1 <?xml version="1.0" encoding="ISO-8859-1"?>
2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
4 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
5 This file is generated from xml source: DO NOT EDIT
6 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
8 <title>mod_auth_digest - Apache HTTP Server</title>
9 <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
10 <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
11 <link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" />
12 <link href="../images/favicon.ico" rel="shortcut icon" /></head>
14 <div id="page-header">
15 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p>
16 <p class="apache">Apache HTTP Server Version 2.1</p>
17 <img alt="" src="../images/feather.gif" /></div>
18 <div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div>
20 <a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs-project/">Documentation</a> > <a href="../">Version 2.1</a> > <a href="./">Modules</a></div>
21 <div id="page-content">
22 <div id="preamble"><h1>Apache Module mod_auth_digest</h1>
24 <p><span>Available Languages: </span><a href="../en/mod/mod_auth_digest.html" title="English"> en </a> |
25 <a href="../ko/mod/mod_auth_digest.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p>
27 <table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>User authentication using MD5
28 Digest Authentication.</td></tr>
29 <tr><th><a href="module-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
30 <tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:</a></th><td>auth_digest_module</td></tr>
31 <tr><th><a href="module-dict.html#SourceFile">Source File:</a></th><td>mod_auth_digest.c</td></tr></table>
34 <p>This module implements HTTP Digest Authentication. However, it
35 has not been extensively tested and is therefore marked
38 <div id="quickview"><h3 class="directives">Directives</h3>
40 <li><img alt="" src="../images/down.gif" /> <a href="#authdigestalgorithm">AuthDigestAlgorithm</a></li>
41 <li><img alt="" src="../images/down.gif" /> <a href="#authdigestdomain">AuthDigestDomain</a></li>
42 <li><img alt="" src="../images/down.gif" /> <a href="#authdigestnccheck">AuthDigestNcCheck</a></li>
43 <li><img alt="" src="../images/down.gif" /> <a href="#authdigestnonceformat">AuthDigestNonceFormat</a></li>
44 <li><img alt="" src="../images/down.gif" /> <a href="#authdigestnoncelifetime">AuthDigestNonceLifetime</a></li>
45 <li><img alt="" src="../images/down.gif" /> <a href="#authdigestprovider">AuthDigestProvider</a></li>
46 <li><img alt="" src="../images/down.gif" /> <a href="#authdigestqop">AuthDigestQop</a></li>
47 <li><img alt="" src="../images/down.gif" /> <a href="#authdigestshmemsize">AuthDigestShmemSize</a></li>
51 <li><img alt="" src="../images/down.gif" /> <a href="#using">Using Digest Authentication</a></li>
52 </ul><h3>See also</h3>
54 <li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li>
55 <li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li>
56 <li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li>
57 <li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li>
59 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
61 <h2><a name="using" id="using">Using Digest Authentication</a></h2>
63 <p>Using MD5 Digest authentication is very simple. Simply set
64 up authentication normally, using <code>AuthType Digest</code> and
65 <code class="directive"><a href="#authdigestprovider">AuthDigestProvider</a></code>
66 instead of the normal <code>AuthType Basic</code> and
67 <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code>.
68 Then add a <code class="directive"><a href="#authdigestdomain">AuthDigestDomain</a></code> directive containing at least the root
69 URI(s) for this protection space.</p>
71 <p>Appropriate user (text) files can be created using the
72 <a href="../programs/htdigest.html">htdigest</a> tool.</p>
74 <div class="example"><h3>Example:</h3><p><code>
75 <Location /private/><br />
78 AuthName "private area"<br />
79 AuthDigestDomain /private/ http://mirror.my.dom/private2/<br />
81 AuthDigestProvider file<br />
82 AuthUserFile /web/auth/.digest_pw<br />
83 Require valid-user<br />
88 <div class="note"><h3>Note</h3>
89 <p>Digest authentication provides a more secure password system
90 than Basic authentication, but only works with supporting
91 browsers. As of November 2002, the major browsers that support digest
92 authentication are <a href="http://www.opera.com/">Opera</a>, <a href="http://www.microsoft.com/windows/ie/">MS Internet
93 Explorer</a> (fails when used with a query string), <a href="http://www.w3.org/Amaya/">Amaya</a>, <a href="http://www.mozilla.org">Mozilla</a> and <a href="http://channels.netscape.com/ns/browsers/download.jsp">Netscape</a> since version 7. Since digest
94 authentication is not as widely implemented as basic
95 authentication, you should use it only in controlled environments.</p>
98 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
99 <div class="directive-section"><h2><a name="AuthDigestAlgorithm" id="AuthDigestAlgorithm">AuthDigestAlgorithm</a> <a name="authdigestalgorithm" id="authdigestalgorithm">Directive</a></h2>
100 <table class="directive">
101 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Selects the algorithm used to calculate the challenge and
102 response hashes in digest authentication</td></tr>
103 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthDigestAlgorithm MD5|MD5-sess</code></td></tr>
104 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthDigestAlgorithm MD5</code></td></tr>
105 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
106 <tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
107 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
108 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_digest</td></tr>
110 <p>The <code class="directive">AuthDigestAlgorithm</code> directive
111 selects the algorithm used to calculate the challenge and response
115 <code>MD5-sess</code> is not correctly implemented yet.
120 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
121 <div class="directive-section"><h2><a name="AuthDigestDomain" id="AuthDigestDomain">AuthDigestDomain</a> <a name="authdigestdomain" id="authdigestdomain">Directive</a></h2>
122 <table class="directive">
123 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>URIs that are in the same protection space for digest
124 authentication</td></tr>
125 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthDigestDomain <var>URI</var> [<var>URI</var>] ...</code></td></tr>
126 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
127 <tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
128 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
129 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_digest</td></tr>
131 <p>The <code class="directive">AuthDigestDomain</code> directive allows
132 you to specify one or more URIs which are in the same protection
133 space (<em>i.e.</em> use the same realm and username/password info).
134 The specified URIs are prefixes; the client will assume
135 that all URIs "below" these are also protected by the same
136 username/password. The URIs may be either absolute URIs (<em>i.e.</em>
137 including a scheme, host, port, etc.) or relative URIs.</p>
139 <p>This directive <em>should</em> always be specified and
140 contain at least the (set of) root URI(s) for this space.
141 Omitting to do so will cause the client to send the
142 Authorization header for <em>every request</em> sent to this
143 server. Apart from increasing the size of the request, it may
144 also have a detrimental effect on performance if <code class="directive"><a href="#authdigestnccheck">AuthDigestNcCheck</a></code> is on.</p>
146 <p>The URIs specified can also point to different servers, in
147 which case clients (which understand this) will then share
148 username/password info across multiple servers without
149 prompting the user each time. </p>
152 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
153 <div class="directive-section"><h2><a name="AuthDigestNcCheck" id="AuthDigestNcCheck">AuthDigestNcCheck</a> <a name="authdigestnccheck" id="authdigestnccheck">Directive</a></h2>
154 <table class="directive">
155 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enables or disables checking of the nonce-count sent by the
157 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthDigestNcCheck On|Off</code></td></tr>
158 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthDigestNcCheck Off</code></td></tr>
159 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
160 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
161 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_digest</td></tr>
169 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
170 <div class="directive-section"><h2><a name="AuthDigestNonceFormat" id="AuthDigestNonceFormat">AuthDigestNonceFormat</a> <a name="authdigestnonceformat" id="authdigestnonceformat">Directive</a></h2>
171 <table class="directive">
172 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Determines how the nonce is generated</td></tr>
173 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthDigestNonceFormat <var>format</var></code></td></tr>
174 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
175 <tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
176 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
177 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_digest</td></tr>
179 <div class="note">Not implemented yet.</div>
183 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
184 <div class="directive-section"><h2><a name="AuthDigestNonceLifetime" id="AuthDigestNonceLifetime">AuthDigestNonceLifetime</a> <a name="authdigestnoncelifetime" id="authdigestnoncelifetime">Directive</a></h2>
185 <table class="directive">
186 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>How long the server nonce is valid</td></tr>
187 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthDigestNonceLifetime <var>seconds</var></code></td></tr>
188 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthDigestNonceLifetime 300</code></td></tr>
189 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
190 <tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
191 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
192 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_digest</td></tr>
194 <p>The <code class="directive">AuthDigestNonceLifetime</code> directive
195 controls how long the server nonce is valid. When the client
196 contacts the server using an expired nonce the server will send
197 back a 401 with <code>stale=true</code>. If <var>seconds</var> is
198 greater than 0 then it specifies the amount of time for which the
199 nonce is valid; this should probably never be set to less than 10
200 seconds. If <var>seconds</var> is less than 0 then the nonce never
205 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
206 <div class="directive-section"><h2><a name="AuthDigestProvider" id="AuthDigestProvider">AuthDigestProvider</a> <a name="authdigestprovider" id="authdigestprovider">Directive</a></h2>
207 <table class="directive">
208 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets the authentication provider(s) for this location</td></tr>
209 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthDigestProvider On|Off|<var>provider-name</var>
210 [<var>provider-name</var>] ...</code></td></tr>
211 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthDigestProvider On</code></td></tr>
212 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
213 <tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
214 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
215 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_digest</td></tr>
217 <p>The <code class="directive">AuthDigestProvider</code> directive sets
218 which provider is used to authenticate the users for this location.
219 Setting the value to <code>On</code> will choose the default provider
220 (<code>file</code>). Since the <code>file</code> provider is implemented
221 by the <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code> module, you have to make sure,
222 that the module is present in the server.</p>
224 <p>See <code class="module"><a href="../mod/mod_authn_dbm.html">mod_authn_dbm</a></code> and <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code>
227 <p>The value <code>Off</code> clears the provider list and sets it back
231 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
232 <div class="directive-section"><h2><a name="AuthDigestQop" id="AuthDigestQop">AuthDigestQop</a> <a name="authdigestqop" id="authdigestqop">Directive</a></h2>
233 <table class="directive">
234 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Determines the quality-of-protection to use in digest
235 authentication</td></tr>
236 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthDigestQop none|auth|auth-int [auth|auth-int]</code></td></tr>
237 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthDigestQop auth</code></td></tr>
238 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
239 <tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
240 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
241 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_digest</td></tr>
243 <p>The <code class="directive">AuthDigestQop</code> directive determines
244 the <dfn>quality-of-protection</dfn> to use. <code>auth</code> will
245 only do authentication (username/password); <code>auth-int</code> is
246 authentication plus integrity checking (an MD5 hash of the entity
247 is also computed and checked); <code>none</code> will cause the module
248 to use the old RFC-2069 digest algorithm (which does not include
249 integrity checking). Both <code>auth</code> and <code>auth-int</code> may
250 be specified, in which the case the browser will choose which of
251 these to use. <code>none</code> should only be used if the browser for
252 some reason does not like the challenge it receives otherwise.</p>
255 <code>auth-int</code> is not implemented yet.
259 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
260 <div class="directive-section"><h2><a name="AuthDigestShmemSize" id="AuthDigestShmemSize">AuthDigestShmemSize</a> <a name="authdigestshmemsize" id="authdigestshmemsize">Directive</a></h2>
261 <table class="directive">
262 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The amount of shared memory to allocate for keeping track
264 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthDigestShmemSize <var>size</var></code></td></tr>
265 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthDigestShmemSize 1000</code></td></tr>
266 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
267 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
268 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_digest</td></tr>
270 <p>The <code class="directive">AuthDigestShmemSize</code> directive defines
271 the amount of shared memory, that will be allocated at the server
272 startup for keeping track of clients. Note that the shared memory
273 segment cannot be set less than the space that is necessary for
274 tracking at least <em>one</em> client. This value is dependant on your
275 system. If you want to find out the exact value, you may simply
276 set <code class="directive">AuthDigestShmemSize</code> to the value of
277 <code>0</code> and read the error message after trying to start the
280 <p>The <var>size</var> is normally expressed in Bytes, but you
281 may let the number follow a <code>K</code> or an <code>M</code> to
282 express your value as KBytes or MBytes. For example, the following
283 directives are all equivalent:</p>
285 <div class="example"><p><code>
286 AuthDigestShmemSize 1048576<br />
287 AuthDigestShmemSize 1024K<br />
288 AuthDigestShmemSize 1M
293 <div class="bottomlang">
294 <p><span>Available Languages: </span><a href="../en/mod/mod_auth_digest.html" title="English"> en </a> |
295 <a href="../ko/mod/mod_auth_digest.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p>
296 </div><div id="footer">
297 <p class="apache">Copyright 1999-2004 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
298 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div>