Tag Archives: digest authentication

Apache mod_auth_digest authentication

Digest authentication is described in RFC 2617.


# AuthDBGroupFile

# AuthDBUserFile

# AuthDBAuthoritative

# AuthDBMGroupFile

# AuthDBMUserFile

# AuthDBMAuthoritative

# AuthDigestFile

# AuthDigestGroupFile

# AuthDigestQop

# AuthDigestNonceLifetime

# AuthDigestNonceFormat

# AuthDigestNcCheck

# AuthDigestAlgorithm

# AuthDigestDomain

# Using Digest Authentication

Using Digest Authentication

Using MD5 Digest authentication is very simple. Simply set up authentication normally, using “AuthType Digest” and “AuthDigestFile” instead of the normal “AuthType Basic” and “AuthUserFile”; also, replace any “AuthGroupFile” with “AuthDigestGroupFile”. Then add a “AuthDigestDomain” directive containing at least the root URI(s) for this protection space. Example:

AuthType Digest
AuthName "private area"
AuthDigestDomain /private/ http://mirror.my.dom/private2/
AuthDigestFile /web/auth/.digest_pw
Require valid-user

Note: Digest authentication is more secure than Basic authentication, but only works with supporting browsers. As of September 2004, major browsers that support digest authentication include Amaya, Konqueror, MS Internet Explorer for Mac OS X and Windows (although the Windows version fails when used with a query string — see “Working with MS Internet Explorer” below for a workaround), Mozilla, Netscape 7, Opera, and Safari. lynx does not support digest authentication. Since digest authentication is not as widely implemented as basic authentication, you should use it only in environments where all users will have supporting browsers.

Apache module mod_auth_digest