|
Apache HTTP Server Version 1.3
Module mod_digest
This module provides for user authentication using MD5 Digest Authentication.
Status:
Extension
Source
File: mod_digest.c
Module
Identifier: digest_module
Compatibility:
Available in Apache 1.1 and later.
Summary
This module implements an older version of the MD5 Digest Authentication specification
which will probably not work with modern browsers. Please see
mod_auth_digest for a module
which implements the most recent version of the standard.
Directives
Using Digest Authentication
Using MD5 Digest authentication is very simple. Simply set up authentication normally.
However, use "AuthType Digest" and "AuthDigestFile" instead of the normal
"AuthType Basic" and "AuthUserFile". Everything else should remain the
same.
MD5 authentication provides a more secure password system, but only works with supporting
browsers. As of this writing (January 2002), the only major browsers which support digest
authentication are Opera 4.0, MS Internet Explorer 5.0 and Amaya. Therefore, we do not recommend using this feature
on a large Internet site. However, for personal and intra-net use, where browser users can be
controlled, it is ideal.
See also mod_auth_digest,
which is an updated version of this module, in order to determine whether you want to use that
module instead. In either case, if you are using one, you should not use the other, as they
share some of the same configuration directives.
Syntax:
AuthDigestFile filename
Context:
directory, .htaccess
Override:
AuthConfig
Status:
Base
Module:
mod_digest
The AuthDigestFile directive sets the name of a textual file containing the list of users
and encoded passwords for digest authentication. Filename is the absolute path to the
user file.
Example
AuthDigestFile /usr/local/apache/passwords/passwords.digest
The digest file uses a special format. Files in this format can be created using the "htdigest" utility found in
the support/ subdirectory of the Apache distribution.
|
