Using Digest Authentication
Using MD5 Digest authentication is very simple. Simply set up authentication normally, using
AuthType Digest
and AuthDigestProvider
instead of the normal AuthType Basic
and AuthBasicProvider
. Then add a AuthDigestDomain
directive containing at least the root URI(s) for this protection space.Appropriate user (text) files can be created using the
htdigest
tool.How to Implement Apache Digest Authentication I decided to repost this, because I had accidentally assigned it to the wrong zone(s). I am looking to password protect my entire www directory.
Example:
<Location /private/>
AuthType Digest
AuthName 'private area'
AuthDigestDomain /private/ http://mirror.my.dom/private2/
AuthDigestProvider file
AuthUserFile /web/auth/.digest_pw
Require valid-user
</Location>
Note
Digest authentication is more secure than Basic authentication, but only works with supporting browsers. As of September 2004, major browsers that support digest authentication include Amaya, Konqueror, MS Internet Explorer for Mac OS X and Windows (although the Windows version fails when used with a query string -- see 'Working with MS Internet Explorer' below for a workaround), Mozilla, Netscape 7, Opera, and Safari. lynx does not support digest authentication. Since digest authentication is not as widely implemented as basic authentication, you should use it only in environments where all users will have supporting browsers.
I have an issue where I am trying to set a test directory to authenticate using the AuthType Digest. I have been able to successfully complete this but only when the AuthName of .htaccess is one string entry.
Example .htaccess:
Example .htpasswd
If I change the Realm in .htpasswd and .htaccess AuthName to 'Gordon and' ..I get this error (from Apache logs/error.log)
I have tried encasing the Realm in single and double quotes marks to no avail, currently editing using Notepad++ but have also tried creating via the ht_digest.exe tool ...still no dice.
I have also looked on the Apache AuthType and ht_digest docs but maybe its not the right section as I can't seem to find any information on containing whitespaced realms.
Any pointers or advice would be appreciated, thanks.
jnelsonjnelson