| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" |
| "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
| |
| <html xmlns="http://www.w3.org/1999/xhtml"> |
| <head> |
| <meta name="generator" content="HTML Tidy, see www.w3.org" /> |
| |
| <title>Apache module mod_digest</title> |
| </head> |
| <!-- Background white, links blue (unvisited), navy (visited), red (active) --> |
| |
| <body bgcolor="#FFFFFF" text="#000000" link="#0000FF" |
| vlink="#000080" alink="#FF0000"> |
| <!--#include virtual="header.html" --> |
| |
| <h1 align="CENTER">Module mod_digest</h1> |
| |
| <p>This module provides for user authentication using MD5 |
| Digest Authentication.</p> |
| |
| <p><a href="module-dict.html#Status" |
| rel="Help"><strong>Status:</strong></a> Extension<br /> |
| <a href="module-dict.html#SourceFile" |
| rel="Help"><strong>Source File:</strong></a> mod_digest.c<br /> |
| <a href="module-dict.html#ModuleIdentifier" |
| rel="Help"><strong>Module Identifier:</strong></a> |
| digest_module<br /> |
| <a href="module-dict.html#Compatibility" |
| rel="Help"><strong>Compatibility:</strong></a> Available in |
| Apache 1.1 and later.</p> |
| |
| <h2>Summary</h2> |
| |
| <p>This module implements an older version of the MD5 Digest |
| Authentication specification. While suitable for most modern |
| browsers, mod_digest is known to not work with Microsoft |
| Internet Explorer. Please see <a |
| href="mod_auth_digest.html">mod_auth_digest</a> for a module |
| which implements the most recent version of the standard |
| and does not suffer from the same limitations as mod_digest.</p> |
| |
| <h2>Directives</h2> |
| |
| <ul> |
| <li><a href="#authdigestfile">AuthDigestFile</a></li> |
| </ul> |
| |
| <h2>Using Digest Authentication</h2> |
| |
| <p>Using MD5 Digest authentication is very simple. Simply set |
| up authentication normally. However, use "AuthType Digest" and |
| "AuthDigestFile" instead of the normal "AuthType Basic" and |
| "AuthUserFile".</p> |
| |
| <p>As to make sure that replay is not possible across |
| sections of the site, or across sites (assuming a realm, |
| userid and password are valid in that wider context) a |
| secret nonce prefix can be configured with the |
| core directive <a href="core.html#AuthDigestRealmSeed">AuthDigestRealmSeed</a>. |
| </p> |
| <p>If none if configured a sensible, but not particular |
| secure, default is used. When used in load balancing |
| situations the prefix should be shared across servers. |
| </p> |
| <p>The experimental <a href="mod_auth_digest.html">mod_auth_digest</a> |
| module offers a number of additinal protections against replay. |
| </p> |
| |
| <p>Everything else should remain the same.</p> |
| |
| <p>MD5 authentication provides a more secure password system, |
| but only works with supporting browsers. As of this writing |
| (December 2003) most major browsers, including |
| <a href="http://www.microsoft.com/windows/ie/">MS Internet Explorer</a>, |
| <a href="http://www.opera.com/">Opera</a>, |
| <a href="http://www.netscape.com/">Netscape</a>, |
| <a href="http://www.mozilla.org/">Mozilla</a>, and |
| <a href="http://www.w3.org/Amaya/">Amaya</a>, |
| support the Digest authentication scheme. However, of this list |
| MS Internet Explorer is known to be incompatable with the |
| older digest authentication format supported by this module. |
| Therefore, we do not recommend using this module on a large |
| Internet site. However, for personal and intra-net use, where |
| browser users can be controlled, it is ideal.</p> |
| |
| <p>See also <a href="mod_auth_digest.html">mod_auth_digest</a>, |
| which is an updated version of this module, in order to determine |
| whether you want to use that module instead. In either case, if |
| you are using one, you should not use the other, as they share |
| some of the same configuration directives.</p> |
| <hr /> |
| |
| <h2><a id="authdigestfile" |
| name="authdigestfile">AuthDigestFile</a> directive</h2> |
| <a href="directive-dict.html#Syntax" |
| rel="Help"><strong>Syntax:</strong></a> AuthDigestFile |
| <em>filename</em><br /> |
| <a href="directive-dict.html#Context" |
| rel="Help"><strong>Context:</strong></a> directory, |
| .htaccess<br /> |
| <a href="directive-dict.html#Override" |
| rel="Help"><strong>Override:</strong></a> AuthConfig<br /> |
| <a href="directive-dict.html#Status" |
| rel="Help"><strong>Status:</strong></a> Base<br /> |
| <a href="directive-dict.html#Module" |
| rel="Help"><strong>Module:</strong></a> mod_digest |
| |
| <p>The AuthDigestFile directive sets the name of a textual file |
| containing the list of users and encoded passwords for digest |
| authentication. <em>Filename</em> is the absolute path to the |
| user file.</p> |
| |
| <p>Example</p> |
| |
| <code>AuthDigestFile /usr/local/apache/passwords/passwords.digest</code> |
| |
| <p>The digest file uses a special format. Files in this format |
| can be created using the "<a href="../programs/htdigest.html">htdigest</a>" |
| utility found in the support/ subdirectory of the Apache distribution.</p> |
| |
| <!--#include virtual="footer.html" --> |
| </body> |
| </html> |
| |