1<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 3 4<html xmlns="http://www.w3.org/1999/xhtml"> 5 <head> 6 <meta name="generator" content="HTML Tidy, see www.w3.org" /> 7 8 <title>Apache module mod_digest</title> 9 </head> 10 <!-- Background white, links blue (unvisited), navy (visited), red (active) --> 11 12 <body bgcolor="#FFFFFF" text="#000000" link="#0000FF" 13 vlink="#000080" alink="#FF0000"> 14 <div align="CENTER"> 15 <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 16 17 <h3>Apache HTTP Server Version 1.3</h3> 18 </div> 19 20 21 <h1 align="CENTER">Module mod_digest</h1> 22 23 <p>This module provides for user authentication using MD5 24 Digest Authentication.</p> 25 26 <p><a href="module-dict.html#Status" 27 rel="Help"><strong>Status:</strong></a> Extension<br /> 28 <a href="module-dict.html#SourceFile" 29 rel="Help"><strong>Source File:</strong></a> mod_digest.c<br /> 30 <a href="module-dict.html#ModuleIdentifier" 31 rel="Help"><strong>Module Identifier:</strong></a> 32 digest_module<br /> 33 <a href="module-dict.html#Compatibility" 34 rel="Help"><strong>Compatibility:</strong></a> Available in 35 Apache 1.1 and later.</p> 36 37 <h2>Summary</h2> 38 39 <p>This module implements an older version of the MD5 Digest 40 Authentication specification. While suitable for most modern 41 browsers, mod_digest is known to not work with Microsoft 42 Internet Explorer. Please see <a 43 href="mod_auth_digest.html">mod_auth_digest</a> for a module 44 which implements the most recent version of the standard 45 and does not suffer from the same limitations as mod_digest.</p> 46 47 <h2>Directives</h2> 48 49 <ul> 50 <li><a href="#authdigestfile">AuthDigestFile</a></li> 51 </ul> 52 53 <h2>Using Digest Authentication</h2> 54 55 <p>Using MD5 Digest authentication is very simple. Simply set 56 up authentication normally. However, use "AuthType Digest" and 57 "AuthDigestFile" instead of the normal "AuthType Basic" and 58 "AuthUserFile".</p> 59 60 <p>As to make sure that replay is not possible across 61 sections of the site, or across sites (assuming a realm, 62 userid and password are valid in that wider context) a 63 secret nonce prefix can be configured with the 64 core directive <a href="core.html#AuthDigestRealmSeed">AuthDigestRealmSeed</a>. 65 </p> 66 <p>If none if configured a sensible, but not particular 67 secure, default is used. When used in load balancing 68 situations the prefix should be shared across servers. 69 </p> 70 <p>The experimental <a href="mod_auth_digest.html">mod_auth_digest</a> 71 module offers a number of additinal protections against replay. 72 </p> 73 74 <p>Everything else should remain the same.</p> 75 76 <p>MD5 authentication provides a more secure password system, 77 but only works with supporting browsers. As of this writing 78 (December 2003) most major browsers, including 79 <a href="http://www.microsoft.com/windows/ie/">MS Internet Explorer</a>, 80 <a href="http://www.opera.com/">Opera</a>, 81 <a href="http://www.netscape.com/">Netscape</a>, 82 <a href="http://www.mozilla.org/">Mozilla</a>, and 83 <a href="http://www.w3.org/Amaya/">Amaya</a>, 84 support the Digest authentication scheme. However, of this list 85 MS Internet Explorer is known to be incompatable with the 86 older digest authentication format supported by this module. 87 Therefore, we do not recommend using this module on a large 88 Internet site. However, for personal and intra-net use, where 89 browser users can be controlled, it is ideal.</p> 90 91 <p>See also <a href="mod_auth_digest.html">mod_auth_digest</a>, 92 which is an updated version of this module, in order to determine 93 whether you want to use that module instead. In either case, if 94 you are using one, you should not use the other, as they share 95 some of the same configuration directives.</p> 96 <hr /> 97 98 <h2><a id="authdigestfile" 99 name="authdigestfile">AuthDigestFile</a> directive</h2> 100 <a href="directive-dict.html#Syntax" 101 rel="Help"><strong>Syntax:</strong></a> AuthDigestFile 102 <em>filename</em><br /> 103 <a href="directive-dict.html#Context" 104 rel="Help"><strong>Context:</strong></a> directory, 105 .htaccess<br /> 106 <a href="directive-dict.html#Override" 107 rel="Help"><strong>Override:</strong></a> AuthConfig<br /> 108 <a href="directive-dict.html#Status" 109 rel="Help"><strong>Status:</strong></a> Base<br /> 110 <a href="directive-dict.html#Module" 111 rel="Help"><strong>Module:</strong></a> mod_digest 112 113 <p>The AuthDigestFile directive sets the name of a textual file 114 containing the list of users and encoded passwords for digest 115 authentication. <em>Filename</em> is the absolute path to the 116 user file.</p> 117 118 <p>Example</p> 119 120 <code>AuthDigestFile /usr/local/apache/passwords/passwords.digest</code> 121 122 <p>The digest file uses a special format. Files in this format 123 can be created using the "<a href="../programs/htdigest.html">htdigest</a>" 124 utility found in the support/ subdirectory of the Apache distribution.</p> 125 126 <hr /> 127 128 <h3 align="CENTER">Apache HTTP Server Version 1.3</h3> 129 <a href="./"><img src="../images/index.gif" alt="Index" /></a> 130 <a href="../"><img src="../images/home.gif" alt="Home" /></a> 131 132 </body> 133</html> 134