This module provides for user authentication using MD5 Digest Authentication.
Status: Extension
Source File: mod_digest.c
Module Identifier:
digest_module
Compatibility: Available in
Apache 1.1 and later.
This module implements an older version of the MD5 Digest Authentication specification which will probably not work with modern browsers. Please see mod_auth_digest for a module which implements the most recent version of the standard.
Using MD5 Digest authentication is very simple. Simply set up authentication normally. However, use "AuthType Digest" and "AuthDigestFile" instead of the normal "AuthType Basic" and "AuthUserFile". Everything else should remain the same.
MD5 authentication provides a more secure password system, but only works with supporting browsers. As of this writing (January 2002), the only major browsers which support digest authentication are Opera 4.0, MS Internet Explorer 5.0 and Amaya. Therefore, we do not recommend using this feature on a large Internet site. However, for personal and intra-net use, where browser users can be controlled, it is ideal.
See also mod_auth_digest, which is an updated version of this module, in order to determine whether you want to use that module instead. In either case, if you are using one, you should not use the other, as they share some of the same configuration directives.
The AuthDigestFile directive sets the name of a textual file containing the list of users and encoded passwords for digest authentication. Filename is the absolute path to the user file.
Example
AuthDigestFile /usr/local/apache/passwords/passwords.digest
The digest file uses a special format. Files in this format can be created using the "htdigest" utility found in the support/ subdirectory of the Apache distribution.