mod_auth_digest

Overview

mod_auth_digest module allows to use HTTP Digest Authentication.

Quick start

To implement MD5 Digest Authentication one should use AuthType Digest and AuthDigestProvider directives. And then in AuthDigestDomain directive specify at least the root URI(s) for this protection space.

Example:

<Location /private/>
  AuthType Digest
  AuthName "private area"
  AuthDigestDomain /private/ http://www.domain.com/myprivate/
  AuthDigestProvider file
  AuthUserFile c:/inetpub/passwords/.digest_pwd
  Require valid-user
</Location>

Related articles and topics

Enviroment variables

Context Name Description
S V D .h on_auth_create_user creates ASP.NET context user

By default mod_auth_digest does not create ASP.NET context user. If you want it to be created, put the following line into the corresponding config:

SetEnv on_auth_create_user

Directives

Context Name Description
S V D .h AuthDigestDomain specifies URIs that are in the same protection space for digest authentication
S V D .h AuthDigestNonceLifetime defines how long the server nonce is valid
S V D .h AuthDigestProvider sets the authentication provider(s) for current location

AuthDigestDomain

AuthDigestDomain directive is used to specify one or more URIs that are in the same protection space (use the same realm and username/password info). The specified URIs are prefixes; the client will assume that all URIs "below" these are also protected by the same username/password. The URIs may be either absolute or relative ones.

This directive is mandatory and must contain at least the root URI(s) for this space.

Specified URIs may also point to different servers, in such case clients will share username/password info across multiple servers without prompting the user each time.

Syntax

AuthDigestDomain URI [URI] [...]

Example

AuthDigestDomain /private

AuthDigestNonceLifetime

AuthDigestNonceLifetime directive sets the time during which the server nonce is valid. When the client contacts the server using an expired nonce the server sends back a 401 response with stale=true. If seconds is greater than 0 then it specifies the amount of time for which the nonce is valid. If seconds is set to a negative value, the nonce will never expire.

Syntax:

AuthDigestNonceLifetime seconds

Default: 

AuthDigestNonceLifetime 300

AuthDigestProvider

AuthDigestProvider directive specifies provider used for user authentication. Default file provider is implemented by the mod_authn_file module.

Syntax

AuthDigestProvider provider-name [provider-name] [...]

Default

AuthDigestProvider file