Introduction to the Apache Web Server - ApacheCon
Introduction to the Apache Web Server - ApacheCon
Introduction to the Apache Web Server - ApacheCon
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
17.5 Basic Auth Caveats<br />
• Basic auth is not secure<br />
• Username/password passed in <strong>the</strong> clear<br />
• Content passed in <strong>the</strong> clear<br />
• Cosmetic security only<br />
17.6 Digest Auth<br />
• Same as basic, except ...<br />
• Username, password, MD5 hashed, and passed.<br />
• Password not s<strong>to</strong>red anywhere in <strong>the</strong> clear<br />
• Content still passed in <strong>the</strong> clear<br />
• Not supported by all browsers<br />
Instead of htpasswd ...<br />
htdigest -c /usr/local/apache/password/digest realm username<br />
17.7 Configuration for Digest auth<br />
AuthType Digest<br />
AuthName "Private Area"<br />
AuthDigestFile /usr/local/apache/passwords/digest<br />
Require user drbacchus dorfl<br />
Group file is identical <strong>to</strong> that used with Basic, if you want one. Use AuthDigestGroupFile with <strong>the</strong> same<br />
format.<br />
17.8 Au<strong>the</strong>ntication against o<strong>the</strong>r things<br />
• mod auth db<br />
• mod auth mysql<br />
• mod auth ldap<br />
107