www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-10-27 09:35:38 +03:00
Code Activity
Files
bfafb044005337b77a484c6b4133756ec4847b97
apache/docs/manual/mod/mod_auth_digest.html
Joshua Slive 286d92812d New xml mod_auth_digest docs. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93649 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 19:20:22 +00:00

557 lines
16 KiB
HTML
Raw Blame History

<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<!--
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
This file is generated from xml source: DO NOT EDIT
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-->
<title>mod_auth_digest - Apache HTTP Server</title>
<link href="../style/manual.css" type="text/css" rel="stylesheet">
</head>
<body>
<blockquote>
<div align="center">
<img alt="[APACHE DOCUMENTATION]" src="../images/sub.gif"><h3>Apache HTTP Server Version 2.0</h3>
</div>
<h1 align="center">Apache Module mod_auth_digest</h1>
<table cellspacing="1" cellpadding="0" bgcolor="#cccccc">
<tr>
<td>
<table bgcolor="#ffffff">
<tr>
<td><span class="help">Description:</span></td><td>
<description>User authentication using MD5
Digest Authentication.</description>
</td>
</tr>
<tr>
<td><a href="module-dict.html#Status" class="help">Status:</a></td><td>Experimental</td>
</tr>
<tr>
<td><a href="module-dict.html#ModuleIdentifier" class="help">Module&nbsp;Identifier:</a></td><td>auth_digest_module</td>
</tr>
</table>
</td>
</tr>
</table>
<h2>Summary</h2>
<summary>
<p>This module implements HTTP Digest Authentication. However, it
has not been extensively tested and is therefore marked
experimental.</p>
</summary>
<p>
<strong>See also:</strong>
</p>
<ul>
<li>
<code class="directive"><a href="core.html#authname" class="directive">AuthName</a></code>
</li>
<li>
<code class="directive"><a href="core.html#authtype" class="directive">AuthType</a></code>
</li>
<li>
<code class="directive"><a href="core.html#require" class="directive">Require</a></code>
</li>
<li>
<code class="directive"><a href="core.html#satisfy" class="directive">Satisfy</a></code>
</li>
</ul>
<h2>Directives</h2>
<ul>
<li>
<a href="#authdigestalgorithm">AuthDigestAlgorithm</a>
</li>
<li>
<a href="#authdigestdomain">AuthDigestDomain</a>
</li>
<li>
<a href="#authdigestfile">AuthDigestFile</a>
</li>
<li>
<a href="#authdigestgroupfile">AuthDigestGroupFile</a>
</li>
<li>
<a href="#authdigestnccheck">AuthDigestNcCheck</a>
</li>
<li>
<a href="#authdigestnonceformat">AuthDigestNonceFormat</a>
</li>
<li>
<a href="#authdigestnoncelifetime">AuthDigestNonceLifetime</a>
</li>
<li>
<a href="#authdigestqop">AuthDigestQop</a>
</li>
</ul>
<h2>Using Digest Authentication</h2>
<p>Using MD5 Digest authentication is very simple. Simply set
up authentication normally, using "AuthType Digest" and
"AuthDigestFile" instead of the normal "AuthType Basic" and
"AuthUserFile"; also, replace any "AuthGroupFile" with
"AuthDigestGroupFile". Then add a "AuthDigestDomain" directive
containing at least the root URI(s) for this protection space.
Example:</p>
<blockquote>
<table cellpadding="10">
<tr>
<td bgcolor="#eeeeee"><code>
&lt;Location /private/&gt;<br>
AuthType Digest<br>
AuthName "private area"<br>
AuthDigestDomain /private/ http://mirror.my.dom/private2/<br>
AuthDigestFile /web/auth/.digest_pw<br>
Require valid-user<br>
&lt;/Location&gt;
</code></td>
</tr>
</table>
</blockquote>
<blockquote>
<table>
<tr>
<td bgcolor="#e0e5f5">
<p align="center">
<strong>Note</strong>
</p>
<p>MD5 authentication provides a more
secure password system than Basic authentication, but only
works with supporting browsers. As of this writing (October 2001),
the only major browsers which support digest authentication are
<a href="http://www.opera.com/">Opera 4.0</a>,
<a href="http://www.microsoft.com/windows/ie/">MS Internet
Explorer 5.0</a> and <a href="http://www.w3.org/Amaya/">Amaya</a>.
Therefore, we do not yet recommend using this feature on a large
Internet site. However, for personal and intra-net use, where
browser users can be controlled, it is ideal.</p>
</td>
</tr>
</table>
</blockquote>
<hr>
<h2>
<a name="AuthDigestAlgorithm">AuthDigestAlgorithm</a> <a name="authdigestalgorithm">Directive</a>
</h2>
<table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc">
<tr>
<td>
<table width="100%" bgcolor="#ffffff">
<tr>
<td><strong>Description: </strong></td><td>Selects the algorithm used to calculate the challenge and
response hases in digest authentication</td>
</tr>
<tr>
<td><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>
<syntax>AuthDigestAlgorithm MD5|MD5-sess</syntax>
</td>
</tr>
<tr>
<td><a href="directive-dict.html#Default" class="help">Default:</a></td><td><code>AuthDigestAlgorithm MD5</code></td>
</tr>
<tr>
<td><a href="directive-dict.html#Context" class="help">Context:</a></td><td>directory, .htaccess</td>
</tr>
<tr>
<td><a href="directive-dict.html#Override" class="help">Override:</a></td><td>AuthConfig</td>
</tr>
<tr>
<td><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Experimental</td>
</tr>
<tr>
<td><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_auth_digest</td>
</tr>
</table>
</td>
</tr>
</table>
<usage>
<p>The <code class="directive">AuthDigestAlgorithm</code> directive
selects the algorithm used to calculate the challenge and response
hashes.</p>
<p>
<strong><em>MD5-sess</em> is not correctly implemented
yet</strong>.
</p>
</usage>
<hr>
<h2>
<a name="AuthDigestDomain">AuthDigestDomain</a> <a name="authdigestdomain">Directive</a>
</h2>
<table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc">
<tr>
<td>
<table width="100%" bgcolor="#ffffff">
<tr>
<td><strong>Description: </strong></td><td>URIs that are in the same protection space for digest
authentication</td>
</tr>
<tr>
<td><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>
<syntax>AuthDigestDomain <em>URI</em> [<em>URI</em>] ...</syntax>
</td>
</tr>
<tr>
<td><a href="directive-dict.html#Context" class="help">Context:</a></td><td>directory, .htaccess</td>
</tr>
<tr>
<td><a href="directive-dict.html#Override" class="help">Override:</a></td><td>AuthConfig</td>
</tr>
<tr>
<td><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Experimental</td>
</tr>
<tr>
<td><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_auth_digest</td>
</tr>
</table>
</td>
</tr>
</table>
<usage>
<p>The <code class="directive">AuthDigestDomain</code> directive allows
you to specify one or more URIs which are in the same protection
space (i.e. use the same realm and username/password info). The
specified URIs are prefixes, i.e. the client will assume that all
URIs "below" these are also protected by the same
username/password. The URIs may be either absolute URIs
(i.e. inluding a scheme, host, port, etc) or relative URIs.</p>
<p>This directive <em>should</em> always be specified and
contain at least the (set of) root URI(s) for this space.
Omitting to do so will cause the client to send the
Authorization header for <em>every request</em> sent to this
server. Apart from increasing the size of the request, it may
also have a detrimental effect on performance if
"AuthDigestNcCheck" is on.</p>
<p>The URIs specified can also point to different servers, in
which case clients (which understand this) will then share
username/password info across multiple servers without
prompting the user each time. </p>
</usage>
<hr>
<h2>
<a name="AuthDigestFile">AuthDigestFile</a> <a name="authdigestfile">Directive</a>
</h2>
<table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc">
<tr>
<td>
<table width="100%" bgcolor="#ffffff">
<tr>
<td><strong>Description: </strong></td><td>Location of the text file containing the list
of users and encoded passwords for digest authentication</td>
</tr>
<tr>
<td><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>
<syntax>AuthDigestFile <em>file-path</em>
</syntax>
</td>
</tr>
<tr>
<td><a href="directive-dict.html#Context" class="help">Context:</a></td><td>directory, .htaccess</td>
</tr>
<tr>
<td><a href="directive-dict.html#Override" class="help">Override:</a></td><td>AuthConfig</td>
</tr>
<tr>
<td><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Experimental</td>
</tr>
<tr>
<td><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_auth_digest</td>
</tr>
</table>
</td>
</tr>
</table>
<usage>
<p>The <code class="directive">AuthDigestFile</code> directive sets the
name of a textual file containing the list of users and encoded
passwords for digest authentication. <em>File-path</em> is the
absolute path to the user file.</p>
<p>The digest file uses a special format. Files in this format
can be created using the <a href="../programs/htdigest.html">htdigest</a> utility found in
the support/ subdirectory of the Apache distribution.</p>
</usage>
<hr>
<h2>
<a name="AuthDigestGroupFile">AuthDigestGroupFile</a> <a name="authdigestgroupfile">Directive</a>
</h2>
<table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc">
<tr>
<td>
<table width="100%" bgcolor="#ffffff">
<tr>
<td><strong>Description: </strong></td><td>Name of the text file containing the list of groups
for digest authentication</td>
</tr>
<tr>
<td><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>
<syntax>AuthDigestGroupFile <em>file-path</em>
</syntax>
</td>
</tr>
<tr>
<td><a href="directive-dict.html#Context" class="help">Context:</a></td><td>directory, .htaccess</td>
</tr>
<tr>
<td><a href="directive-dict.html#Override" class="help">Override:</a></td><td>AuthConfig</td>
</tr>
<tr>
<td><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Experimental</td>
</tr>
<tr>
<td><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_auth_digest</td>
</tr>
</table>
</td>
</tr>
</table>
<usage>
<p>The <code class="directive">AuthDigestGroupFile</code> directive sets
the name of a textual file containing the list of groups and their
members (user names). <em>File-path</em> is the absolute path to
the group file.</p>
<p>Each line of the group file contains a groupname followed by
a colon, followed by the member usernames separated by spaces.
Example:</p>
<blockquote>
<table cellpadding="10">
<tr>
<td bgcolor="#eeeeee"><code>mygroup: bob joe anne</code></td>
</tr>
</table>
</blockquote>
<p>Note that searching large text files is <em>very</em>
inefficient.</p>
<p>Security: make sure that the AuthGroupFile is stored outside
the document tree of the web-server; do <em>not</em> put it in
the directory that it protects. Otherwise, clients will be able
to download the AuthGroupFile.</p>
</usage>
<hr>
<h2>
<a name="AuthDigestNcCheck">AuthDigestNcCheck</a> <a name="authdigestnccheck">Directive</a>
</h2>
<table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc">
<tr>
<td>
<table width="100%" bgcolor="#ffffff">
<tr>
<td><strong>Description: </strong></td><td>Enables or disables checking of the nonce-count sent by the
server</td>
</tr>
<tr>
<td><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>
<syntax>AuthDigestNcCheck On|Off</syntax>
</td>
</tr>
<tr>
<td><a href="directive-dict.html#Default" class="help">Default:</a></td><td><code>AuthDigestNcCheck Off</code></td>
</tr>
<tr>
<td><a href="directive-dict.html#Context" class="help">Context:</a></td><td>server config</td>
</tr>
<tr>
<td><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Experimental</td>
</tr>
<tr>
<td><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_auth_digest</td>
</tr>
</table>
</td>
</tr>
</table>
<usage>
<p>
<strong>Not implemented yet.</strong>
</p>
</usage>
<hr>
<h2>
<a name="AuthDigestNonceFormat">AuthDigestNonceFormat</a> <a name="authdigestnonceformat">Directive</a>
</h2>
<table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc">
<tr>
<td>
<table width="100%" bgcolor="#ffffff">
<tr>
<td><strong>Description: </strong></td><td>Determines how the nonce is generated</td>
</tr>
<tr>
<td><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>
<syntax>???</syntax>
</td>
</tr>
<tr>
<td><a href="directive-dict.html#Default" class="help">Default:</a></td><td><code>???</code></td>
</tr>
<tr>
<td><a href="directive-dict.html#Context" class="help">Context:</a></td><td>directory, .htaccess</td>
</tr>
<tr>
<td><a href="directive-dict.html#Override" class="help">Override:</a></td><td>AuthConfig</td>
</tr>
<tr>
<td><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Experimental</td>
</tr>
<tr>
<td><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_auth_digest</td>
</tr>
</table>
</td>
</tr>
</table>
<usage>
<p>
<strong>Not implemented yet.</strong>
</p>
</usage>
<hr>
<h2>
<a name="AuthDigestNonceLifetime">AuthDigestNonceLifetime</a> <a name="authdigestnoncelifetime">Directive</a>
</h2>
<table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc">
<tr>
<td>
<table width="100%" bgcolor="#ffffff">
<tr>
<td><strong>Description: </strong></td><td>How long the server nonce is valid</td>
</tr>
<tr>
<td><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>
<syntax>AuthDigestNonceLifetime <em>seconds</em>
</syntax>
</td>
</tr>
<tr>
<td><a href="directive-dict.html#Default" class="help">Default:</a></td><td><code>AuthDigestNonceLifetime 300</code></td>
</tr>
<tr>
<td><a href="directive-dict.html#Context" class="help">Context:</a></td><td>directory, .htaccess</td>
</tr>
<tr>
<td><a href="directive-dict.html#Override" class="help">Override:</a></td><td>AuthConfig</td>
</tr>
<tr>
<td><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Experimental</td>
</tr>
<tr>
<td><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_auth_digest</td>
</tr>
</table>
</td>
</tr>
</table>
<usage>
<p>The <code class="directive">AuthDigestNonceLifetime</code> directive
controls how long the server nonce is valid. When the client
contacts the server using an expired nonce the server will send
back a 401 with <code>stale=true</code>. If <em>seconds</em> is
greater than 0 then it specifies the amount of time for which the
nonce is valid; this should probably never be set to less than 10
seconds. If <em>seconds</em> is less than 0 then the nonce never
expires.
</p>
</usage>
<hr>
<h2>
<a name="AuthDigestQop">AuthDigestQop</a> <a name="authdigestqop">Directive</a>
</h2>
<table cellpadding="1" cellspacing="0" border="0" bgcolor="#cccccc">
<tr>
<td>
<table width="100%" bgcolor="#ffffff">
<tr>
<td><strong>Description: </strong></td><td>Determines the quality-of-protection to use in digest
authentication</td>
</tr>
<tr>
<td><a href="directive-dict.html#Syntax" class="help">Syntax:</a></td><td>
<syntax>AuthDigestQop none|auth|auth-int [auth|auth-int]</syntax>
</td>
</tr>
<tr>
<td><a href="directive-dict.html#Default" class="help">Default:</a></td><td><code>AuthDigestQop auth</code></td>
</tr>
<tr>
<td><a href="directive-dict.html#Context" class="help">Context:</a></td><td>directory, .htaccess</td>
</tr>
<tr>
<td><a href="directive-dict.html#Override" class="help">Override:</a></td><td>AuthConfig</td>
</tr>
<tr>
<td><a href="directive-dict.html#Status" class="help">Status:</a></td><td>Experimental</td>
</tr>
<tr>
<td><a href="directive-dict.html#Module" class="help">Module:</a></td><td>mod_auth_digest</td>
</tr>
</table>
</td>
</tr>
</table>
<usage>
<p>The <code class="directive">AuthDigestQop</code> directive determines
the quality-of-protection to use. <em>auth</em> will only do
authentication (username/password); <em>auth-int</em> is
authentication plus integrity checking (an MD5 hash of the entity
is also computed and checked); <em>none</em> will cause the module
to use the old RFC-2069 digest algorithm (which does not include
integrity checking). Both <em>auth</em> and <em>auth-int</em> may
be specified, in which the case the browser will choose which of
these to use. <em>none</em> should only be used if the browser for
some reason does not like the challenge it receives otherwise.</p>
<p>
<strong><em>auth-int</em> is not implemented
yet</strong>.</p>
</usage>
<hr>
<h3 align="center">Apache HTTP Server Version 2.0</h3>
<a href="./"><img alt="Index" src="../images/index.gif"></a><a href="../"><img alt="Home" src="../images/home.gif"></a>
</blockquote>
</body>
</html>
View Git Blame Copy Permalink