mod_auth_basic.html.en revision 9da97ff0bac3a0ff56a9cdebe6e5ab563636aa86
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz This file is generated from xml source: DO NOT EDIT
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
96ad5d81ee4a2cc66a4ae19893efc8aa6d06fae7jailletc<title>mod_auth_basic - Apache HTTP Server Version 2.5</title>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<link href="/style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<link href="/style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen<link href="/style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="/style/css/prettify.css" />
2e545ce2450a9953665f701bb05350f0d3f26275nd<script src="/style/scripts/prettify.min.js" type="text/javascript">
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<link href="/images/favicon.ico" rel="shortcut icon" /></head>
af33a4994ae2ff15bc67d19ff1a7feb906745bf8rbowen<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<div class="up"><a href="./"><img title="<-" alt="<-" src="/images/left.gif" /></a></div>
3f08db06526d6901aa08c110b5bc7dde6bc39905nd<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.5</a> > <a href="./">Modules</a></div>
ad74a0524a06bfe11b7de9e3b4ce7233ab3bd3f7nd<p><span>Available Languages: </span><a href="/en/mod/mod_auth_basic.html" title="English"> en </a> |
0066eddda7203f6345b56f77d146a759298dc635gryzor<a href="/fr/mod/mod_auth_basic.html" hreflang="fr" rel="alternate" title="Fran�ais"> fr </a> |
7f5b59ccc63c0c0e3e678a168f09ee6a2f51f9d0nd<a href="/ja/mod/mod_auth_basic.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> |
f086b4b402fa9a2fefc7dda85de2a3cc1cd0a654rjung<a href="/ko/mod/mod_auth_basic.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p>
864d6d55a72bdb982ebabbc95cf8f051c43fa6ddrbowen<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Basic HTTP authentication</td></tr>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<tr><th><a href="module-dict.html#Status">Status:</a></th><td>Base</td></tr>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<tr><th><a href="module-dict.html#ModuleIdentifier">Module�Identifier:</a></th><td>auth_basic_module</td></tr>
b09fcdfc59ada4712150e7bcc7b502bb9e4601d8rjung<tr><th><a href="module-dict.html#SourceFile">Source�File:</a></th><td>mod_auth_basic.c</td></tr></table>
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz <p>This module allows the use of HTTP Basic Authentication to
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz restrict access by looking up users in the given providers.
f43ed9051a7f4db461d67ed4f7ece175b3dbca7cjerenkrantz HTTP Digest Authentication is provided by
e4ca72aa494fed7b6948012734b9c9c098fbba07nd <code class="module"><a href="/mod/mod_auth_digest.html">mod_auth_digest</a></code>. This module should
e4ca72aa494fed7b6948012734b9c9c098fbba07nd usually be combined with at least one authentication module
e4ca72aa494fed7b6948012734b9c9c098fbba07nd such as <code class="module"><a href="/mod/mod_authn_file.html">mod_authn_file</a></code> and one authorization
e4ca72aa494fed7b6948012734b9c9c098fbba07nd module such as <code class="module"><a href="/mod/mod_authz_user.html">mod_authz_user</a></code>.</p>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<div id="quickview"><h3 class="directives">Directives</h3>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<li><img alt="" src="/images/down.gif" /> <a href="#authbasicauthoritative">AuthBasicAuthoritative</a></li>
15a7e433cd5ddbb53d48a11f2f8732d9ea6a48caminfrin<li><img alt="" src="/images/down.gif" /> <a href="#authbasicfake">AuthBasicFake</a></li>
117c1f888a14e73cdd821dc6c23eb0411144a41cnd<li><img alt="" src="/images/down.gif" /> <a href="#authbasicprovider">AuthBasicProvider</a></li>
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd<li><img alt="" src="/images/down.gif" /> <a href="#authbasicusedigestalgorithm">AuthBasicUseDigestAlgorithm</a></li>
99ca75ffd7b9d0e6573ba8858c6e59d4a6d2fa15nd<li><code class="directive"><a href="/mod/mod_authn_core.html#authname">AuthName</a></code></li>
99ca75ffd7b9d0e6573ba8858c6e59d4a6d2fa15nd<li><code class="directive"><a href="/mod/mod_authn_core.html#authtype">AuthType</a></code></li>
99ca75ffd7b9d0e6573ba8858c6e59d4a6d2fa15nd<li><code class="directive"><a href="/mod/mod_authz_core.html#require">Require</a></code></li>
b12f74e1aaac71d21e4b9a376b31d7307a8d87d8nd<li><a href="/howto/auth.html">Authentication howto</a></li>
30471a4650391f57975f60bbb6e4a90be7b284bfhumbedooh</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<div class="directive-section"><h2><a name="AuthBasicAuthoritative" id="AuthBasicAuthoritative">AuthBasicAuthoritative</a> <a name="authbasicauthoritative" id="authbasicauthoritative">Directive</a></h2>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets whether authorization and authentication are passed to
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthBasicAuthoritative On|Off</code></td></tr>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthBasicAuthoritative On</code></td></tr>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_basic</td></tr>
e4ca72aa494fed7b6948012734b9c9c098fbba07nd <p>Normally, each authorization module listed in <code class="directive"><a href="#authbasicprovider">AuthBasicProvider</a></code> will attempt
e4ca72aa494fed7b6948012734b9c9c098fbba07nd to verify the user, and if the user is not found in any provider,
e4ca72aa494fed7b6948012734b9c9c098fbba07nd access will be denied. Setting the
e4ca72aa494fed7b6948012734b9c9c098fbba07nd <code class="directive">AuthBasicAuthoritative</code> directive explicitly
e4ca72aa494fed7b6948012734b9c9c098fbba07nd authorization to be passed on to other non-provider-based modules
e4ca72aa494fed7b6948012734b9c9c098fbba07nd if there is <strong>no userID</strong> or <strong>rule</strong>
e4ca72aa494fed7b6948012734b9c9c098fbba07nd matching the supplied userID. This should only be necessary when
e4ca72aa494fed7b6948012734b9c9c098fbba07nd combining <code class="module"><a href="/mod/mod_auth_basic.html">mod_auth_basic</a></code> with third-party modules
e4ca72aa494fed7b6948012734b9c9c098fbba07nd that are not configured with the <code class="directive"><a href="#authbasicprovider">AuthBasicProvider</a></code>
e4ca72aa494fed7b6948012734b9c9c098fbba07nd directive. When using such modules, the order of processing
e4ca72aa494fed7b6948012734b9c9c098fbba07nd is determined in the modules' source code and is not configurable.</p>
15a7e433cd5ddbb53d48a11f2f8732d9ea6a48caminfrin<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
15a7e433cd5ddbb53d48a11f2f8732d9ea6a48caminfrin<div class="directive-section"><h2><a name="AuthBasicFake" id="AuthBasicFake">AuthBasicFake</a> <a name="authbasicfake" id="authbasicfake">Directive</a></h2>
15a7e433cd5ddbb53d48a11f2f8732d9ea6a48caminfrin<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Fake basic authentication using the given expressions for
7e9d90004f580231e0376880710dc25408950ab9rbowen<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthBasicFake off|username [password]</code></td></tr>
15a7e433cd5ddbb53d48a11f2f8732d9ea6a48caminfrin<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>none</code></td></tr>
15a7e433cd5ddbb53d48a11f2f8732d9ea6a48caminfrin<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
15a7e433cd5ddbb53d48a11f2f8732d9ea6a48caminfrin<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
15a7e433cd5ddbb53d48a11f2f8732d9ea6a48caminfrin<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
15a7e433cd5ddbb53d48a11f2f8732d9ea6a48caminfrin<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_basic</td></tr>
9da97ff0bac3a0ff56a9cdebe6e5ab563636aa86jailletc<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Apache HTTP Server 2.4.5 and later</td></tr>
15a7e433cd5ddbb53d48a11f2f8732d9ea6a48caminfrin <p>The username and password specified are combined into an
15a7e433cd5ddbb53d48a11f2f8732d9ea6a48caminfrin Authorization header, which is passed to the server or service
15a7e433cd5ddbb53d48a11f2f8732d9ea6a48caminfrin behind the webserver. Both the username and password fields are
15a7e433cd5ddbb53d48a11f2f8732d9ea6a48caminfrin interpreted using the <a href="/expr.html">expression parser</a>,
15a7e433cd5ddbb53d48a11f2f8732d9ea6a48caminfrin which allows both the username and password to be set based on
15a7e433cd5ddbb53d48a11f2f8732d9ea6a48caminfrin request parameters.</p>
7e9d90004f580231e0376880710dc25408950ab9rbowen <p>If the password is not specified, the default value "password"
7e9d90004f580231e0376880710dc25408950ab9rbowen will be used. To disable fake basic authentication for an URL
7e9d90004f580231e0376880710dc25408950ab9rbowen space, specify "AuthBasicFake off".</p>
15a7e433cd5ddbb53d48a11f2f8732d9ea6a48caminfrin <p>In this example, we pass a fixed username and password to a
15a7e433cd5ddbb53d48a11f2f8732d9ea6a48caminfrin backend server.</p>
4aa603e6448b99f9371397d439795c91a93637eand <div class="example"><h3>Fixed Example</h3><pre class="prettyprint lang-config"><Location /demo>
15a7e433cd5ddbb53d48a11f2f8732d9ea6a48caminfrin AuthBasicFake demo demopass
4aa603e6448b99f9371397d439795c91a93637eand</Location></pre>
15a7e433cd5ddbb53d48a11f2f8732d9ea6a48caminfrin <p>In this example, we pass the email address extracted from a client
15a7e433cd5ddbb53d48a11f2f8732d9ea6a48caminfrin certificate, extending the functionality of the FakeBasicAuth option
15a7e433cd5ddbb53d48a11f2f8732d9ea6a48caminfrin within the <code class="directive"><a href="/mod/mod_ssl.html#ssloptions">SSLOptions</a></code>
15a7e433cd5ddbb53d48a11f2f8732d9ea6a48caminfrin directive. Like the FakeBasicAuth option, the password is set to the
15a7e433cd5ddbb53d48a11f2f8732d9ea6a48caminfrin fixed string "password".</p>
4aa603e6448b99f9371397d439795c91a93637eand <div class="example"><h3>Certificate Example</h3><pre class="prettyprint lang-config"><Location /secure>
7e9d90004f580231e0376880710dc25408950ab9rbowen AuthBasicFake %{SSL_CLIENT_S_DN_Email}
4aa603e6448b99f9371397d439795c91a93637eand</Location></pre>
15a7e433cd5ddbb53d48a11f2f8732d9ea6a48caminfrin <p>Extending the above example, we generate a password by hashing the
15a7e433cd5ddbb53d48a11f2f8732d9ea6a48caminfrin email address with a fixed passphrase, and passing the hash to the
15a7e433cd5ddbb53d48a11f2f8732d9ea6a48caminfrin backend server. This can be used to gate into legacy systems that do
15a7e433cd5ddbb53d48a11f2f8732d9ea6a48caminfrin not support client certificates.</p>
4aa603e6448b99f9371397d439795c91a93637eand <div class="example"><h3>Password Example</h3><pre class="prettyprint lang-config"><Location /secure>
15a7e433cd5ddbb53d48a11f2f8732d9ea6a48caminfrin AuthBasicFake %{SSL_CLIENT_S_DN_Email} %{sha1:passphrase-%{SSL_CLIENT_S_DN_Email}}
4aa603e6448b99f9371397d439795c91a93637eand</Location></pre>
4aa603e6448b99f9371397d439795c91a93637eand <div class="example"><h3>Exclusion Example</h3><pre class="prettyprint lang-config"><Location /public>
7e9d90004f580231e0376880710dc25408950ab9rbowen AuthBasicFake off
4aa603e6448b99f9371397d439795c91a93637eand</Location></pre>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<div class="directive-section"><h2><a name="AuthBasicProvider" id="AuthBasicProvider">AuthBasicProvider</a> <a name="authbasicprovider" id="authbasicprovider">Directive</a></h2>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets the authentication provider(s) for this location</td></tr>
e4ca72aa494fed7b6948012734b9c9c098fbba07nd<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthBasicProvider <var>provider-name</var>
e4ca72aa494fed7b6948012734b9c9c098fbba07nd<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthBasicProvider file</code></td></tr>
5bc7abb0ed18f8dbc491d0be0a09bc02e6ee9d85nd<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
5bc7abb0ed18f8dbc491d0be0a09bc02e6ee9d85nd<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_basic</td></tr>
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf <p>The <code class="directive">AuthBasicProvider</code> directive sets
aa0b2780958e9b1467c9d0153a05738e399811a5nd which provider is used to authenticate the users for this location.
e4ca72aa494fed7b6948012734b9c9c098fbba07nd by the <code class="module"><a href="/mod/mod_authn_file.html">mod_authn_file</a></code> module. Make sure
e4ca72aa494fed7b6948012734b9c9c098fbba07nd that the chosen provider module is present in the server.</p>
4aa603e6448b99f9371397d439795c91a93637eand <div class="example"><h3>Example</h3><pre class="prettyprint lang-config"><Location /secure>
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic AuthType basic
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic AuthName "private area"
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic AuthBasicProvider dbm
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic AuthDBMType SDBM
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic Require valid-user
4aa603e6448b99f9371397d439795c91a93637eand</Location></pre>
41618b507c149c7adf89bd92a0cc2c6962a29dcfcovener <p> Providers are queried in order until a provider finds a match
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf for the requested username, at which point this sole provider will
41618b507c149c7adf89bd92a0cc2c6962a29dcfcovener attempt to check the password. A failure to verify the password does
41618b507c149c7adf89bd92a0cc2c6962a29dcfcovener not result in control being passed on to subsequent providers.</p>
e4ca72aa494fed7b6948012734b9c9c098fbba07nd <p>Providers are implemented by <code class="module"><a href="/mod/mod_authn_dbm.html">mod_authn_dbm</a></code>,
e4ca72aa494fed7b6948012734b9c9c098fbba07nd <code class="module"><a href="/mod/mod_authn_file.html">mod_authn_file</a></code>, <code class="module"><a href="/mod/mod_authn_dbd.html">mod_authn_dbd</a></code>,
a29610af88e278144045bfa1bc63b4a1a4b5ff14trawick <code class="module"><a href="/mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> and <code class="module"><a href="/mod/mod_authn_socache.html">mod_authn_socache</a></code>.</p>
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd<div class="directive-section"><h2><a name="AuthBasicUseDigestAlgorithm" id="AuthBasicUseDigestAlgorithm">AuthBasicUseDigestAlgorithm</a> <a name="authbasicusedigestalgorithm" id="authbasicusedigestalgorithm">Directive</a></h2>
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Check passwords against the authentication providers as if
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisdDigest Authentication was in force instead of Basic Authentication.
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthBasicUseDigestAlgorithm MD5|Off</code></td></tr>
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthBasicUseDigestAlgorithm Off</code></td></tr>
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_basic</td></tr>
9da97ff0bac3a0ff56a9cdebe6e5ab563636aa86jailletc<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Apache HTTP Server 2.4.7 and later</td></tr>
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd <p>Normally, when using Basic Authentication, the providers listed in
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd <code class="directive"><a href="#authbasicprovider">AuthBasicProvider</a></code>
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd attempt to verify a user by checking their data stores for
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd a matching username and associated password. The stored passwords
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd are usually encrypted, but not necessarily so; each provider may
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd choose its own storage scheme for passwords.</p>
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd <p>When using <code class="directive"><a href="/mod/mod_auth_digest.html#authdigestprovider">AuthDigestProvider</a></code> and Digest
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd Authentication, providers perform a similar check to find a matching
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd username in their data stores. However, unlike in the Basic
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd Authentication case, the value associated with each stored username
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd must be an encrypted string composed from the username, realm name,
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd and password. (See
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd <a href="http://tools.ietf.org/html/rfc2617#section-3.2.2.2">
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd RFC 2617, Section 3.2.2.2</a> for more details on the format used
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd for this encrypted string.)</p>
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd <p>As a consequence of the difference in the stored values between
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd Basic and Digest Authentication, converting from Digest
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd Authentication to Basic Authentication generally requires that all
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd users be assigned new passwords, as their existing passwords cannot
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd be recovered from the password storage scheme imposed on those
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd providers which support Digest Authentication.</p>
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd <p>Setting the <code class="directive"><a href="#authbasicusedigestalgorithm">AuthBasicUseDigestAlgorithm</a></code> directive
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd to <code>MD5</code> will cause the user's Basic Authentication password
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd to be checked using the same encrypted format as for Digest
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd Authentication. First a string composed from the username, realm name,
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd and password is hashed with MD5; then the username and this encrypted
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd string are passed to the providers listed in
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd <code class="directive"><a href="#authbasicprovider">AuthBasicProvider</a></code>
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd <code class="directive"><a href="/mod/mod_authn_core.html#authtype">AuthType</a></code>
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd was set to <code>Digest</code> and Digest Authentication was in force.
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd <p>Through the use of <code class="directive"><a href="#authbasicusedigestalgorithm">AuthBasicUseDigestAlgorithm</a></code>
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd a site may switch from Digest to Basic Authentication without
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd requiring users to be assigned new passwords.</p>
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd The inverse process of switching from Basic to Digest
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd Authentication without assigning new passwords is generally
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd not possible. Only if the Basic Authentication passwords
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd have been stored in plain text or with a reversable encryption
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd scheme will it be possible to recover them and generate a
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd new data store following the Digest Authentication password
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd storage scheme.
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd Only providers which support Digest Authentication will be able
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd to authenticate users when <code class="directive"><a href="#authbasicusedigestalgorithm">AuthBasicUseDigestAlgorithm</a></code>
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd is set to <code>MD5</code>. Use of other providers will result
fa49f9755c1dcaf2f0ab6c57676592951e7b8282chrisd in an error response and the client will be denied access.
ad74a0524a06bfe11b7de9e3b4ce7233ab3bd3f7nd<p><span>Available Languages: </span><a href="/en/mod/mod_auth_basic.html" title="English"> en </a> |
0066eddda7203f6345b56f77d146a759298dc635gryzor<a href="/fr/mod/mod_auth_basic.html" hreflang="fr" rel="alternate" title="Fran�ais"> fr </a> |
7f5b59ccc63c0c0e3e678a168f09ee6a2f51f9d0nd<a href="/ja/mod/mod_auth_basic.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> |
f086b4b402fa9a2fefc7dda85de2a3cc1cd0a654rjung<a href="/ko/mod/mod_auth_basic.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p>
727872d18412fc021f03969b8641810d8896820bhumbedooh</div><div class="top"><a href="#page-header"><img src="/images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>
727872d18412fc021f03969b8641810d8896820bhumbedoohvar comments_shortname = 'httpd';
cc7e1025de9ac63bd4db6fe7f71c158b2cf09fe4humbedoohvar comments_identifier = 'http://httpd.apache.org/docs/trunk/mod/mod_auth_basic.html';
0d0ba3a410038e179b695446bb149cce6264e0abnd(function(w, d) {
cc7e1025de9ac63bd4db6fe7f71c158b2cf09fe4humbedooh if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
727872d18412fc021f03969b8641810d8896820bhumbedooh d.write('<div id="comments_thread"><\/div>');
0d0ba3a410038e179b695446bb149cce6264e0abnd var s = d.createElement('script');
ac082aefa89416cbdc9a1836eaf3bed9698201c8humbedooh s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
0d0ba3a410038e179b695446bb149cce6264e0abnd (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
727872d18412fc021f03969b8641810d8896820bhumbedooh d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
0d0ba3a410038e179b695446bb149cce6264e0abnd})(window, document);
205f749042ed530040a4f0080dbcb47ceae8a374rjung<p class="apache">Copyright 2015 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
af33a4994ae2ff15bc67d19ff1a7feb906745bf8rbowen<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
0d0ba3a410038e179b695446bb149cce6264e0abndif (typeof(prettyPrint) !== 'undefined') {
7fec19672a491661b2fe4b29f685bc7f4efa64d4nd prettyPrint();