| <?xml version="1.0" encoding="EUC-KR" ?> |
| <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> |
| <?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?> |
| <!-- English Revision: 1.16 --> |
| |
| <!-- |
| Copyright 2004 The Apache Software Foundation |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| |
| <modulesynopsis metafile="mod_auth_digest.xml.meta"> |
| |
| <name>mod_auth_digest</name> |
| <description>MD5 Digest AuthenticationÀ» »ç¿ëÇÑ »ç¿ëÀÚÀÎÁõ.</description> |
| <status>Experimental</status> |
| <sourcefile>mod_auth_digest.c</sourcefile> |
| <identifier>auth_digest_module</identifier> |
| |
| <summary> |
| <p>ÀÌ ¸ðµâÀº HTTP Digest AuthenticationÀ» ±¸ÇöÇÑ´Ù. |
| ±×·¯³ª ¸¹Àº Å×½ºÆ®¸¦ °ÅÄ¡Áö ¾ÊÀº ½ÇÇèÀûÀÎ ¸ðµâÀÌ´Ù.</p> |
| </summary> |
| |
| <seealso><directive module="core">AuthName</directive></seealso> |
| <seealso><directive module="core">AuthType</directive></seealso> |
| <seealso><directive module="core">Require</directive></seealso> |
| <seealso><directive module="core">Satisfy</directive></seealso> |
| |
| <section id="using"><title>Digest Authentication »ç¿ëÇϱâ</title> |
| |
| <p>MD5 Digest authenticationÀº ¸Å¿ì ½±°Ô »ç¿ëÇÒ ¼ö ÀÖ´Ù. |
| <code>AuthType Basic</code>°ú <directive |
| module="mod_auth_basic">AuthBasicProvider</directive> ´ë½Å |
| <code>AuthType Digest</code>¿Í <directive |
| module="mod_auth_digest">AuthDigestProvider</directive>¸¦ |
| »ç¿ëÇÏ¿© °£´ÜÈ÷ ÀÎÁõÀ» ¼³Á¤ÇÒ ¼ö ÀÖ´Ù. ±×¸®°í ÃÖ¼ÒÇÑ º¸È£ÇÏ·Á´Â |
| ¿µ¿ªÀÇ ±âº» URIÀ» <directive module="mod_auth_digest" |
| >AuthDigestDomain</directive> Áö½Ã¾î¿¡ »ç¿ëÇÑ´Ù.</p> |
| |
| <p><a href="../programs/htdigest.html">htdigest</a> µµ±¸¸¦ |
| »ç¿ëÇÏ¿© »ç¿ëÀÚ (¹®ÀÚ)ÆÄÀÏÀ» ¸¸µé ¼ö ÀÖ´Ù.</p> |
| |
| <example><title>¿¹Á¦:</title> |
| <Location /private/><br /> |
| <indent> |
| AuthType Digest<br /> |
| AuthName "private area"<br /> |
| AuthDigestDomain /private/ http://mirror.my.dom/private2/<br /> |
| <br /> |
| AuthDigestProvider file<br /> |
| AuthUserFile /web/auth/.digest_pw<br /> |
| Require valid-user<br /> |
| </indent> |
| </Location> |
| </example> |
| |
| <note><title>ÁÖÀÇ</title> |
| <p>Digest authenticationÀº Basic authenticationº¸´Ù ´õ |
| ¾ÈÀüÇÑ ¾ÏÈ£½Ã½ºÅÛÀ» Á¦°øÇÏÁö¸¸, ºê¶ó¿ìÀú°¡ Áö¿øÇØ¾ß ÇÑ´Ù. |
| 2002³â 11¿ù ÇöÀç digest authenticationÀ» Áö¿øÇÏ´Â ºê¶ó¿ìÀú¿¡´Â |
| <a href="http://www.opera.com/">Opera</a>, (ÁúÀǹ®ÀÚ¿°ú |
| ÇÔ²² »ç¿ëÇÒ ¼ö ¾øÁö¸¸) <a |
| href="http://www.microsoft.com/windows/ie/">MS Internet |
| Explorer</a>, <a |
| href="http://www.w3.org/Amaya/">Amaya</a>, <a |
| href="http://www.mozilla.org">Mozilla</a>, ¹öÀü 7 ÀÌÈÄÀÇ |
| <a href="http://channels.netscape.com/ns/browsers/download.jsp" |
| >Netscape</a> µîÀÌ ÀÖ´Ù. digest authenticationÀÌ basic |
| authentication ¸¸Å ³Î¸® ±¸ÇöµÇÁö ¾Ê¾Ò±â¶§¹®¿¡ ÁÖÀÇÇؼ |
| »ç¿ëÇØ¾ß ÇÑ´Ù.</p> |
| </note> |
| </section> |
| |
| <directivesynopsis> |
| <name>AuthDigestProvider</name> |
| <description>ÀÌ À§Ä¡¿¡ ´ëÇÑ ÀÎÁõÁ¦°øÀÚ¸¦ ÁöÁ¤ÇÑ´Ù</description> |
| <syntax>AuthDigestProvider On|Off|<var>provider-name</var> |
| [<var>provider-name</var>] ...</syntax> |
| <default>AuthDigestProvider On</default> |
| <contextlist><context>directory</context><context>.htaccess</context> |
| </contextlist> |
| <override>AuthConfig</override> |
| |
| <usage> |
| <p><directive>AuthDigestProvider</directive> Áö½Ã¾î´Â ÀÌ |
| À§Ä¡¿¡¼ »ç¿ëÀÚ¸¦ ÀÎÁõÇÒ Á¦°øÀÚ¸¦ ÁöÁ¤ÇÑ´Ù. °ªÀÌ |
| <code>On</code>ÀÌ¸é ±âº»Á¦°øÀÚ(<code>file</code>)¸¦ »ç¿ëÇÑ´Ù. |
| <module>mod_authn_file</module> ¸ðµâÀÌ <code>file</code> |
| Á¦°øÀÚ¸¦ ±¸ÇöÇϱ⶧¹®¿¡ ¼¹ö¿¡ ÀÌ ¸ðµâÀÌ ÀÖ´ÂÁö È®ÀÎÇØ¾ß |
| ÇÑ´Ù.</p> |
| |
| <p>Á¦°øÀÚ´Â <module>mod_authn_dbm</module>°ú |
| <module>mod_authn_file</module>À» Âü°íÇ϶ó.</p> |
| |
| <p>°ªÀÌ <code>Off</code>À̸é Á¦°øÀÚ ¸ñ·ÏÀ» Áö¿ì°í ±âº»»óÅ·Π|
| µ¹¾Æ°£´Ù.</p> |
| </usage> |
| </directivesynopsis> |
| |
| <directivesynopsis> |
| <name>AuthDigestQop</name> |
| <description>digest authentication°¡ »ç¿ëÇÒ |
| º¸È£¼öÁØ(quality-of-protection)À» ÁöÁ¤ÇÑ´Ù.</description> |
| <syntax>AuthDigestQop none|auth|auth-int [auth|auth-int]</syntax> |
| <default>AuthDigestQop auth</default> |
| <contextlist><context>directory</context><context>.htaccess</context> |
| </contextlist> |
| <override>AuthConfig</override> |
| |
| <usage> |
| <p><directive>AuthDigestQop</directive> Áö½Ã¾î´Â |
| <dfn>º¸È£¼öÁØ(quality-of-protection)</dfn>À» ÁöÁ¤ÇÑ´Ù. |
| <code>auth</code>´Â (»ç¿ëÀÚ¸í/¾ÏÈ£) ÀÎÁõ¸¸ ÇÏ°í, |
| <code>auth-int</code>´Â ÀÎÁõ°ú ¿Ï°á¼º °Ë»ç¸¦ (MD5 Çؽ¬µµ |
| °è»êÇÏ¿© °Ë»çÇÑ´Ù) ÇÑ´Ù. <code>none</code>Àº (¿Ï°á¼º °Ë»ç¸¦ |
| ÇÏÁö¾Ê´Â) ¿À·¡µÈ RFC-2069 digest ¾Ë°í¸®ÁòÀ» »ç¿ëÇÑ´Ù. |
| <code>auth</code>¿Í <code>auth-int</code>¸¦ ¸ðµÎ ÁöÁ¤ÇÒ |
| ¼ö ÀÖ´Ù. ÀÌ °æ¿ì ºê¶ó¿ìÀú´Â ¾î¶² °ÍÀ» »ç¿ëÇÒÁö ¼±ÅÃÇÑ´Ù. |
| ºê¶ó¿ìÀú°¡ ¾î´ø ÀÌÀ¯¿¡¼°Ç challenge¸¦ ÁÁ¾ÆÇÏÁö ¾Ê´Â´Ù¸é |
| <code>none</code>À» »ç¿ëÇØ¾ß ÇÑ´Ù.</p> |
| |
| <note> |
| <code>auth-int</code>´Â ¾ÆÁ÷ ±¸ÇöµÇÁö ¾Ê¾Ò´Ù. |
| </note> |
| </usage> |
| </directivesynopsis> |
| |
| <directivesynopsis> |
| <name>AuthDigestNonceLifetime</name> |
| <description>¼¹ö nonce°¡ À¯È¿ÇÑ ±â°£</description> |
| <syntax>AuthDigestNonceLifetime <var>seconds</var></syntax> |
| <default>AuthDigestNonceLifetime 300</default> |
| <contextlist><context>directory</context><context>.htaccess</context> |
| </contextlist> |
| <override>AuthConfig</override> |
| |
| <usage> |
| <p><directive>AuthDigestNonceLifetime</directive> Áö½Ã¾î´Â |
| ¼¹ö nonce°¡ À¯È¿ÇÑ ±â°£À» Á¶ÀýÇÑ´Ù. Ŭ¶óÀ̾ðÆ®°¡ ¸¸±âµÈ |
| nonce¸¦ °¡Áö°í ¼¹ö¿¡ Á¢±ÙÇÏ¸é ¼¹ö´Â <code>stale=true</code>¿Í |
| ÇÔ²² 401À» ¹ÝȯÇÑ´Ù. <var>seconds</var>°¡ 0º¸´Ù Å©¸é nonce°¡ |
| À¯È¿ÇÑ ±â°£À» ÁöÁ¤ÇÑ´Ù. ¾Æ¸¶µµ 10 Ãʺ¸´Ù ÀÛ°Ô ¼³Á¤ÇÏ¸é ¾ÈµÈ´Ù. |
| <var>seconds</var>°¡ 0º¸´Ù ÀÛÀ¸¸é nonce´Â ¿µ¿øÈ÷ ¸¸±âµÇÁö |
| ¾Ê´Â´Ù. <!-- ¾ÆÁ÷ ±¸ÇöµÇÁö ¾Ê¾ÒÀ½: <var>seconds</var>°¡ |
| 0À̸é Ŭ¶óÀ̾ðÆ®´Â Á¤È®È÷ Çѹø¸¸ nonce¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Ù. |
| Çѹø¸¸ »ç¿ëÇÒ ¼ö ÀÖ´Â nonce´Â Àç»ý°ø°Ý(replay attack)¿¡ |
| ´ëÇØ ´õ ¾ÈÀüÇÑ º¸¾ÈÀ» Á¦°øÇÏÁö¸¸, ºê¶ó¿ìÀú°¡ ¿äûµéÀ» ¿¬¼ÓÇؼ |
| º¸³»°Å³ª ¿©·¯ ¿¬°áÀ» µ¿½Ã¿¡ ÇÒ ¼ö°¡ ¾ø¾î¼ ¼º´ÉÀÌ »ó´çÈ÷ |
| ¶³¾îÁú ¼ö ÀÖÀ½À» ÁÖÀÇÇ϶ó. ºê¶ó¿ìÀú´Â nonce¸¦ ÀÌ¹Ì »ç¿ëÇÏ¿´´ÂÁö |
| ½±°Ô ¾Ë¾Æ³¾ ¼ö ¾ø±â¶§¹®¿¡ ¿äûÀ» ¿¬¼ÓÇؼ º¸³½ÈÄ, ù¹ø° |
| ¿äûÀ» Á¦¿ÜÇÏ°í 401 ÀÀ´äÀ» ¹ÞÀº ´ÙÀ½ ¿äûÀ» ´Ù½Ã º¸³»°Ô |
| µÈ´Ù. ¶Ç Àç»ý°ø°Ý¿¡ ´ëÇÑ º¸È£´Â POST ¿äû°ú °°ÀÌ µ¿ÀûÀ¸·Î |
| ³»¿ëÀ» »ý¼ºÇÏ´Â °æ¿ì¿¡¸¸ Àǹ̰¡ ÀÖÀ½À» ÁÖÀÇÇ϶ó. Á¤ÀûÀÎ |
| ³»¿ëÀÇ °æ¿ì °ø°ÝÀÚ´Â ÀÌ¹Ì ¿ÏÀüÇÑ ³»¿ëÀ» °¡Áö°í ÀÖÀ¸¹Ç·Î, |
| Çѹø¸¸ »ç¿ëÇÒ ¼ö ÀÖ´Â nonce´Â Àǹ̰¡ ¾ø´Ù. --> |
| </p> |
| </usage> |
| </directivesynopsis> |
| |
| <directivesynopsis> |
| <name>AuthDigestNonceFormat</name> |
| <description>nonce¸¦ ¸¸µå´Â ¹æ¹ýÀ» °áÁ¤ÇÑ´Ù</description> |
| <syntax>AuthDigestNonceFormat <var>format</var></syntax> |
| <contextlist><context>directory</context><context>.htaccess</context> |
| </contextlist> |
| <override>AuthConfig</override> |
| |
| <usage> |
| <note>¾ÆÁ÷ ±¸ÇöµÇÁö ¾Ê¾Ò´Ù.</note> |
| <!-- AuthDigestNonceFormat Áö½Ã¾î´Â nonce¸¦ ¸¸µå´Â ¹æ¹ýÀ» |
| °áÁ¤ÇÑ´Ù. --> |
| </usage> |
| </directivesynopsis> |
| |
| <directivesynopsis> |
| <name>AuthDigestNcCheck</name> |
| <description>¼¹ö°¡ º¸³»´Â nonce-count¸¦ °Ë»çÇÒÁö ¿©ºÎ</description> |
| <syntax>AuthDigestNcCheck On|Off</syntax> |
| <default>AuthDigestNcCheck Off</default> |
| <contextlist><context>server config</context></contextlist> |
| |
| <usage> |
| <note> |
| ¾ÆÁ÷ ±¸ÇöµÇÁö ¾Ê¾Ò´Ù. |
| </note> |
| <!-- |
| <p>AuthDigestNcCheck Áö½Ã¾î´Â ¼¹ö°¡ º¸³»´Â nonce-count¸¦ |
| °Ë»çÇÒÁö °áÁ¤ÇÑ´Ù.</p> |
| |
| <p>º¸¾È»ó ±ÇÀåÇÏÁö¸¸ ÀÌ Áö½Ã¾î¸¦ OnÀ¸·Î ¼³Á¤ÇÏ¸é ¼º´ÉÀÌ |
| Å©°Ô ¶³¾îÁø´Ù. nonce-count¸¦ °Ë»çÇÏ·Á¸é (digest authentication |
| ¿©ºÎ¿Í °ü°è¾øÀÌ Authorization Çì´õ¸¦ º¸³»´Â) *¸ðµç* ¿äûÀ» |
| ÀӰ迵¿ª(critical section)À» ÅëÇØ Ã³¸®ÇØ¾ß ÇÑ´Ù. ¼¹ö°¡ |
| Authorization Çì´õ¸¦ Æ÷ÇÔÇÑ ¸Å¿ì ¸¹Àº ¿äûÀ» ó¸®ÇÑ´Ù¸é |
| ¼º´ÉÀÌ ÇöÀúÈ÷ ¶³¾îÁú ¼ö ÀÖ´Ù.</p> |
| --> |
| </usage> |
| </directivesynopsis> |
| |
| <directivesynopsis> |
| <name>AuthDigestAlgorithm</name> |
| <description>digest authentication¿¡¼ challenge¿Í response |
| hash¸¦ °è»êÇÏ´Â ¾Ë°í¸®ÁòÀ» ¼±ÅÃÇÑ´Ù</description> |
| <syntax>AuthDigestAlgorithm MD5|MD5-sess</syntax> |
| <default>AuthDigestAlgorithm MD5</default> |
| <contextlist><context>directory</context><context>.htaccess</context> |
| </contextlist> |
| <override>AuthConfig</override> |
| |
| <usage> |
| <p><directive>AuthDigestAlgorithm</directive> Áö½Ã¾î´Â |
| challenge¿Í response hash¸¦ °è»êÇÏ´Â ¾Ë°í¸®ÁòÀ» ¼±ÅÃÇÑ´Ù.</p> |
| |
| <note> |
| <code>MD5-sess</code>´Â ¾ÆÁ÷ ¿ÏÀüÈ÷ ±¸ÇöµÇÁö ¾Ê¾Ò´Ù. |
| </note> |
| <!-- |
| <p><code>MD5-sess</code>¸¦ »ç¿ëÇÏ·Á¸é |
| <code>mod_auth_digest.c</code>ÀÇ <code>get_userpw_hash()</code> |
| ÇÔ¼ö¸¦ ¸ÕÀú ÀÛ¼ºÇØ¾ß ÇÑ´Ù.</p> |
| --> |
| </usage> |
| </directivesynopsis> |
| |
| <directivesynopsis> |
| <name>AuthDigestDomain</name> |
| <description>digest authentication¿¡¼ °°Àº º¸È£¿µ¿ª¿¡ ¼ÓÇÏ´Â |
| URIµé</description> |
| <syntax>AuthDigestDomain <var>URI</var> [<var>URI</var>] ...</syntax> |
| <contextlist><context>directory</context><context>.htaccess</context> |
| </contextlist> |
| <override>AuthConfig</override> |
| |
| <usage> |
| <p><directive>AuthDigestDomain</directive> Áö½Ã¾î´Â °°Àº |
| º¸È£¿µ¿ª¿¡ ÀÖ´Â (<em>¿¹¸¦ µé¾î</em> °°Àº ¿µ¿ª°ú »ç¿ëÀÚ¸í/¾ÏÈ£ |
| Á¤º¸¸¦ »ç¿ëÇÏ´Â) URIµéÀ» ÁöÁ¤ÇÑ´Ù. ÁöÁ¤ÇÑ URI´Â Á¢µÎ»ç·Î |
| »ç¿ëÇÑ´Ù. Ŭ¶óÀ̾ðÆ®´Â URI "¾Æ·¡" ¸ðµÎ¸¦ |
| °°Àº »ç¿ëÀÚ¸í/¾ÏÈ£·Î º¸È£ÇÑ´Ù°í °¡Á¤ÇÑ´Ù. URI´Â |
| (<em>Áï</em>, ½ºÅ´(scheme), È£½ºÆ®, Æ÷Æ® µîÀ» Æ÷ÇÔÇÏ´Â) |
| Àý´ë URLÀ̰ųª »ó´ë URIÀÌ´Ù.</p> |
| |
| <p>ÀÌ Áö½Ã¾î´Â Ç×»ó <em>ÁöÁ¤Çؾß</em> Çϸç, ÃÖ¼ÒÇÑ ¿µ¿ªµéÀÇ |
| ±âº» URI(µé)¸¦ Æ÷ÇÔ<em>Çؾß</em> ÇÑ´Ù. »ý·«Çϸé Ŭ¶óÀ̾ðÆ®´Â |
| ÀÌ ¼¹ö·Î º¸³»´Â <em>¸ðµç ¿äû</em>¿¡ Authorization Çì´õ¸¦ |
| Æ÷ÇÔÇÑ´Ù. ±×·¯¸é ¿äûÀÇ Å©±â°¡ Ä¿Áö¸ç, <directive |
| module="mod_auth_digest">AuthDigestNcCheck</directive>¸¦ |
| »ç¿ëÇÑ´Ù¸é ¼º´É¿¡ ³ª»Û ¿µÇâÀ» ÁÙ ¼ö ÀÖ´Ù.</p> |
| |
| <p>´Ù¸¥ ¼¹öÀÇ URI¸¦ ÁöÁ¤Çϸé, (À̸¦ ÀÌÇØÇÏ´Â) Ŭ¶óÀ̾ðÆ®´Â |
| ¿©·¯ ¼¹ö¸¶´Ù ¸Å¹ø »ç¿ëÀÚ¿¡°Ô ¹¯Áö¾Ê°í °°Àº »ç¿ëÀÚ¸í/¾ÏÈ£¸¦ |
| »ç¿ëÇÒ ¼ö ÀÖ´Ù.</p> |
| </usage> |
| </directivesynopsis> |
| |
| <directivesynopsis> |
| <name>AuthDigestShmemSize</name> |
| <description>Ŭ¶óÀ̾ðÆ®¸¦ ÃßÀûÇϱâÀ§ÇØ ÇÒ´çÇÏ´Â °øÀ¯¸Þ¸ð¸®·®</description> |
| <syntax>AuthDigestShmemSize <var>size</var></syntax> |
| <default>AuthDigestShmemSize 1000</default> |
| <contextlist><context>server config</context></contextlist> |
| |
| <usage> |
| <p><directive>AuthDigestShmemSize</directive> Áö½Ã¾î´Â |
| Ŭ¶óÀ̾ðÆ®¸¦ ÃßÀûÇϱâÀ§ÇØ ¼¹ö°¡ ½ÃÀÛÇÒ¶§ ÇÒ´çÇÏ´Â |
| °øÀ¯¸Þ¸ð¸®·®À» Á¤ÀÇÇÑ´Ù. °øÀ¯¸Þ¸ð¸®´Â ÃÖ¼ÒÇÑ <em>ÇϳªÀÇ</em> |
| Ŭ¶óÀ̾ðÆ®¸¦ ÃßÀûÇϱâÀ§ÇØ ÇÊ¿äÇÑ °ø°£º¸´Ù ÀÛÀ» ¼ö ¾øÀ½À» |
| ÁÖÀÇÇ϶ó. ÀÌ °ªÀº ½Ã½ºÅÛ¿¡ µû¶ó ´Ù¸£´Ù. Á¤È®ÇÑ °ªÀ» ¾Ë·Á¸é |
| <directive>AuthDigestShmemSize</directive>¸¦ <code>0</code>À¸·Î |
| ¼³Á¤ÇÏ°í ¼¹ö¸¦ ½ÃÀÛÇÑÈÄ ¿À·ù¹®À» Âü°íÇ϶ó.</p> |
| |
| <p><var>size</var>´Â º¸Åë ¹ÙÀÌÆ® ´ÜÀ§ÀÌÁö¸¸, µÚ¿¡ |
| <code>K</code>³ª <code>M</code>À» »ç¿ëÇÏ¿© KBytes³ª MBytes¸¦ |
| ³ªÅ¸³¾ ¼ö ÀÖ´Ù. ¿¹¸¦ µé¾î, ´ÙÀ½ Áö½Ã¾îµéÀº ¸ðµÎ °°´Ù:</p> |
| |
| <example> |
| AuthDigestShmemSize 1048576<br /> |
| AuthDigestShmemSize 1024K<br /> |
| AuthDigestShmemSize 1M |
| </example> |
| </usage> |
| </directivesynopsis> |
| |
| </modulesynopsis> |