,
     support the Digest authentication scheme.  However, of this list
     MS Internet Explorer is known to be incompatable with the
     older digest authentication format supported by this module.
     Therefore, we do not recommend using this module on a large
     Internet site. However, for personal and intra-net use, where
     browser users can be controlled, it is ideal.</p>

     <p>See also <a href="mod_auth_digest.html">mod_auth_digest</a>,
     which is an updated version of this module, in order to determine
     whether you want to use that module instead. In either case, if
     you are using one, you should not use the other, as they share
     some of the same configuration directives.</p>
     <hr />

     <h2><a id="authdigestfile"
     name="authdigestfile">AuthDigestFile</a> directive</h2>
     <a href="directive-dict.html#Syntax"
     rel="Help"><strong>Syntax:</strong></a> AuthDigestFile
     <em>filename</em><br />
      <a href="directive-dict.html#Context"
     rel="Help"><strong>Context:</strong></a> directory,
     .htaccess<br />
      <a href="directive-dict.html#Override"
     rel="Help"><strong>Override:</strong></a> AuthConfig<br />
      <a href="directive-dict.html#Status"
     rel="Help"><strong>Status:</strong></a> Base<br />
      <a href="directive-dict.html#Module"
     rel="Help"><strong>Module:</strong></a> mod_digest

     <p>The AuthDigestFile directive sets the name of a textual file
     containing the list of users and encoded passwords for digest
     authentication. <em>Filename</em> is the absolute path to the
     user file.</p>

     <p>Example</p>

     <code>AuthDigestFile /usr/local/apache/passwords/passwords.digest</code>

     <p>The digest file uses a special format. Files in this format
     can be created using the "<a href="../programs/htdigest.html">htdigest</a>"
     utility found in the support/ subdirectory of the Apache distribution.</p>

     <!--#include virtual="footer.html" -->
   </body>
 </html>
	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

	<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
	<meta name="generator" content="HTML Tidy, see www.w3.org" />

	<title>Apache module mod_digest</title>
	</head>
	<!-- Background white, links blue (unvisited), navy (visited), red (active) -->

	<body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
	vlink="#000080" alink="#FF0000">
	<!--#include virtual="header.html" -->

	<h1 align="CENTER">Module mod_digest</h1>

	<p>This module provides for user authentication using MD5
	Digest Authentication.</p>

	<p><a href="module-dict.html#Status"
	rel="Help"><strong>Status:</strong></a> Extension<br />
	<a href="module-dict.html#SourceFile"
	rel="Help"><strong>Source File:</strong></a> mod_digest.c<br />
	<a href="module-dict.html#ModuleIdentifier"
	rel="Help"><strong>Module Identifier:</strong></a>
	digest_module<br />
	<a href="module-dict.html#Compatibility"
	rel="Help"><strong>Compatibility:</strong></a> Available in
	Apache 1.1 and later.</p>

	<h2>Summary</h2>

	<p>This module implements an older version of the MD5 Digest
	Authentication specification. While suitable for most modern
	browsers, mod_digest is known to not work with Microsoft
	Internet Explorer. Please see <a
	href="mod_auth_digest.html">mod_auth_digest</a> for a module
	which implements the most recent version of the standard
	and does not suffer from the same limitations as mod_digest.</p>

	<h2>Directives</h2>

	<ul>
	<li><a href="#authdigestfile">AuthDigestFile</a></li>
	</ul>

	<h2>Using Digest Authentication</h2>

	<p>Using MD5 Digest authentication is very simple. Simply set
	up authentication normally. However, use "AuthType Digest" and
	"AuthDigestFile" instead of the normal "AuthType Basic" and
	"AuthUserFile".</p>

	<p>As to make sure that replay is not possible across
	sections of the site, or across sites (assuming a realm,
	userid and password are valid in that wider context) a
	secret nonce prefix can be configured with the
	core directive <a href="core.html#AuthDigestRealmSeed">AuthDigestRealmSeed</a>.
	</p>
	<p>If none if configured a sensible, but not particular
	secure, default is used. When used in load balancing
	situations the prefix should be shared across servers.
	</p>
	<p>The experimental <a href="mod_auth_digest.html">mod_auth_digest</a>
	module offers a number of additinal protections against replay.
	</p>

	<p>Everything else should remain the same.</p>

	<p>MD5 authentication provides a more secure password system,
	but only works with supporting browsers. As of this writing
	(December 2003) most major browsers, including
	<a href="http://www.microsoft.com/windows/ie/">MS Internet Explorer</a>,
	<a href="http://www.opera.com/">Opera</a>,
	<a href="http://www.netscape.com/">Netscape</a>,
	<a href="http://www.mozilla.org/">Mozilla</a>, and
	<a href="http://www.w3.org/Amaya/">Amaya</a>,
	support the Digest authentication scheme. However, of this list
	MS Internet Explorer is known to be incompatable with the
	older digest authentication format supported by this module.
	Therefore, we do not recommend using this module on a large
	Internet site. However, for personal and intra-net use, where
	browser users can be controlled, it is ideal.</p>

	<p>See also <a href="mod_auth_digest.html">mod_auth_digest</a>,
	which is an updated version of this module, in order to determine
	whether you want to use that module instead. In either case, if
	you are using one, you should not use the other, as they share
	some of the same configuration directives.</p>
	<hr />

	<h2><a id="authdigestfile"
	name="authdigestfile">AuthDigestFile</a> directive</h2>
	<a href="directive-dict.html#Syntax"
	rel="Help"><strong>Syntax:</strong></a> AuthDigestFile
	<em>filename</em><br />
	<a href="directive-dict.html#Context"
	rel="Help"><strong>Context:</strong></a> directory,
	.htaccess<br />
	<a href="directive-dict.html#Override"
	rel="Help"><strong>Override:</strong></a> AuthConfig<br />
	<a href="directive-dict.html#Status"
	rel="Help"><strong>Status:</strong></a> Base<br />
	<a href="directive-dict.html#Module"
	rel="Help"><strong>Module:</strong></a> mod_digest

	<p>The AuthDigestFile directive sets the name of a textual file
	containing the list of users and encoded passwords for digest
	authentication. <em>Filename</em> is the absolute path to the
	user file.</p>

	<p>Example</p>

	<code>AuthDigestFile /usr/local/apache/passwords/passwords.digest</code>

	<p>The digest file uses a special format. Files in this format
	can be created using the "<a href="../programs/htdigest.html">htdigest</a>"
	utility found in the support/ subdirectory of the Apache distribution.</p>

	<!--#include virtual="footer.html" -->
	</body>
	</html>