mirror of
				https://github.com/apache/httpd.git
				synced 2025-10-24 10:53:08 +03:00 
			
		
		
		
	git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95313 13f79535-47bb-0310-9956-ffa450edef68
		
			
				
	
	
		
			134 lines
		
	
	
		
			16 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			134 lines
		
	
	
		
			16 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| <html xmlns="http://www.w3.org/TR/xhtml1/strict"><head><!-- 
 | |
|           XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 | |
|                 This file is generated from xml source: DO NOT EDIT
 | |
|           XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 | |
|         --><title>mod_auth_digest- Apache HTTP Server</title><link href="../style/manual.css" type="text/css" rel="stylesheet"/></head><body><blockquote><div align="center"><img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]"/><h3>Apache HTTP Server Version 2.0</h3></div><h1 align="center">Apache Module mod_auth_digest</h1><table cellspacing="1" cellpadding="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td valign="top"><span class="help">Description:</span></td><td>User authentication using MD5
 | |
|     Digest Authentication.</td></tr><tr><td><a href="module-dict.html#Status" class="help">Status:</a></td><td>Experimental</td></tr><tr><td><a href="module-dict.html#ModuleIdentifier" class="help">Module Identifier:</a></td><td>auth_digest_module</td></tr></table></td></tr></table><h2>Summary</h2>
 | |
|     <p>This module implements HTTP Digest Authentication.  However, it
 | |
|     has not been extensively tested and is therefore marked
 | |
|     experimental.</p>
 | |
| <h2>Directives</h2><ul><li><a href="#authdigestalgorithm">AuthDigestAlgorithm</a></li><li><a href="#authdigestdomain">AuthDigestDomain</a></li><li><a href="#authdigestfile">AuthDigestFile</a></li><li><a href="#authdigestgroupfile">AuthDigestGroupFile</a></li><li><a href="#authdigestnccheck">AuthDigestNcCheck</a></li><li><a href="#authdigestnonceformat">AuthDigestNonceFormat</a></li><li><a href="#authdigestnoncelifetime">AuthDigestNonceLifetime</a></li><li><a href="#authdigestqop">AuthDigestQop</a></li></ul><p><strong>See also </strong></p><ul><li><a href="core.html#authname" class="directive"><code class="directive">AuthName</code></a></li><li><a href="core.html#authtype" class="directive"><code class="directive">AuthType</code></a></li><li><a href="core.html#require" class="directive"><code class="directive">Require</code></a></li><li><a href="core.html#satisfy" class="directive"><code class="directive">Satisfy</code></a></li></ul><h2>Using Digest Authentication</h2>
 | |
| 
 | |
|     <p>Using MD5 Digest authentication is very simple. Simply set
 | |
|     up authentication normally, using "AuthType Digest" and
 | |
|     "AuthDigestFile" instead of the normal "AuthType Basic" and
 | |
|     "AuthUserFile"; also, replace any "AuthGroupFile" with
 | |
|     "AuthDigestGroupFile". Then add a "AuthDigestDomain" directive
 | |
|     containing at least the root URI(s) for this protection space.
 | |
|     Example:</p>
 | |
| <blockquote><table cellpadding="10"><tr><td bgcolor="#eeeeee"><code>
 | |
|   <Location /private/><br>
 | |
|   AuthType Digest<br>
 | |
|   AuthName "private area"<br>
 | |
|   AuthDigestDomain /private/ http://mirror.my.dom/private2/<br>
 | |
|   AuthDigestFile /web/auth/.digest_pw<br>
 | |
|   Require valid-user<br>
 | |
|   </Location>
 | |
| </code></td></tr></table></blockquote>
 | |
| 
 | |
| <blockquote><table><tr><td bgcolor="#e0e5f5"><p align="center"><strong>Note</strong></p>
 | |
|     <p>MD5 authentication provides a more
 | |
|     secure password system than Basic authentication, but only
 | |
|     works with supporting browsers. As of this writing (October 2001),
 | |
|     the only major browsers which support digest authentication are
 | |
|     <a href="http://www.opera.com/">Opera 4.0</a>,
 | |
|     <a href="http://www.microsoft.com/windows/ie/">MS Internet
 | |
|     Explorer 5.0</a> and <a href="http://www.w3.org/Amaya/">Amaya</a>.
 | |
|     Therefore, we do not yet recommend using this feature on a large
 | |
|     Internet site. However, for personal and intra-net use, where
 | |
|     browser users can be controlled, it is ideal.</p>
 | |
| </td></tr></table></blockquote>
 | |
| <hr/><h2><a name="AuthDigestAlgorithm">AuthDigestAlgorithm</a> <a name="authdigestalgorithm">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td nowrap="nowrap"><strong>Description: </strong></td><td>Selects the algorithm used to calculate the challenge and
 | |
| response hases in digest authentication</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>AuthDigestAlgorithm MD5|MD5-sess</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Default" class="help">Default:</a></td><td><code>AuthDigestAlgorithm MD5</code></td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Context" class="help">Context:</a></td><td>directory, .htaccess</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Override" class="help">Override:</a></td><td>AuthConfig</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Experimental</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_auth_digest</td></tr></table></td></tr></table>
 | |
|     <p>The <code class="directive">AuthDigestAlgorithm</code> directive
 | |
|     selects the algorithm used to calculate the challenge and response
 | |
|     hashes.</p>
 | |
| 
 | |
|     <p><strong><em>MD5-sess</em> is not correctly implemented
 | |
|     yet</strong>. 
 | |
|     </p>
 | |
| <hr/><h2><a name="AuthDigestDomain">AuthDigestDomain</a> <a name="authdigestdomain">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td nowrap="nowrap"><strong>Description: </strong></td><td>URIs that are in the same protection space for digest
 | |
| authentication</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>AuthDigestDomain <em>URI</em> [<em>URI</em>] ...</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Context" class="help">Context:</a></td><td>directory, .htaccess</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Override" class="help">Override:</a></td><td>AuthConfig</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Experimental</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_auth_digest</td></tr></table></td></tr></table>
 | |
|     <p>The <code class="directive">AuthDigestDomain</code> directive allows
 | |
|     you to specify one or more URIs which are in the same protection
 | |
|     space (i.e. use the same realm and username/password info). The
 | |
|     specified URIs are prefixes, i.e. the client will assume that all
 | |
|     URIs "below" these are also protected by the same
 | |
|     username/password. The URIs may be either absolute URIs
 | |
|     (i.e. inluding a scheme, host, port, etc) or relative URIs.</p>
 | |
| 
 | |
|     <p>This directive <em>should</em> always be specified and
 | |
|     contain at least the (set of) root URI(s) for this space.
 | |
|     Omitting to do so will cause the client to send the
 | |
|     Authorization header for <em>every request</em> sent to this
 | |
|     server. Apart from increasing the size of the request, it may
 | |
|     also have a detrimental effect on performance if
 | |
|     "AuthDigestNcCheck" is on.</p>
 | |
| 
 | |
|     <p>The URIs specified can also point to different servers, in
 | |
|     which case clients (which understand this) will then share
 | |
|     username/password info across multiple servers without
 | |
|     prompting the user each time. </p>
 | |
| <hr/><h2><a name="AuthDigestFile">AuthDigestFile</a> <a name="authdigestfile">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td nowrap="nowrap"><strong>Description: </strong></td><td>Location of the text file containing the list
 | |
| of users and encoded passwords for digest authentication</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>AuthDigestFile <em>file-path</em></td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Context" class="help">Context:</a></td><td>directory, .htaccess</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Override" class="help">Override:</a></td><td>AuthConfig</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Experimental</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_auth_digest</td></tr></table></td></tr></table>
 | |
|     <p>The <code class="directive">AuthDigestFile</code> directive sets the
 | |
|     name of a textual file containing the list of users and encoded
 | |
|     passwords for digest authentication. <em>File-path</em> is the
 | |
|     absolute path to the user file.</p>
 | |
| 
 | |
|     <p>The digest file uses a special format. Files in this format
 | |
|     can be created using the <a href="../programs/htdigest.html">htdigest</a> utility found in
 | |
|     the support/ subdirectory of the Apache distribution.</p>
 | |
| <hr/><h2><a name="AuthDigestGroupFile">AuthDigestGroupFile</a> <a name="authdigestgroupfile">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td nowrap="nowrap"><strong>Description: </strong></td><td>Name of the text file containing the list of groups
 | |
| for digest authentication</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>AuthDigestGroupFile <em>file-path</em></td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Context" class="help">Context:</a></td><td>directory, .htaccess</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Override" class="help">Override:</a></td><td>AuthConfig</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Experimental</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_auth_digest</td></tr></table></td></tr></table>
 | |
|     <p>The <code class="directive">AuthDigestGroupFile</code> directive sets
 | |
|     the name of a textual file containing the list of groups and their
 | |
|     members (user names). <em>File-path</em> is the absolute path to
 | |
|     the group file.</p>
 | |
| 
 | |
|     <p>Each line of the group file contains a groupname followed by
 | |
|     a colon, followed by the member usernames separated by spaces.
 | |
|     Example:</p>
 | |
| 
 | |
| <blockquote><table cellpadding="10"><tr><td bgcolor="#eeeeee"><code>mygroup: bob joe anne</code></td></tr></table></blockquote>
 | |
| 
 | |
|     <p>Note that searching large text files is <em>very</em>
 | |
|     inefficient.</p>
 | |
| 
 | |
|     <p>Security: make sure that the AuthGroupFile is stored outside
 | |
|     the document tree of the web-server; do <em>not</em> put it in
 | |
|     the directory that it protects. Otherwise, clients will be able
 | |
|     to download the AuthGroupFile.</p>
 | |
| <hr/><h2><a name="AuthDigestNcCheck">AuthDigestNcCheck</a> <a name="authdigestnccheck">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td nowrap="nowrap"><strong>Description: </strong></td><td>Enables or disables checking of the nonce-count sent by the
 | |
| server</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>AuthDigestNcCheck On|Off</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Default" class="help">Default:</a></td><td><code>AuthDigestNcCheck Off</code></td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Context" class="help">Context:</a></td><td>server config</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Experimental</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_auth_digest</td></tr></table></td></tr></table>
 | |
|     <p><strong>Not implemented yet.</strong> 
 | |
|     </p>
 | |
| <hr/><h2><a name="AuthDigestNonceFormat">AuthDigestNonceFormat</a> <a name="authdigestnonceformat">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td nowrap="nowrap"><strong>Description: </strong></td><td>Determines how the nonce is generated</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>???</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Default" class="help">Default:</a></td><td><code>???</code></td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Context" class="help">Context:</a></td><td>directory, .htaccess</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Override" class="help">Override:</a></td><td>AuthConfig</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Experimental</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_auth_digest</td></tr></table></td></tr></table>
 | |
|     <p><strong>Not implemented yet.</strong> 
 | |
|     </p>
 | |
| <hr/><h2><a name="AuthDigestNonceLifetime">AuthDigestNonceLifetime</a> <a name="authdigestnoncelifetime">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td nowrap="nowrap"><strong>Description: </strong></td><td>How long the server nonce is valid</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>AuthDigestNonceLifetime <em>seconds</em></td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Default" class="help">Default:</a></td><td><code>AuthDigestNonceLifetime 300</code></td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Context" class="help">Context:</a></td><td>directory, .htaccess</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Override" class="help">Override:</a></td><td>AuthConfig</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Experimental</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_auth_digest</td></tr></table></td></tr></table>
 | |
|     <p>The <code class="directive">AuthDigestNonceLifetime</code> directive
 | |
|     controls how long the server nonce is valid. When the client
 | |
|     contacts the server using an expired nonce the server will send
 | |
|     back a 401 with <code>stale=true</code>. If <em>seconds</em> is
 | |
|     greater than 0 then it specifies the amount of time for which the
 | |
|     nonce is valid; this should probably never be set to less than 10
 | |
|     seconds. If <em>seconds</em> is less than 0 then the nonce never
 | |
|     expires. 
 | |
|     </p>
 | |
| <hr/><h2><a name="AuthDigestQop">AuthDigestQop</a> <a name="authdigestqop">Directive</a></h2><table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc"><tr><td><table bgcolor="#ffffff"><tr><td nowrap="nowrap"><strong>Description: </strong></td><td>Determines the quality-of-protection to use in digest
 | |
| authentication</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>AuthDigestQop none|auth|auth-int [auth|auth-int]</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Default" class="help">Default:</a></td><td><code>AuthDigestQop auth</code></td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Context" class="help">Context:</a></td><td>directory, .htaccess</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Override" class="help">Override:</a></td><td>AuthConfig</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Experimental</td></tr><tr><td nowrap="nowrap"><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_auth_digest</td></tr></table></td></tr></table>
 | |
|     <p>The <code class="directive">AuthDigestQop</code> directive determines
 | |
|     the quality-of-protection to use. <em>auth</em> will only do
 | |
|     authentication (username/password); <em>auth-int</em> is
 | |
|     authentication plus integrity checking (an MD5 hash of the entity
 | |
|     is also computed and checked); <em>none</em> will cause the module
 | |
|     to use the old RFC-2069 digest algorithm (which does not include
 | |
|     integrity checking). Both <em>auth</em> and <em>auth-int</em> may
 | |
|     be specified, in which the case the browser will choose which of
 | |
|     these to use. <em>none</em> should only be used if the browser for
 | |
|     some reason does not like the challenge it receives otherwise.</p>
 | |
| 
 | |
|     <p><strong><em>auth-int</em> is not implemented
 | |
|     yet</strong>.</p>
 | |
| <hr/></blockquote><h3 align="center">Apache HTTP Server Version 2.0</h3><a href="./"><img src="../images/index.gif" alt="Index"/></a><a href="../"><img src="../images/home.gif" alt="Home"/></a></body></html> |