1<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3
4<html xmlns="http://www.w3.org/1999/xhtml">
5  <head>
6    <meta name="generator" content="HTML Tidy, see www.w3.org" />
7
8    <title>Apache module mod_digest</title>
9  </head>
10  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
11
12  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
13  vlink="#000080" alink="#FF0000">
14        <div align="CENTER">
15      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" />
16
17      <h3>Apache HTTP Server Version 1.3</h3>
18    </div>
19
20
21    <h1 align="CENTER">Module mod_digest</h1>
22
23    <p>This module provides for user authentication using MD5
24    Digest Authentication.</p>
25
26    <p><a href="module-dict.html#Status"
27    rel="Help"><strong>Status:</strong></a> Extension<br />
28     <a href="module-dict.html#SourceFile"
29    rel="Help"><strong>Source File:</strong></a> mod_digest.c<br />
30     <a href="module-dict.html#ModuleIdentifier"
31    rel="Help"><strong>Module Identifier:</strong></a>
32    digest_module<br />
33     <a href="module-dict.html#Compatibility"
34    rel="Help"><strong>Compatibility:</strong></a> Available in
35    Apache 1.1 and later.</p>
36
37    <h2>Summary</h2>
38
39    <p>This module implements an older version of the MD5 Digest
40    Authentication specification.  While suitable for most modern
41    browsers, mod_digest is known to not work with Microsoft
42    Internet Explorer. Please see <a
43    href="mod_auth_digest.html">mod_auth_digest</a> for a module
44    which implements the most recent version of the standard
45    and does not suffer from the same limitations as mod_digest.</p>
46
47    <h2>Directives</h2>
48
49    <ul>
50      <li><a href="#authdigestfile">AuthDigestFile</a></li>
51    </ul>
52
53    <h2>Using Digest Authentication</h2>
54
55    <p>Using MD5 Digest authentication is very simple. Simply set
56    up authentication normally. However, use "AuthType Digest" and
57    "AuthDigestFile" instead of the normal "AuthType Basic" and
58    "AuthUserFile".</p>
59
60    <p>As to make sure that replay is not possible across
61    sections of the site, or across sites (assuming a realm,
62    userid and password are valid in that wider context) a
63    secret nonce prefix can be configured with the
64    core directive <a href="core.html#AuthDigestRealmSeed">AuthDigestRealmSeed</a>.
65    </p>
66    <p>If none if configured a sensible, but not particular
67    secure, default is used. When used in load balancing
68    situations the prefix should be shared across servers.
69    </p>
70    <p>The experimental <a href="mod_auth_digest.html">mod_auth_digest</a>
71    module offers a number of additinal protections against replay.
72    </p>
73
74    <p>Everything else should remain the same.</p>
75
76    <p>MD5 authentication provides a more secure password system,
77    but only works with supporting browsers. As of this writing
78    (December 2003) most major browsers, including
79    <a href="http://www.microsoft.com/windows/ie/">MS Internet Explorer</a>,
80    <a href="http://www.opera.com/">Opera</a>,
81    <a href="http://www.netscape.com/">Netscape</a>,
82    <a href="http://www.mozilla.org/">Mozilla</a>, and
83    <a href="http://www.w3.org/Amaya/">Amaya</a>,
84    support the Digest authentication scheme.  However, of this list
85    MS Internet Explorer is known to be incompatable with the
86    older digest authentication format supported by this module.
87    Therefore, we do not recommend using this module on a large
88    Internet site. However, for personal and intra-net use, where
89    browser users can be controlled, it is ideal.</p>
90
91    <p>See also <a href="mod_auth_digest.html">mod_auth_digest</a>,
92    which is an updated version of this module, in order to determine
93    whether you want to use that module instead. In either case, if
94    you are using one, you should not use the other, as they share
95    some of the same configuration directives.</p>
96    <hr />
97
98    <h2><a id="authdigestfile"
99    name="authdigestfile">AuthDigestFile</a> directive</h2>
100    <a href="directive-dict.html#Syntax"
101    rel="Help"><strong>Syntax:</strong></a> AuthDigestFile
102    <em>filename</em><br />
103     <a href="directive-dict.html#Context"
104    rel="Help"><strong>Context:</strong></a> directory,
105    .htaccess<br />
106     <a href="directive-dict.html#Override"
107    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
108     <a href="directive-dict.html#Status"
109    rel="Help"><strong>Status:</strong></a> Base<br />
110     <a href="directive-dict.html#Module"
111    rel="Help"><strong>Module:</strong></a> mod_digest
112
113    <p>The AuthDigestFile directive sets the name of a textual file
114    containing the list of users and encoded passwords for digest
115    authentication. <em>Filename</em> is the absolute path to the
116    user file.</p>
117
118    <p>Example</p>
119
120    <code>AuthDigestFile /usr/local/apache/passwords/passwords.digest</code>
121
122    <p>The digest file uses a special format. Files in this format
123    can be created using the "<a href="../programs/htdigest.html">htdigest</a>"
124    utility found in the support/ subdirectory of the Apache distribution.</p>
125
126        <hr />
127
128    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
129    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
130    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
131
132  </body>
133</html>
134