mod_auth_digest

mod_auth_digest overview

mod_auth_digest module allows to use HTTP Digest Authentication.

To implement MD5 Digest Authentication one should use AuthType Digest and AuthDigestProvider directives. And then in AuthDigestDomain directive specify at least the root URI(s) for this protection space.

Example:

<Location /private/>
	AuthType Digest
	AuthName "private area"
	AuthDigestDomain /private/ http://www.domain.com/myprivate/
	AuthDigestProvider file
	AuthUserFile /web/auth/.digest_pwd
	Require valid-user
</Location>

Note!
By default mod_auth_digest does not create ASP.Net context user. If you want it to be created, put the following line into the corresponding config:

SetEnv on_auth_create_user

mod_auth_digest directives

AuthDigestAlgorithm

Description:	Selects the algorithm used to calculate the challenge and response hashes in digest authentication
Syntax:	AuthDigestAlgorithm MD5\|MD5-sess
Default:	AuthDigestAlgorithm MD5
Context:	directory, .htaccess
Module:	mod_auth_digest

AuthDigestAlgorithm directive specifies the algorithm used to calculate the challenge and response hashes.

Currently, only MD5 algorithm is applicable.

AuthDigestDomain

Description:	Specifies URIs that are in the same protection space for digest authentication
Syntax:	AuthDigestDomain URI [URI] ...
Context:	directory, .htaccess
Module:	mod_auth_digest

AuthDigestDomain directive is used to specify one or more URIs that are in the same protection space (use the same realm and username/password info). The specified URIs are prefixes; the client will assume that all URIs "below" these are also protected by the same username/password. The URIs may be either absolute or relative ones.

This directive is mandatory and must contain at least the root URI(s) for this space.

Specified URIs may also point to different servers, in such case clients will share username/password info across multiple servers without prompting the user each time.

AuthDigestNcCheck

Description:	Enables or disables checking of the nonce-count sent by the server
Syntax:	AuthDigestNcCheck On\|Off
Default:	AuthDigestNcCheck Off
Context:	server config
Module:	mod_auth_digest

AuthDigestNcCheck directive is not yet implemented.

AuthDigestNonceFormat

Description:	Determines how the nonce is generated
Syntax:	AuthDigestNonceFormat format
Context:	directory, .htaccess
Module:	mod_auth_digest

AuthDigestNonceFormat directive is not yet implemented.

AuthDigestNonceLifetime

Description:	Defines how long the server nonce is valid
Syntax:	AuthDigestNonceLifetime seconds
Default:	AuthDigestNonceLifetime 300
Context:	directory, .htaccess
Module:	mod_auth_digest

AuthDigestNonceLifetime directive checks the time during which the server nonce is valid. When the client contacts the server using an expired nonce the server sends back a 401 response with stale=true. If seconds is greater than 0 then it specifies the amount of time for which the nonce is valid. If seconds is set to a negative value, the nonce will never expire.

AuthDigestProvider

Description:	Sets the authentication provider(s) for this location
Syntax:	AuthDigestProvider provider-name [provider-name] ...
Default:	AuthDigestProvider file
Context:	directory, .htaccess
Module:	mod_auth_digest

AuthDigestProvider directive specifies provider used for user authentication. Default file provider is implemented by the mod_authn_file module.

AuthDigestQop

Description:	Determines the quality of protection to use in digest authentication
Syntax:	AuthDigestQop none\|auth\|auth-int [auth\|auth-int]
Default:	AuthDigestQop auth
Context:	directory, .htaccess
Module:	mod_auth_digest

AuthDigestQop directive allows to specify quality of protection:

auth performs only authentication (username/password);
auth-int provides authentication and integrity check (MD5 hash of the entity is also computed and checked);
none causes the module to use old RFC-2069 digest algorithm (which does not include integrity check).

Currently, only auth value is available.

AuthDigestShmemSize

Description:	Specifies the amount of shared memory to be allocated for keeping track of clients
Syntax:	AuthDigestShmemSize size
Default:	AuthDigestShmemSize 1000
Context:	server config
Module:	mod_auth_digest

AuthDigestShmemSize directive defines the amount of shared memory, that will be allocated at server startup for keeping track of clients. Minimal shared memory segment cannot be set less than the space required for tracking at least one client. size (in bytes by default) depends on your system. If set to 0, The server will give an error message where exact value may be found.

To specify size in kilobytes and megabytes, put K or M respectively after the size value.

Helicon Ape Documentation

Content Table:

Helicon Ape

Overview

Documentation

Release history

Download

Order

Forum

Blog articles