manual/mod/mod_auth_digest.xml

	mod_auth_digest.xml revision e942c741056732f50da2074b36fe59805d370650
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<?xml version="1.0"?>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<!DOCTYPE modulesynopsis SYSTEM "/style/modulesynopsis.dtd">
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<?xml-stylesheet type="text/xsl" href="/style/manual.en.xsl"?>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<modulesynopsis>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<name>mod_auth_digest</name>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<description>User authentication using MD5
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    Digest Authentication.</description>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<status>Experimental</status>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<sourcefile>mod_auth_digest.c</sourcefile>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<identifier>auth_digest_module</identifier>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<summary>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    <p>This module implements HTTP Digest Authentication.  However, it
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    has not been extensively tested and is therefore marked
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    experimental.</p>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe</summary>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<seealso><directive module="core">AuthName</directive></seealso>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<seealso><directive module="core">AuthType</directive></seealso>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<seealso><directive module="core">Require</directive></seealso>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<seealso><directive module="core">Satisfy</directive></seealso>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<section><title>Using Digest Authentication</title>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    <p>Using MD5 Digest authentication is very simple. Simply set
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    up authentication normally, using "AuthType Digest" and
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    "AuthDigestFile" instead of the normal "AuthType Basic" and
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    "AuthUserFile"; also, replace any "AuthGroupFile" with
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    "AuthDigestGroupFile". Then add a "AuthDigestDomain" directive
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    containing at least the root URI(s) for this protection space.
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    Example:</p>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<example>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe  &lt;Location /private/&gt;<br />
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe  AuthType Digest<br />
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe  AuthName "private area"<br />
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe  AuthDigestDomain /private/ http://mirror.my.dom/private2/<br />
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe  AuthDigestFile /web/auth/.digest_pw<br />
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe  Require valid-user<br />
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe  &lt;/Location&gt;
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe</example>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<note><title>Note</title>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    <p>MD5 authentication provides a more
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    secure password system than Basic authentication, but only
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    works with supporting browsers. As of this writing (October 2001),
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    the only major browsers which support digest authentication are
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    <a href="http://www.opera.com/">Opera 4.0</a>,
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    <a href="http://www.microsoft.com/windows/ie/">MS Internet
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    Explorer 5.0</a> and <a href="http://www.w3.org/Amaya/">Amaya</a>.
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    Therefore, we do not yet recommend using this feature on a large
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    Internet site. However, for personal and intra-net use, where
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    browser users can be controlled, it is ideal.</p>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe</note>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe</section>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<directivesynopsis>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<name>AuthDigestFile</name>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<description>Location of the text file containing the list
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwroweof users and encoded passwords for digest authentication</description>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<syntax>AuthDigestFile <em>file-path</em></syntax>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<contextlist><context>directory</context><context>.htaccess</context>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe</contextlist>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<override>AuthConfig</override>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<usage>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    <p>The <directive>AuthDigestFile</directive> directive sets the
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    name of a textual file containing the list of users and encoded
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    passwords for digest authentication. <em>File-path</em> is the
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    absolute path to the user file.</p>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    <p>The digest file uses a special format. Files in this format
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    can be created using the <a
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    href="/programs/htdigest.html">htdigest</a> utility found in
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    the support/ subdirectory of the Apache distribution.</p>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe</usage>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe</directivesynopsis>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<directivesynopsis>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<name>AuthDigestGroupFile</name>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<description>Name of the text file containing the list of groups
2bbb8b21f6ed7a10149494d45a6417cf984f01f8wrowefor digest authentication</description>
2bbb8b21f6ed7a10149494d45a6417cf984f01f8wrowe<syntax>AuthDigestGroupFile <em>file-path</em></syntax>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<contextlist><context>directory</context><context>.htaccess</context>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe</contextlist>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<override>AuthConfig</override>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<usage>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    <p>The <directive>AuthDigestGroupFile</directive> directive sets
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    the name of a textual file containing the list of groups and their
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    members (user names). <em>File-path</em> is the absolute path to
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    the group file.</p>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    <p>Each line of the group file contains a groupname followed by
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    a colon, followed by the member usernames separated by spaces.
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    Example:</p>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<example>mygroup: bob joe anne</example>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    <p>Note that searching large text files is <em>very</em>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    inefficient.</p>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    <p>Security: make sure that the AuthGroupFile is stored outside
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    the document tree of the web-server; do <em>not</em> put it in
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    the directory that it protects. Otherwise, clients will be able
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    to download the AuthGroupFile.</p>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe</usage>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe</directivesynopsis>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<directivesynopsis>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<name>AuthDigestQop</name>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<description>Determines the quality-of-protection to use in digest
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwroweauthentication</description>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<syntax>AuthDigestQop none|auth|auth-int [auth|auth-int]</syntax>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<default>AuthDigestQop auth</default>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<contextlist><context>directory</context><context>.htaccess</context>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe</contextlist>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<override>AuthConfig</override>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<usage>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    <p>The <directive>AuthDigestQop</directive> directive determines
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    the quality-of-protection to use. <em>auth</em> will only do
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    authentication (username/password); <em>auth-int</em> is
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    authentication plus integrity checking (an MD5 hash of the entity
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    is also computed and checked); <em>none</em> will cause the module
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    to use the old RFC-2069 digest algorithm (which does not include
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    integrity checking). Both <em>auth</em> and <em>auth-int</em> may
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    be specified, in which the case the browser will choose which of
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    these to use. <em>none</em> should only be used if the browser for
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    some reason does not like the challenge it receives otherwise.</p>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    <p><strong><em>auth-int</em> is not implemented
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    yet</strong>.</p>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe</usage>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe</directivesynopsis>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<directivesynopsis>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<name>AuthDigestNonceLifetime</name>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<description>How long the server nonce is valid</description>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<syntax>AuthDigestNonceLifetime <em>seconds</em></syntax>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<default>AuthDigestNonceLifetime 300</default>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<contextlist><context>directory</context><context>.htaccess</context>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe</contextlist>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<override>AuthConfig</override>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<usage>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    <p>The <directive>AuthDigestNonceLifetime</directive> directive
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    controls how long the server nonce is valid. When the client
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    contacts the server using an expired nonce the server will send
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    back a 401 with <code>stale=true</code>. If <em>seconds</em> is
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    greater than 0 then it specifies the amount of time for which the
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    nonce is valid; this should probably never be set to less than 10
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    seconds. If <em>seconds</em> is less than 0 then the nonce never
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    expires. <!-- Not implemented yet If <EM>seconds</EM> is 0 then
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    the nonce may be used exactly once by the client. Note that while
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    one-time-nonces provide higher security against replay attacks,
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    they also have significant performance implications, as the
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    browser cannot pipeline or multiple connections for the
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    requests. Because browsers cannot easily detect that
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    one-time-nonces are being used, this may lead to browsers trying
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    to pipeline requests and receiving 401 responses for all but the
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    first request, requiring the browser to resend the requests. Note
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    also that the protection against reply attacks only makes sense
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    for dynamically generated content and things like POST requests;
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    for static content the attacker may already have the complete
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    response, so one-time-nonces do not make sense here.  -->
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    </p>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe</usage>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe</directivesynopsis>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<directivesynopsis>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<name>AuthDigestNonceFormat</name>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<description>Determines how the nonce is generated</description>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<syntax>???</syntax>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<default>???</default>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<contextlist><context>directory</context><context>.htaccess</context>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe</contextlist>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<override>AuthConfig</override>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<usage>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    <p><strong>Not implemented yet.</strong> <!--
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe            <P>The AuthDigestNonceFormat directive determines how the nonce is
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe            generated.
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe            -->
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    </p>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe</usage>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe</directivesynopsis>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<directivesynopsis>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<name>AuthDigestNcCheck</name>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<description>Enables or disables checking of the nonce-count sent by the
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwroweserver</description>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<syntax>AuthDigestNcCheck On|Off</syntax>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<default>AuthDigestNcCheck Off</default>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<contextlist><context>server config</context></contextlist>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<usage>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    <p><strong>Not implemented yet.</strong> <!--
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe            <P>The AuthDigestNcCheck directive enables or disables the checking of the
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe            nonce-count sent by the server.
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe            <P>While recommended from a security standpoint, turning this directive
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe            On has one important performance implication. To check the nonce-count
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe            *all* requests (which have an Authorization header, irrespective of
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe            whether they require digest authentication) must be serialized through
2bbb8b21f6ed7a10149494d45a6417cf984f01f8wrowe            a critical section. If the server is handling a large number of
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe            requests which contain the Authorization header then this may noticeably
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe            impact performance.
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe            -->
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    </p>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe</usage>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe</directivesynopsis>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<directivesynopsis>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<name>AuthDigestAlgorithm</name>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<description>Selects the algorithm used to calculate the challenge and
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwroweresponse hases in digest authentication</description>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<syntax>AuthDigestAlgorithm MD5|MD5-sess</syntax>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<default>AuthDigestAlgorithm MD5</default>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<contextlist><context>directory</context><context>.htaccess</context>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe</contextlist>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<override>AuthConfig</override>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<usage>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    <p>The <directive>AuthDigestAlgorithm</directive> directive
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    selects the algorithm used to calculate the challenge and response
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    hashes.</p>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    <p><strong><em>MD5-sess</em> is not correctly implemented
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    yet</strong>. <!--
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe            <P>To use <EM>MD5-sess</EM> you must first code up the
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe            <VAR>get_userpw_hash()</VAR> function in <VAR>mod_auth_digest.c</VAR> .
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe            -->
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    </p>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe</usage>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe</directivesynopsis>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<directivesynopsis>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<name>AuthDigestDomain</name>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<description>URIs that are in the same protection space for digest
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwroweauthentication</description>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<syntax>AuthDigestDomain <em>URI</em> [<em>URI</em>] ...</syntax>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<contextlist><context>directory</context><context>.htaccess</context>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe</contextlist>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<override>AuthConfig</override>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe<usage>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    <p>The <directive>AuthDigestDomain</directive> directive allows
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    you to specify one or more URIs which are in the same protection
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    space (i.e. use the same realm and username/password info). The
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    specified URIs are prefixes, i.e. the client will assume that all
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    URIs "below" these are also protected by the same
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    username/password. The URIs may be either absolute URIs
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe    (i.e. inluding a scheme, host, port, etc) or relative URIs.</p>
87243d0fc4c9b64fc12ae7ec53ebb19a9c804ecdwrowe
2bbb8b21f6ed7a10149494d45a6417cf984f01f8wrowe    <p>This directive <em>should</em> always be specified and
2bbb8b21f6ed7a10149494d45a6417cf984f01f8wrowe    contain at least the (set of) root URI(s) for this space.
2bbb8b21f6ed7a10149494d45a6417cf984f01f8wrowe    Omitting to do so will cause the client to send the
2bbb8b21f6ed7a10149494d45a6417cf984f01f8wrowe    Authorization header for <em>every request</em> sent to this
2bbb8b21f6ed7a10149494d45a6417cf984f01f8wrowe    server. Apart from increasing the size of the request, it may
2bbb8b21f6ed7a10149494d45a6417cf984f01f8wrowe    also have a detrimental effect on performance if
2bbb8b21f6ed7a10149494d45a6417cf984f01f8wrowe    "AuthDigestNcCheck" is on.</p>
2bbb8b21f6ed7a10149494d45a6417cf984f01f8wrowe
2bbb8b21f6ed7a10149494d45a6417cf984f01f8wrowe    <p>The URIs specified can also point to different servers, in
2bbb8b21f6ed7a10149494d45a6417cf984f01f8wrowe    which case clients (which understand this) will then share
2bbb8b21f6ed7a10149494d45a6417cf984f01f8wrowe    username/password info across multiple servers without
2bbb8b21f6ed7a10149494d45a6417cf984f01f8wrowe    prompting the user each time. </p>
2bbb8b21f6ed7a10149494d45a6417cf984f01f8wrowe</usage>
2bbb8b21f6ed7a10149494d45a6417cf984f01f8wrowe</directivesynopsis>
2bbb8b21f6ed7a10149494d45a6417cf984f01f8wrowe
2bbb8b21f6ed7a10149494d45a6417cf984f01f8wrowe</modulesynopsis>
2bbb8b21f6ed7a10149494d45a6417cf984f01f8wrowe
2bbb8b21f6ed7a10149494d45a6417cf984f01f8wrowe