httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexei Kosut <>
Subject MD5 Digest auth and other things...
Date Sun, 10 Mar 1996 00:49:20 GMT

David Robinson's mod_proxy uses MD5 to generate filenames, and so Apache
1.1 has MD5 code in it currently. So I figured I'd add some more
MD5-related things while we were at it. I've uploaded to
httpd/incoming/md5.tar several files that add additional MD5-related
functionality to Apache: 

util_md5.c/util_md5.h: This is basically the md5.c file stolen from
    NCSA httpd 1.5.1b3 (with proper attribution), modified to use Apache's 
    memory allocation routines. It has some MD5 utilities (hence the name).

mod_digest.c: This is a module (which must be enabled in Configuration,
    of course), that lets you use Digest authentication as per
    draft-ietf-http-digest-aa-02.txt. Set AuthType Digest, and use
    AuthDigestFile to specifiy a file containing MD5 hashes of
    user:realm:password (the same format as NCSA httpd 1.5, so you
    can go use their support/htdigest utility to make entries). It
    currently supports only flat-file, not DBM.

protocol_md5.patch: This modifies http_protocol.c and http_protocol.h
    to support mod_digest.c. I couldn't put it all in the module, because
    I wanted to be able to use mod_auth and mod_auth_dbm and the rest's
    group handling instead of writing a seperate MD5 one (which didn't make
    any sense).

core_md5.patch: This patch adds a new directive (either in httpd/srm.conf,
    access.conf or .htaccess), ContentDigest, that, when set to On,
    adds a Content-MD5 header for those files served by http_core, as
    implied by the HTTP/1.1 draft. I'm not sure if this is useful or not,
    and probably slows things down, especially for large files, but

makefile_md5.patch: Changes to Makefile.tmpl to make all the above compile.

It all seems to work... it compiles, and it all seems to work correctly
with Microsoft's Internet Explorer (which is the only browser I have that
supports Digest auth). And I've discovered something wierd about Netscape
Navigator 2.0: It apparently can parse a WWW-Authenticate: Digest header,
and extract the realm correctly, but then tries to use Basic
authentication on it... Makes you wonder. 

At any rate, I'd like to see some other people try it, and if it works for
them, see it as part of 1.1 at some point.


--// Alexei Kosut // <> // Lefler on IRC --//
-----------------// <> -------// 
"To get the full effect of Pat Buchanan's speeches, they should be
read in the original German." //--------------------------------------

View raw message