httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject cvs commit: httpd-docs-1.3/htdocs/manual/mod core.html.en mod_digest.html
Date Thu, 15 Apr 2004 15:56:52 GMT
jim         2004/04/15 08:56:52

  Modified:    htdocs/manual/mod core.html.en mod_digest.html
  Log:
  Document AuthDigestRealmSeed
  
  Revision  Changes    Path
  1.260     +42 -0     httpd-docs-1.3/htdocs/manual/mod/core.html.en
  
  Index: core.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/mod/core.html.en,v
  retrieving revision 1.259
  retrieving revision 1.260
  diff -u -r1.259 -r1.260
  --- core.html.en	29 Jan 2004 17:01:53 -0000	1.259
  +++ core.html.en	15 Apr 2004 15:56:50 -0000	1.260
  @@ -37,6 +37,8 @@
   
         <li><a href="#authname">AuthName</a></li>
   
  +      <li><a href="#AuthDigestRealmSeed">AuthDigestRealmSeed</a></li>
  +
         <li><a href="#authtype">AuthType</a></li>
   
         <li><a href="#bindaddress">BindAddress</a></li>
  @@ -500,6 +502,7 @@
         href="mod_auth_dbm.html#authdbmuserfile">AuthDBMUserFile</a>,
         <a href="mod_auth.html#authgroupfile">AuthGroupFile</a>, <a
         href="#authname">AuthName</a>, <a
  +      href="#AuthDigestRealmSeed">AuthDigestRealmSeed</a>, <a
         href="#authtype">AuthType</a>, <a
         href="mod_auth.html#authuserfile">AuthUserFile</a>, <a
         href="#require">Require</a>, <em>etc.</em>).</dd>
  @@ -595,6 +598,42 @@
       Access Control</a></p>
       <hr />
   
  +    <h2><a id="AuthDigestRealmSeed" name="AuthDigestRealmSeed">AuthDigestRealmSeed
  +    directive</a></h2>
  +
  +    <a href="directive-dict.html#Syntax"
  +    rel="Help"><strong>Syntax:</strong></a> AuthDigestRealmSeed
  +    <em>secret-real-string</em><br />
  +     <a href="directive-dict.html#Context"
  +    rel="Help"><strong>Context:</strong></a> directory,
  +    .htaccess<br />
  +     <a href="directive-dict.html#Override"
  +    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
  +     <a href="directive-dict.html#Status"
  +    rel="Help"><strong>Status:</strong></a> core
  +
  +    <p>This directive sets a per realm secret nonce prefix
  +    which is used to ensure that a captured username, password
  +    and realm string during a Digest exchange cannot
  +    be replayed at other places.
  +    </p>
  +    <p>It only applies to <a href="mod_digest.html">mod_digest.html</a>,
  +    the experimental <a href="mod_auth_digest.html">mod_auth_digest.html</a>
  +    implements its own (more advanced and also time sensitive) replay protection.
  +    </p>
  +
  +    It must be accompanied by <a href="#authtype">AuthType</a> of
  +    type Digest, one or more
  +    <a href="#require">Require</a> directives, and directives such
  +    as <a href="mod_auth.html#authuserfile">AuthUserFile</a> and <a
  +    href="mod_auth.html#authgroupfile">AuthGroupFile</a> to
  +    work.</p>
  +
  +    <p><strong>See also:</strong> <a
  +    href="../howto/auth.html">Authentication, Authorization, and
  +    Access Control</a></p>
  +    <hr />
  +
       <h2><a id="authtype" name="authtype">AuthType
       directive</a></h2>
   
  @@ -618,6 +657,9 @@
       as <a href="mod_auth.html#authuserfile">AuthUserFile</a> and <a
       href="mod_auth.html#authgroupfile">AuthGroupFile</a> to
       work.</p>
  +
  +    <p>When AuthDigest is used an <a href="#AuthDigestRealmSeed">AuthDigestRealmSeed</a>
  +    should also be set.</p>
   
       <p><strong>See also:</strong> <a
       href="../howto/auth.html">Authentication, Authorization, and
  
  
  
  1.15      +19 -8     httpd-docs-1.3/htdocs/manual/mod/mod_digest.html
  
  Index: mod_digest.html
  ===================================================================
  RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/mod/mod_digest.html,v
  retrieving revision 1.14
  retrieving revision 1.15
  diff -u -r1.14 -r1.15
  --- mod_digest.html	23 Jan 2002 02:51:03 -0000	1.14
  +++ mod_digest.html	15 Apr 2004 15:56:52 -0000	1.15
  @@ -48,17 +48,28 @@
       <p>Using MD5 Digest authentication is very simple. Simply set
       up authentication normally. However, use "AuthType Digest" and
       "AuthDigestFile" instead of the normal "AuthType Basic" and
  -    "AuthUserFile". Everything else should remain the same.</p>
  +    "AuthUserFile".</p>
  +
  +    <p>As to make sure that replay is not possible across
  +    sections of the site, or across sites (assuming a realm,
  +    userid and password are valid in that wider context) a
  +    secret nonce prefix can be configured with the
  +    core directive <a href="core.html#AuthDigestRealmSeed">AuthDigestRealmSeed</a>.
  +    </p>
  +    <p>If none if configured a sensible, but not particular
  +    secure, default is used. When used in load balancing
  +    situations the prefix should be shared across servers.
  +    </p>
  +    <p>The experimental <a href="mod_auth_digest.html">mod_auth_digest</a>
  +    module offers a number of additinal protections against replay.
  +    </p>
  +
  +    <p>Everything else should remain the same.</p>
   
       <p>MD5 authentication provides a more secure password system,
       but only works with supporting browsers. As of this writing
  -    (January 2002), the only major browsers which support digest
  -    authentication are <a href="http://www.opera.com/">Opera 4.0</a>,
  -    <a href="http://www.microsoft.com/windows/ie/">MS Internet 
  -    Explorer 5.0</a> and <a href="http://www.w3.org/Amaya/">Amaya</a>.

  -    Therefore, we do not recommend using this feature on a large 
  -    Internet site. However, for personal and intra-net use, where 
  -    browser users can be controlled, it is ideal.</p>
  +    (December 2003), most major browsers support digest authentication.
  +    </p>
   
       <p>See also <a href="mod_auth_digest.html">mod_auth_digest</a>,
       which is an updated version of this module, in order to determine
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message