b6ff72be73dad3d1394cf2c71e29e67624ff030bChristian Maeder<?xml version="1.0" encoding="ISO-8859-1"?>

beff4152e9f0fe90885458d1a1733b183a2a8816Christian Maeder<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--

3f69b6948966979163bdfe8331c38833d5d90ecdChristian Maeder<title>mod_auth_digest - Apache HTTP Server Version 2.5</title>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<link href="/style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<link href="/style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<link href="/style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="/style/css/prettify.css" />

f3a94a197960e548ecd6520bb768cb0d547457bbChristian Maeder<script src="/style/scripts/prettify.min.js" type="text/javascript">

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder</script>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<link href="/images/favicon.ico" rel="shortcut icon" /></head>

109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder<body>

109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder<div id="page-header">

109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p>

109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder<p class="apache">Apache HTTP Server Version 2.5</p>

109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder<img alt="" src="/images/feather.gif" /></div>

109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="/images/left.gif" /></a></div>

109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder<div id="path">

ea5ccb1c6e89486a54e1f4bd95840147e96093edChristian Maeder<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.5</a> &gt; <a href="./">Modules</a></div>

109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder<div id="page-content">

109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder<div id="preamble"><h1>Apache Module mod_auth_digest</h1>

85e1d54a475bfc30b3eac5ae6c5e42a2d7e93f10Christian Maeder<div class="toplang">

85e1d54a475bfc30b3eac5ae6c5e42a2d7e93f10Christian Maeder<p><span>Available Languages: </span><a href="/en/mod/mod_auth_digest.html" title="English">&nbsp;en&nbsp;</a> |

109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder<a href="/fr/mod/mod_auth_digest.html" hreflang="fr" rel="alternate" title="Fran�ais">&nbsp;fr&nbsp;</a> |

109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder<a href="/ko/mod/mod_auth_digest.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a></p>

109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder</div>

109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>User authentication using MD5

109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder Digest Authentication</td></tr>

109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder<tr><th><a href="module-dict.html#Status">Status:</a></th><td>Extension</td></tr>

109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder<tr><th><a href="module-dict.html#ModuleIdentifier">Module�Identifier:</a></th><td>auth_digest_module</td></tr>

109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder<tr><th><a href="module-dict.html#SourceFile">Source�File:</a></th><td>mod_auth_digest.c</td></tr></table>

109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder<h3>Summary</h3>

109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder

109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder <p>This module implements HTTP Digest Authentication

109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder (<a href="http://www.faqs.org/rfcs/rfc2617.html">RFC2617</a>), and

109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder provides an alternative to <code class="module"><a href="/mod/mod_auth_basic.html">mod_auth_basic</a></code> where the

109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder password is not transmitted as cleartext. However, this does

109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder <strong>not</strong> lead to a significant security advantage over

109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder basic authentication. On the other hand, the password storage on the

bbba6dd86153aacb0f662b182b128df0eb09fd54Christian Maeder server is much less secure with digest authentication than with

109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder basic authentication. Therefore, using basic auth and encrypting the

a461314c811f4187dff85c8be079a41b2f13f176Christian Maeder whole connection using <code class="module"><a href="/mod/mod_ssl.html">mod_ssl</a></code> is a much better

109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder alternative.</p>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder</div>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<div id="quickview"><h3>Topics</h3>

be43c3fa0292555bd126784ae27ff5c1d23438cbChristian Maeder<ul id="topics">

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<li><img alt="" src="/images/down.gif" /> <a href="#using">Using Digest Authentication</a></li>

16b71dad8d398af412d66a4f4763f1ada5b03d23Christian Maeder</ul><h3 class="directives">Directives</h3>

f39b8dd9651dfcc38b06191cda23cacbfc298323Christian Maeder<ul id="toc">

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<li><img alt="" src="/images/down.gif" /> <a href="#authdigestalgorithm">AuthDigestAlgorithm</a></li>

7f7460e7095628f3437b116ee78d3043d11f8febChristian Maeder<li><img alt="" src="/images/down.gif" /> <a href="#authdigestdomain">AuthDigestDomain</a></li>

3a9d784341454573b50b32fa1b494e7418df3086Christian Maeder<li><img alt="" src="/images/down.gif" /> <a href="#authdigestnccheck">AuthDigestNcCheck</a></li>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<li><img alt="" src="/images/down.gif" /> <a href="#authdigestnonceformat">AuthDigestNonceFormat</a></li>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<li><img alt="" src="/images/down.gif" /> <a href="#authdigestnoncelifetime">AuthDigestNonceLifetime</a></li>

9d6562465b41f17c7967d4e5678f34811d958cb2Christian Maeder<li><img alt="" src="/images/down.gif" /> <a href="#authdigestprovider">AuthDigestProvider</a></li>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<li><img alt="" src="/images/down.gif" /> <a href="#authdigestqop">AuthDigestQop</a></li>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<li><img alt="" src="/images/down.gif" /> <a href="#authdigestshmemsize">AuthDigestShmemSize</a></li>

be43c3fa0292555bd126784ae27ff5c1d23438cbChristian Maeder</ul>

7f7460e7095628f3437b116ee78d3043d11f8febChristian Maeder<h3>See also</h3>

16b71dad8d398af412d66a4f4763f1ada5b03d23Christian Maeder<ul class="seealso">

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<li><code class="directive"><a href="/mod/mod_authn_core.html#authname">AuthName</a></code></li>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<li><code class="directive"><a href="/mod/mod_authn_core.html#authtype">AuthType</a></code></li>

38c817b94e0a5b1ae94178b1075c187e07bcc5e1Christian Maeder<li><code class="directive"><a href="/mod/mod_authz_core.html#require">Require</a></code></li>

38c817b94e0a5b1ae94178b1075c187e07bcc5e1Christian Maeder<li><a href="/howto/auth.html">Authentication howto</a></li>

38c817b94e0a5b1ae94178b1075c187e07bcc5e1Christian Maeder</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>

38c817b94e0a5b1ae94178b1075c187e07bcc5e1Christian Maeder<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<div class="directive-section"><h2><a name="AuthDigestAlgorithm" id="AuthDigestAlgorithm">AuthDigestAlgorithm</a> <a name="authdigestalgorithm" id="authdigestalgorithm">Directive</a></h2>

2353f65833a3da763392f771223250cd50b8d873Christian Maeder<table class="directive">

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Selects the algorithm used to calculate the challenge and

b53688bfed888214b485cf76439d57262d80e0a7Christian Maederresponse hashes in digest authentication</td></tr>

00df6fd583c19393fa141d5a0e21ac74c7bf5b19Christian Maeder<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthDigestAlgorithm MD5|MD5-sess</code></td></tr>

cb2044812811d66efe038d914966e04290be93faChristian Maeder<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthDigestAlgorithm MD5</code></td></tr>

bc263f610d20a9cd3014ddfca903026127fa0d48Christian Maeder<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>

8c8545dd3bf34fbcbc16904b65d249658f8f9efcChristian Maeder<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>

d81905a5b924415c524d702df26204683c82c12eChristian Maeder<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_digest</td></tr>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder</table>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder <p>The <code class="directive">AuthDigestAlgorithm</code> directive

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder selects the algorithm used to calculate the challenge and response

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder hashes.</p>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder <div class="note">

cb2044812811d66efe038d914966e04290be93faChristian Maeder <code>MD5-sess</code> is not correctly implemented yet.

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder </div>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder

083bc1972a66d73749760eab3a90bf4eb9ca7951Christian Maeder

0ae7a79e865d4a6022d705d160530682b3c1f825Christian Maeder</div>

00df6fd583c19393fa141d5a0e21ac74c7bf5b19Christian Maeder<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>

083bc1972a66d73749760eab3a90bf4eb9ca7951Christian Maeder<div class="directive-section"><h2><a name="AuthDigestDomain" id="AuthDigestDomain">AuthDigestDomain</a> <a name="authdigestdomain" id="authdigestdomain">Directive</a></h2>

6352f3c31da3043783a13be6594aacb2147378baRazvan Pascanu<table class="directive">

fefee7e1dee1ee5f0768a03a4abae88d1ca2c3fdRazvan Pascanu<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>URIs that are in the same protection space for digest

b324cda6178c49ddeead3ce62b832ccf644cbcabRazvan Pascanuauthentication</td></tr>

fefee7e1dee1ee5f0768a03a4abae88d1ca2c3fdRazvan Pascanu<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthDigestDomain <var>URI</var> [<var>URI</var>] ...</code></td></tr>

bc263f610d20a9cd3014ddfca903026127fa0d48Christian Maeder<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>

966519955f5f7111abac20118563132b9dd41165Christian Maeder<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>

8c8545dd3bf34fbcbc16904b65d249658f8f9efcChristian Maeder<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_digest</td></tr>

33fcc19ef2b59493b4e91eebf701df95fd230765Christian Maeder</table>

33fcc19ef2b59493b4e91eebf701df95fd230765Christian Maeder <p>The <code class="directive">AuthDigestDomain</code> directive allows

33fcc19ef2b59493b4e91eebf701df95fd230765Christian Maeder you to specify one or more URIs which are in the same protection

8865728716566f42fa73e7e0bc080ba3225df764Christian Maeder space (<em>i.e.</em> use the same realm and username/password info).

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder The specified URIs are prefixes; the client will assume

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder that all URIs "below" these are also protected by the same

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder username/password. The URIs may be either absolute URIs (<em>i.e.</em>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder including a scheme, host, port, etc.) or relative URIs.</p>

2360728d4185c0c04279c999941c64d36626af79Christian Maeder

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder <p>This directive <em>should</em> always be specified and

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder contain at least the (set of) root URI(s) for this space.

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder Omitting to do so will cause the client to send the

beff4152e9f0fe90885458d1a1733b183a2a8816Christian Maeder Authorization header for <em>every request</em> sent to this

fdac680252d7347858bd67b4c2a2aaa52e623815Christian Maeder server. Apart from increasing the size of the request, it may

fdac680252d7347858bd67b4c2a2aaa52e623815Christian Maeder also have a detrimental effect on performance if <code class="directive"><a href="#authdigestnccheck">AuthDigestNcCheck</a></code> is on.</p>

a9e804dbec424ec36e34bab955cbe90edac5baa6Christian Maeder

f8cc2399c16fcda7e3bf9d901a0de0cc8a455f86Ewaryst Schulz <p>The URIs specified can also point to different servers, in

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder which case clients (which understand this) will then share

b76d27eba526ecac2a20400fa505ec5c642ae7d2Dominik Luecke username/password info across multiple servers without

b76d27eba526ecac2a20400fa505ec5c642ae7d2Dominik Luecke prompting the user each time. </p>

8a5c05062ef501bf725a86a370a5145a198e81fdKlaus Luettich

8a5c05062ef501bf725a86a370a5145a198e81fdKlaus Luettich</div>

8a5c05062ef501bf725a86a370a5145a198e81fdKlaus Luettich<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>

2353f65833a3da763392f771223250cd50b8d873Christian Maeder<div class="directive-section"><h2><a name="AuthDigestNcCheck" id="AuthDigestNcCheck">AuthDigestNcCheck</a> <a name="authdigestnccheck" id="authdigestnccheck">Directive</a></h2>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<table class="directive">

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enables or disables checking of the nonce-count sent by the

2353f65833a3da763392f771223250cd50b8d873Christian Maederserver</td></tr>

2353f65833a3da763392f771223250cd50b8d873Christian Maeder<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthDigestNcCheck On|Off</code></td></tr>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthDigestNcCheck Off</code></td></tr>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_digest</td></tr>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder</table>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder <div class="note">

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder Not implemented yet.

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder </div>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder

00df6fd583c19393fa141d5a0e21ac74c7bf5b19Christian Maeder</div>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>

cb2044812811d66efe038d914966e04290be93faChristian Maeder<div class="directive-section"><h2><a name="AuthDigestNonceFormat" id="AuthDigestNonceFormat">AuthDigestNonceFormat</a> <a name="authdigestnonceformat" id="authdigestnonceformat">Directive</a></h2>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder<table class="directive">

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Determines how the nonce is generated</td></tr>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthDigestNonceFormat <var>format</var></code></td></tr>

8d780c893d6df5dab3dcc7d8444b7517f6547f11Christian Maeder<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_digest</td></tr>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder</table>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder <div class="note">Not implemented yet.</div>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder</div>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder<div class="directive-section"><h2><a name="AuthDigestNonceLifetime" id="AuthDigestNonceLifetime">AuthDigestNonceLifetime</a> <a name="authdigestnoncelifetime" id="authdigestnoncelifetime">Directive</a></h2>

bc263f610d20a9cd3014ddfca903026127fa0d48Christian Maeder<table class="directive">

966519955f5f7111abac20118563132b9dd41165Christian Maeder<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>How long the server nonce is valid</td></tr>

bbba6dd86153aacb0f662b182b128df0eb09fd54Christian Maeder<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthDigestNonceLifetime <var>seconds</var></code></td></tr>

16b71dad8d398af412d66a4f4763f1ada5b03d23Christian Maeder<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthDigestNonceLifetime 300</code></td></tr>

d96bfd1d7a4595bfff87771b91797330fa939455Christian Maeder<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>

d96bfd1d7a4595bfff87771b91797330fa939455Christian Maeder<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>

8c8545dd3bf34fbcbc16904b65d249658f8f9efcChristian Maeder<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>

d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_digest</td></tr>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder</table>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder <p>The <code class="directive">AuthDigestNonceLifetime</code> directive

b6ff72be73dad3d1394cf2c71e29e67624ff030bChristian Maeder controls how long the server nonce is valid. When the client

b6ff72be73dad3d1394cf2c71e29e67624ff030bChristian Maeder contacts the server using an expired nonce the server will send

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder back a 401 with <code>stale=true</code>. If <var>seconds</var> is

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder greater than 0 then it specifies the amount of time for which the

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder nonce is valid; this should probably never be set to less than 10

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder seconds. If <var>seconds</var> is less than 0 then the nonce never

2360728d4185c0c04279c999941c64d36626af79Christian Maeder expires.

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder </p>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder

00df6fd583c19393fa141d5a0e21ac74c7bf5b19Christian Maeder</div>

2360728d4185c0c04279c999941c64d36626af79Christian Maeder<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>

2360728d4185c0c04279c999941c64d36626af79Christian Maeder<div class="directive-section"><h2><a name="AuthDigestProvider" id="AuthDigestProvider">AuthDigestProvider</a> <a name="authdigestprovider" id="authdigestprovider">Directive</a></h2>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder<table class="directive">

2360728d4185c0c04279c999941c64d36626af79Christian Maeder<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets the authentication provider(s) for this location</td></tr>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthDigestProvider <var>provider-name</var>

8d780c893d6df5dab3dcc7d8444b7517f6547f11Christian Maeder[<var>provider-name</var>] ...</code></td></tr>

2360728d4185c0c04279c999941c64d36626af79Christian Maeder<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthDigestProvider file</code></td></tr>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>

2360728d4185c0c04279c999941c64d36626af79Christian Maeder<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_digest</td></tr>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder</table>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder <p>The <code class="directive">AuthDigestProvider</code> directive sets

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder which provider is used to authenticate the users for this location.

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder The default <code>file</code> provider is implemented

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder by the <code class="module"><a href="/mod/mod_authn_file.html">mod_authn_file</a></code> module. Make sure

bc263f610d20a9cd3014ddfca903026127fa0d48Christian Maeder that the chosen provider module is present in the server.</p>

966519955f5f7111abac20118563132b9dd41165Christian Maeder

bbba6dd86153aacb0f662b182b128df0eb09fd54Christian Maeder <p>See <code class="module"><a href="/mod/mod_authn_dbm.html">mod_authn_dbm</a></code>, <code class="module"><a href="/mod/mod_authn_file.html">mod_authn_file</a></code>,

16b71dad8d398af412d66a4f4763f1ada5b03d23Christian Maeder <code class="module"><a href="/mod/mod_authn_dbd.html">mod_authn_dbd</a></code> and <code class="module"><a href="/mod/mod_authn_socache.html">mod_authn_socache</a></code>

d96bfd1d7a4595bfff87771b91797330fa939455Christian Maeder for providers.</p>

8c8545dd3bf34fbcbc16904b65d249658f8f9efcChristian Maeder

d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder</div>

2360728d4185c0c04279c999941c64d36626af79Christian Maeder<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<div class="directive-section"><h2><a name="AuthDigestQop" id="AuthDigestQop">AuthDigestQop</a> <a name="authdigestqop" id="authdigestqop">Directive</a></h2>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<table class="directive">

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Determines the quality-of-protection to use in digest

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maederauthentication</td></tr>

bbba6dd86153aacb0f662b182b128df0eb09fd54Christian Maeder<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthDigestQop none|auth|auth-int [auth|auth-int]</code></td></tr>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthDigestQop auth</code></td></tr>

cb2044812811d66efe038d914966e04290be93faChristian Maeder<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>

bbba6dd86153aacb0f662b182b128df0eb09fd54Christian Maeder<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>

bbba6dd86153aacb0f662b182b128df0eb09fd54Christian Maeder<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_digest</td></tr>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder</table>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder <p>The <code class="directive">AuthDigestQop</code> directive determines

16b71dad8d398af412d66a4f4763f1ada5b03d23Christian Maeder the <dfn>quality-of-protection</dfn> to use. <code>auth</code> will

16b71dad8d398af412d66a4f4763f1ada5b03d23Christian Maeder only do authentication (username/password); <code>auth-int</code> is

16b71dad8d398af412d66a4f4763f1ada5b03d23Christian Maeder authentication plus integrity checking (an MD5 hash of the entity

16b71dad8d398af412d66a4f4763f1ada5b03d23Christian Maeder is also computed and checked); <code>none</code> will cause the module

8c8545dd3bf34fbcbc16904b65d249658f8f9efcChristian Maeder to use the old RFC-2069 digest algorithm (which does not include

33fcc19ef2b59493b4e91eebf701df95fd230765Christian Maeder integrity checking). Both <code>auth</code> and <code>auth-int</code> may

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder be specified, in which the case the browser will choose which of

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder these to use. <code>none</code> should only be used if the browser for

8bb80c9684e905de8dcfcfb1291542677e7d77b6Christian Maeder some reason does not like the challenge it receives otherwise.</p>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder

bc263f610d20a9cd3014ddfca903026127fa0d48Christian Maeder <div class="note">

966519955f5f7111abac20118563132b9dd41165Christian Maeder <code>auth-int</code> is not implemented yet.

8bb80c9684e905de8dcfcfb1291542677e7d77b6Christian Maeder </div>

8bb80c9684e905de8dcfcfb1291542677e7d77b6Christian Maeder

00df6fd583c19393fa141d5a0e21ac74c7bf5b19Christian Maeder</div>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<div class="directive-section"><h2><a name="AuthDigestShmemSize" id="AuthDigestShmemSize">AuthDigestShmemSize</a> <a name="authdigestshmemsize" id="authdigestshmemsize">Directive</a></h2>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<table class="directive">

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The amount of shared memory to allocate for keeping track

b6ff72be73dad3d1394cf2c71e29e67624ff030bChristian Maederof clients</td></tr>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthDigestShmemSize <var>size</var></code></td></tr>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthDigestShmemSize 1000</code></td></tr>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_digest</td></tr>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder</table>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder <p>The <code class="directive">AuthDigestShmemSize</code> directive defines

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder the amount of shared memory, that will be allocated at the server

bc263f610d20a9cd3014ddfca903026127fa0d48Christian Maeder startup for keeping track of clients. Note that the shared memory

966519955f5f7111abac20118563132b9dd41165Christian Maeder segment cannot be set less than the space that is necessary for

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder tracking at least <em>one</em> client. This value is dependent on your

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder system. If you want to find out the exact value, you may simply

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder set <code class="directive">AuthDigestShmemSize</code> to the value of

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder <code>0</code> and read the error message after trying to start the

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder server.</p>

cb2044812811d66efe038d914966e04290be93faChristian Maeder

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder <p>The <var>size</var> is normally expressed in Bytes, but you

8d780c893d6df5dab3dcc7d8444b7517f6547f11Christian Maeder may follow the number with a <code>K</code> or an <code>M</code> to

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder express your value as KBytes or MBytes. For example, the following

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder directives are all equivalent:</p>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder<pre class="prettyprint lang-config">AuthDigestShmemSize 1048576

00df6fd583c19393fa141d5a0e21ac74c7bf5b19Christian MaederAuthDigestShmemSize 1024K

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian MaederAuthDigestShmemSize 1M</pre>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder</div>

bbba6dd86153aacb0f662b182b128df0eb09fd54Christian Maeder<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>

16b71dad8d398af412d66a4f4763f1ada5b03d23Christian Maeder<div class="section">

8c8545dd3bf34fbcbc16904b65d249658f8f9efcChristian Maeder<h2><a name="using" id="using">Using Digest Authentication</a></h2>

33fcc19ef2b59493b4e91eebf701df95fd230765Christian Maeder

d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder <p>To use MD5 Digest authentication, simply

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder change the normal <code>AuthType Basic</code> and

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder <code class="directive"><a href="/mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder to <code>AuthType Digest</code> and

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder <code class="directive"><a href="#authdigestprovider">AuthDigestProvider</a></code>,

f39b8dd9651dfcc38b06191cda23cacbfc298323Christian Maeder when setting up authentication, then add a

12aef5992d3af07dee81a4e02cf4be65a83f28bcChristian Maeder <code class="directive"><a href="#authdigestdomain">AuthDigestDomain</a></code> directive containing at least the root

2360728d4185c0c04279c999941c64d36626af79Christian Maeder URI(s) for this protection space.</p>

2360728d4185c0c04279c999941c64d36626af79Christian Maeder

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder <p>Appropriate user (text) files can be created using the

f39b8dd9651dfcc38b06191cda23cacbfc298323Christian Maeder <code class="program"><a href="/programs/htdigest.html">htdigest</a></code> tool.</p>

2360728d4185c0c04279c999941c64d36626af79Christian Maeder

2360728d4185c0c04279c999941c64d36626af79Christian Maeder <div class="example"><h3>Example:</h3><pre class="prettyprint lang-config">&lt;Location "/private/"&gt;

2360728d4185c0c04279c999941c64d36626af79Christian Maeder AuthType Digest

d81905a5b924415c524d702df26204683c82c12eChristian Maeder AuthName "private area"

2360728d4185c0c04279c999941c64d36626af79Christian Maeder AuthDigestDomain "/private/" "http://mirror.my.dom/private2/"

f39b8dd9651dfcc38b06191cda23cacbfc298323Christian Maeder

8d780c893d6df5dab3dcc7d8444b7517f6547f11Christian Maeder AuthDigestProvider file

2360728d4185c0c04279c999941c64d36626af79Christian Maeder AuthUserFile "/web/auth/.digest_pw"

bc263f610d20a9cd3014ddfca903026127fa0d48Christian Maeder Require valid-user

966519955f5f7111abac20118563132b9dd41165Christian Maeder&lt;/Location&gt;</pre>

2360728d4185c0c04279c999941c64d36626af79Christian Maeder</div>

2360728d4185c0c04279c999941c64d36626af79Christian Maeder

00df6fd583c19393fa141d5a0e21ac74c7bf5b19Christian Maeder <div class="note"><h3>Note</h3>

2360728d4185c0c04279c999941c64d36626af79Christian Maeder <p>Digest authentication was intended to be more secure than basic

f39b8dd9651dfcc38b06191cda23cacbfc298323Christian Maeder authentication, but no longer fulfills that design goal. A

2360728d4185c0c04279c999941c64d36626af79Christian Maeder man-in-the-middle attacker can trivially force the browser to downgrade

2360728d4185c0c04279c999941c64d36626af79Christian Maeder to basic authentication. And even a passive eavesdropper can brute-force

2360728d4185c0c04279c999941c64d36626af79Christian Maeder the password using today's graphics hardware, because the hashing

2360728d4185c0c04279c999941c64d36626af79Christian Maeder algorithm used by digest authentication is too fast. Another problem is

2360728d4185c0c04279c999941c64d36626af79Christian Maeder that the storage of the passwords on the server is insecure. The contents

d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder of a stolen htdigest file can be used directly for digest authentication.

8994ef587ce7c7c39ddd20f0f7e4575838a6694aChristian Maeder Therefore using <code class="module"><a href="/mod/mod_ssl.html">mod_ssl</a></code> to encrypt the whole connection is

33fcc19ef2b59493b4e91eebf701df95fd230765Christian Maeder strongly recommended.</p>

2360728d4185c0c04279c999941c64d36626af79Christian Maeder <p><code class="module"><a href="/mod/mod_auth_digest.html">mod_auth_digest</a></code> only works properly on platforms

2360728d4185c0c04279c999941c64d36626af79Christian Maeder where APR supports shared memory.</p>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder </div>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder</div>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder</div>

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<div class="bottomlang">

b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<p><span>Available Languages: </span><a href="/en/mod/mod_auth_digest.html" title="English">&nbsp;en&nbsp;</a> |

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder<a href="/fr/mod/mod_auth_digest.html" hreflang="fr" rel="alternate" title="Fran�ais">&nbsp;fr&nbsp;</a> |

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder<a href="/ko/mod/mod_auth_digest.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a></p>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder</div><div class="top"><a href="#page-header"><img src="/images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder<script type="text/javascript"><!--//--><![CDATA[//><!--

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder//--><!]]></script></div><div id="footer">

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder<p class="apache">Copyright 2015 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>

76d027be764e2ff61bef959efb3ac8f56499e646Christian Maeder<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--

a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder//--><!]]></script>

63da71bfb4226f504944b293fb77177ebcaea7d4Ewaryst Schulz</body></html>