httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <>
Subject Re: MD5 Digest auth and other things...
Date Sun, 10 Mar 1996 15:15:47 GMT
> Hi.
> David Robinson's mod_proxy uses MD5 to generate filenames, and so Apache
> 1.1 has MD5 code in it currently. So I figured I'd add some more
> MD5-related things while we were at it. I've uploaded to
> httpd/incoming/md5.tar several files that add additional MD5-related
> functionality to Apache: 
> util_md5.c/util_md5.h: This is basically the md5.c file stolen from
>     NCSA httpd 1.5.1b3 (with proper attribution), modified to use Apache's 
>     memory allocation routines. It has some MD5 utilities (hence the name).

Are we allowed to steal things from NCSA 1.5???



> mod_digest.c: This is a module (which must be enabled in Configuration,
>     of course), that lets you use Digest authentication as per
>     draft-ietf-http-digest-aa-02.txt. Set AuthType Digest, and use
>     AuthDigestFile to specifiy a file containing MD5 hashes of
>     user:realm:password (the same format as NCSA httpd 1.5, so you
>     can go use their support/htdigest utility to make entries). It
>     currently supports only flat-file, not DBM.
> protocol_md5.patch: This modifies http_protocol.c and http_protocol.h
>     to support mod_digest.c. I couldn't put it all in the module, because
>     I wanted to be able to use mod_auth and mod_auth_dbm and the rest's
>     group handling instead of writing a seperate MD5 one (which didn't make
>     any sense).
> core_md5.patch: This patch adds a new directive (either in httpd/srm.conf,
>     access.conf or .htaccess), ContentDigest, that, when set to On,
>     adds a Content-MD5 header for those files served by http_core, as
>     implied by the HTTP/1.1 draft. I'm not sure if this is useful or not,
>     and probably slows things down, especially for large files, but
>     anyhow...
> makefile_md5.patch: Changes to Makefile.tmpl to make all the above compile.
> It all seems to work... it compiles, and it all seems to work correctly
> with Microsoft's Internet Explorer (which is the only browser I have that
> supports Digest auth). And I've discovered something wierd about Netscape
> Navigator 2.0: It apparently can parse a WWW-Authenticate: Digest header,
> and extract the realm correctly, but then tries to use Basic
> authentication on it... Makes you wonder. 
> At any rate, I'd like to see some other people try it, and if it works for
> them, see it as part of 1.1 at some point.
> Thanks.
> --// Alexei Kosut // <> // Lefler on IRC --//
> -----------------// <> -------// 
> "To get the full effect of Pat Buchanan's speeches, they should be
> read in the original German." //--------------------------------------

Ben Laurie                  Phone: +44 (181) 994 6435
Freelance Consultant and    Fax:   +44 (181) 994 6472
Technical Director          Email:
A.L. Digital Ltd,           URL:
London, England.

View raw message