23
Jan
10

Enabling Digest Authentication in Apache


This page describes the process of getting Apache to protect a directory using digest authentication.

Digest Authentication

Using digest authentication, your password is never sent across the network in the clear, but is always transmitted as an MD5 digest of the user’s password. In this way, the password cannot be determined by sniffing network traffic. This is good for when your web clients are not using SSL.

Modules

Digest authentication is implemented by the module mod_auth_digest. Please have that loaded in the httpd.conf

Protecting a Location or Directory

Put the following in the Location or Directory tag…

    AuthType Digest
    AuthName Protected

    # You can use the htdigest program to create the password database:
    # the -c parameter overwrites a file if it exists. Remove it to append.
    #   htdigest -c "/usr/local/user.passwd" Protected myUser
    AuthUserFile "/usr/local/user.passwd"
    AuthDigestProvider file
    require user myUser myUser2 myUser3

Note: You must protect the user file from unauthorized users.

Advertisements

0 Responses to “Enabling Digest Authentication in Apache”



  1. Leave a Comment

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 74 other followers

January 2010
S M T W T F S
« Dec   Feb »
 12
3456789
10111213141516
17181920212223
24252627282930
31  

Blog Stats

  • 801,304 hits

%d bloggers like this: