| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> |
| <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!-- |
| XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
| This file is generated from xml source: DO NOT EDIT |
| XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
| --><title>mod_auth_digest - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs-project/">Documentation</a> > <a href="../">Version 2.0</a> > <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Obsolete Apache Module mod_auth_digest</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description: |
| </a></th><td>User authentication using MD5 |
| Digest Authentication.</td></tr><tr><th><a href="module-dict.html#Status">Status: |
| </a></th><td>Obsolete<em> (obsolete since 2.0.44)</em><br /></td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier: |
| </a></th><td>auth_digest_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File: |
| </a></th><td>mod_auth_digest.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility: |
| </a></th><td>Available only in versions up to 2.0.43. The new module |
| that unfortunately is also named <code class="module"><a href="../mod/mod_auth_digest.html">mod_auth_digest</a></code> |
| includes support for the auth provider mechanism introduced |
| in 2.0.44.</td></tr></table><h3>Summary</h3> |
| <div class="warning"><h3>This module is obsolete!</h3> |
| <p>Note, that this module has been marked as obsolete. A bunch |
| of modules was introduced in Apache version 2.0.44 that |
| support the new Authentication/Authorization provider mechnism.</p> |
| |
| <p>In order to get the ability of HTTP Digest Authentication, you have |
| to use the new <code class="module"><a href="../mod/mod_auth_digest.html">mod_auth_digest</a></code> module that implements |
| the HTTP part. The user and group data management is provided by the |
| <code>mod_authn_*</code> and <code>mod_authz_*</code> modules. If you |
| want to use your existing user files, have a look at <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code>.</p> |
| |
| <p>This document is kept only for historical reasons and no |
| longer maintained.</p> |
| </div> |
| |
| <p>This module implements HTTP Digest Authentication. However, it |
| has not been extensively tested and is therefore marked |
| experimental.</p> |
| </div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authdigestalgorithm">AuthDigestAlgorithm</a></li> |
| <li><img alt="" src="../images/down.gif" /> <a href="#authdigestdomain">AuthDigestDomain</a></li> |
| <li><img alt="" src="../images/down.gif" /> <a href="#authdigestfile">AuthDigestFile</a></li> |
| <li><img alt="" src="../images/down.gif" /> <a href="#authdigestgroupfile">AuthDigestGroupFile</a></li> |
| <li><img alt="" src="../images/down.gif" /> <a href="#authdigestnccheck">AuthDigestNcCheck</a></li> |
| <li><img alt="" src="../images/down.gif" /> <a href="#authdigestnonceformat">AuthDigestNonceFormat</a></li> |
| <li><img alt="" src="../images/down.gif" /> <a href="#authdigestnoncelifetime">AuthDigestNonceLifetime</a></li> |
| <li><img alt="" src="../images/down.gif" /> <a href="#authdigestqop">AuthDigestQop</a></li> |
| </ul><h3>Topics</h3><ul id="topics"><li><img alt="" src="../images/down.gif" /> <a href="#using">Using Digest Authentication</a></li></ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="using" id="using">Using Digest Authentication</a></h2> |
| |
| <p>Using MD5 Digest authentication is very simple. Simply set |
| up authentication normally, using "AuthType Digest" and |
| "AuthDigestFile" instead of the normal "AuthType Basic" and |
| "AuthUserFile"; also, replace any "AuthGroupFile" with |
| "AuthDigestGroupFile". Then add a "AuthDigestDomain" directive |
| containing at least the root URI(s) for this protection space. |
| Example:</p> |
| |
| <div class="example"><p><code> |
| <Location /private/><br /> |
| <span class="indent"> |
| AuthType Digest<br /> |
| AuthName "private area"<br /> |
| AuthDigestDomain /private/ http://mirror.my.dom/private2/<br /> |
| AuthDigestFile /web/auth/.digest_pw<br /> |
| Require valid-user<br /> |
| </span> |
| </Location> |
| </code></p></div> |
| |
| <div class="note"><h3>Note</h3> |
| <p>Digest authentication provides a more secure password system |
| than Basic authentication, but only works with supporting |
| browsers. As of July 2002, the major browsers that support digest |
| authentication are <a href="http://www.opera.com/">Opera</a>, <a href="http://www.microsoft.com/windows/ie/">MS Internet |
| Explorer</a> (fails when used with a query string), <a href="http://www.w3.org/Amaya/">Amaya</a> and <a href="http://www.mozilla.org">Mozilla</a>. Since digest |
| authentication is not as widely implemented as basic |
| authentication, you should use it only in controlled settings.</p> |
| </div> |
| </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestAlgorithm" id="AuthDigestAlgorithm">AuthDigestAlgorithm</a> <a name="authdigestalgorithm" id="authdigestalgorithm">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: |
| </a></th><td>Selects the algorithm used to calculate the challenge and |
| response hases in digest authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax: |
| </a></th><td><code>AuthDigestAlgorithm MD5|MD5-sess</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: |
| </a></th><td><code>AuthDigestAlgorithm MD5</code></td></tr><tr><th><a href="directive-dict.html#Context">Context: |
| </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override: |
| </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status: |
| </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module: |
| </a></th><td>mod_auth_digest</td></tr></table> |
| <p>The <code class="directive">AuthDigestAlgorithm</code> directive |
| selects the algorithm used to calculate the challenge and response |
| hashes.</p> |
| |
| <div class="note"> |
| <code>MD5-sess</code> is not correctly implemented yet. |
| </div> |
| |
| </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestDomain" id="AuthDigestDomain">AuthDigestDomain</a> <a name="authdigestdomain" id="authdigestdomain">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: |
| </a></th><td>URIs that are in the same protection space for digest |
| authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax: |
| </a></th><td><code>AuthDigestDomain <var>URI</var> [<var>URI</var>] ...</code></td></tr><tr><th><a href="directive-dict.html#Context">Context: |
| </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override: |
| </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status: |
| </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module: |
| </a></th><td>mod_auth_digest</td></tr></table> |
| <p>The <code class="directive">AuthDigestDomain</code> directive allows |
| you to specify one or more URIs which are in the same protection |
| space (i.e. use the same realm and username/password info). The |
| specified URIs are prefixes, i.e. the client will assume that all |
| URIs "below" these are also protected by the same |
| username/password. The URIs may be either absolute URIs |
| (i.e. inluding a scheme, host, port, etc) or relative URIs.</p> |
| |
| <p>This directive <em>should</em> always be specified and |
| contain at least the (set of) root URI(s) for this space. |
| Omitting to do so will cause the client to send the |
| Authorization header for <em>every request</em> sent to this |
| server. Apart from increasing the size of the request, it may |
| also have a detrimental effect on performance if |
| "AuthDigestNcCheck" is on.</p> |
| |
| <p>The URIs specified can also point to different servers, in |
| which case clients (which understand this) will then share |
| username/password info across multiple servers without |
| prompting the user each time. </p> |
| </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestFile" id="AuthDigestFile">AuthDigestFile</a> <a name="authdigestfile" id="authdigestfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: |
| </a></th><td>Location of the text file containing the list |
| of users and encoded passwords for digest authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax: |
| </a></th><td><code>AuthDigestFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context: |
| </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override: |
| </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status: |
| </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module: |
| </a></th><td>mod_auth_digest</td></tr></table> |
| <p>The <code class="directive">AuthDigestFile</code> directive sets the |
| name of a textual file containing the list of users and encoded |
| passwords for digest authentication. <var>File-path</var> is the |
| absolute path to the user file.</p> |
| |
| <p>The digest file uses a special format. Files in this format |
| can be created using the <a href="../programs/htdigest.html">htdigest</a> utility found in |
| the support/ subdirectory of the Apache distribution.</p> |
| </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestGroupFile" id="AuthDigestGroupFile">AuthDigestGroupFile</a> <a name="authdigestgroupfile" id="authdigestgroupfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: |
| </a></th><td>Name of the text file containing the list of groups |
| for digest authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax: |
| </a></th><td><code>AuthDigestGroupFile <var>file-path</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context: |
| </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override: |
| </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status: |
| </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module: |
| </a></th><td>mod_auth_digest</td></tr></table> |
| <p>The <code class="directive">AuthDigestGroupFile</code> directive sets |
| the name of a textual file containing the list of groups and their |
| members (user names). <var>File-path</var> is the absolute path to |
| the group file.</p> |
| |
| <p>Each line of the group file contains a groupname followed by |
| a colon, followed by the member usernames separated by spaces. |
| Example:</p> |
| |
| <div class="example"><p><code>mygroup: bob joe anne</code></p></div> |
| |
| <p>Note that searching large text files is <em>very</em> |
| inefficient.</p> |
| |
| <p>Security: make sure that the AuthGroupFile is stored outside |
| the document tree of the web-server; do <em>not</em> put it in |
| the directory that it protects. Otherwise, clients will be able |
| to download the AuthGroupFile.</p> |
| </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestNcCheck" id="AuthDigestNcCheck">AuthDigestNcCheck</a> <a name="authdigestnccheck" id="authdigestnccheck">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: |
| </a></th><td>Enables or disables checking of the nonce-count sent by the |
| server</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax: |
| </a></th><td><code>AuthDigestNcCheck On|Off</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: |
| </a></th><td><code>AuthDigestNcCheck Off</code></td></tr><tr><th><a href="directive-dict.html#Context">Context: |
| </a></th><td>server config</td></tr><tr><th><a href="directive-dict.html#Status">Status: |
| </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module: |
| </a></th><td>mod_auth_digest</td></tr></table> |
| <div class="note"> |
| Not implemented yet. |
| </div> |
| |
| </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestNonceFormat" id="AuthDigestNonceFormat">AuthDigestNonceFormat</a> <a name="authdigestnonceformat" id="authdigestnonceformat">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: |
| </a></th><td>Determines how the nonce is generated</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax: |
| </a></th><td><code>AuthDigestNonceFormat <var>format</var></code></td></tr><tr><th><a href="directive-dict.html#Context">Context: |
| </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override: |
| </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status: |
| </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module: |
| </a></th><td>mod_auth_digest</td></tr></table> |
| <p><strong>Not implemented yet.</strong> |
| </p> |
| </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestNonceLifetime" id="AuthDigestNonceLifetime">AuthDigestNonceLifetime</a> <a name="authdigestnoncelifetime" id="authdigestnoncelifetime">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: |
| </a></th><td>How long the server nonce is valid</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax: |
| </a></th><td><code>AuthDigestNonceLifetime <var>seconds</var></code></td></tr><tr><th><a href="directive-dict.html#Default">Default: |
| </a></th><td><code>AuthDigestNonceLifetime 300</code></td></tr><tr><th><a href="directive-dict.html#Context">Context: |
| </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override: |
| </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status: |
| </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module: |
| </a></th><td>mod_auth_digest</td></tr></table> |
| <p>The <code class="directive">AuthDigestNonceLifetime</code> directive |
| controls how long the server nonce is valid. When the client |
| contacts the server using an expired nonce the server will send |
| back a 401 with <code>stale=true</code>. If <var>seconds</var> is |
| greater than 0 then it specifies the amount of time for which the |
| nonce is valid; this should probably never be set to less than 10 |
| seconds. If <var>seconds</var> is less than 0 then the nonce never |
| expires. |
| </p> |
| </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDigestQop" id="AuthDigestQop">AuthDigestQop</a> <a name="authdigestqop" id="authdigestqop">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: |
| </a></th><td>Determines the quality-of-protection to use in digest |
| authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax: |
| </a></th><td><code>AuthDigestQop none|auth|auth-int [auth|auth-int]</code></td></tr><tr><th><a href="directive-dict.html#Default">Default: |
| </a></th><td><code>AuthDigestQop auth</code></td></tr><tr><th><a href="directive-dict.html#Context">Context: |
| </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override: |
| </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status: |
| </a></th><td>Obsolete</td></tr><tr><th><a href="directive-dict.html#Module">Module: |
| </a></th><td>mod_auth_digest</td></tr></table> |
| <p>The <code class="directive">AuthDigestQop</code> directive determines |
| the quality-of-protection to use. <code>auth</code> will only do |
| authentication (username/password); <code>auth-int</code> is |
| authentication plus integrity checking (an MD5 hash of the entity |
| is also computed and checked); <code>none</code> will cause the module |
| to use the old RFC-2069 digest algorithm (which does not include |
| integrity checking). Both <code>auth</code> and <code>auth-int</code> may |
| be specified, in which the case the browser will choose which of |
| these to use. <code>none</code> should only be used if the browser for |
| some reason does not like the challenge it receives otherwise.</p> |
| |
| <div class="note"> |
| <code>auth-int</code> is not implemented yet. |
| </div> |
| </div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html> |