httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s...@conman.org (Sean Conner)
Subject [users@httpd] Apache Authentication questions
Date Wed, 07 Dec 2005 22:05:42 GMT

  I'm playing around with authentication schemes under Apache.  In reading
the spec [1] I notice that a server can send multiple authentication
schemes.  

  Now, Apache has support for both Basic and Digest authentication schemes,
and that both the scheme and userid are included with the request, so a CGI
script can determine if the request was made via the Basic scheme or Digest
scheme:

	AUTH_TYPE=Digest
	REMOTE_USER=sean@conman.org
	
  So far so good.

  But the Digest scheme isn't supported in all browsers, just the most
recent versions.  It would be nice to support both [2].  I tried the
following under both Apache 1.3.33 and Apache 2.0.54:

<VirtualHost 66.252.224.11>
  ServerName    wiki.flummux.org
  ServerAdmin   sean@conman.org
  DocumentRoot  /home/spc/wiki/htdocs
  CustomLog     logs/wiki.flummux.org combined

  # bunch of ErrorDocument directives snipped
  # not germane to the discussion here ... 

  <Directory /home/spc/wiki/htdocs>
    AllowOverride       All
    Options             All

    AuthType            Basic
    AuthName            "Wiki Editing"
    AuthUserFile        /home/spc/blog/users
    AuthGroupfile       /home/spc/blog/groups

    <LimitExcept GET HEAD>
      Require   valid-user
    </LimitExcept>
  </Directory>

  <Location "/edit/">
    Require valid-user
  </Location>

  <Directory /home/spc/wiki/htdocs/private>
    AllowOverride       All
    Options             All

    AuthType            Basic
    AuthName            Administration
    AuthUserFile        /home/spc/wiki/users
    AuthGroupFile       /home/spc/wiki/groups
    Require             group admin

    AuthType            Digest
    AuthName            Administration
    AuthDigestFile      /home/spc/wiki/digest-users
    AuthDigestGroupFile /home/spc/wiki/groups
    Require             group admin
  </Directory>

</VirtualHost>

(configuration is the same under both versions).  The configuration works
(that's not the problem), but Apache (both versions) seems to prefer the
Digest method and never mentions the Basic scheme at all:

	Trying 66.252.224.11...
	Connected to wiki.flummux.org.
	Escape character is '^]'.
	GET /private/ HTTP/1.0
	Host: wiki.flummux.org
	
	HTTP/1.1 401 Authorization Required
	Date: Wed, 07 Dec 2005 21:53:35 GMT
	Server: Apache/2.0.54 (Unix) DAV/2
	WWW-Authenticate: Digest realm="Administration",
		nonce="2C4cL1wHBAA=3f5f62f8b6181df23b6f8381c8860f3001cbd877", 
		algorithm=MD5,
		qop="auth"
	Last-Modified: Wed, 07 Dec 2005 21:20:34 GMT
	ETag: "a041cc-89e-b8ff4c80"
	Accept-Ranges: bytes
	Content-Length: 2206
	Connection: close
	Content-Type: text/html

I've yet to try Apache 2.2, but can Apache be configured to support mutiple
authentication schemes for the same directory/location?  Am I missing
something?

  -spc (If not, oh well ... I can deal ... )

[1]	RFC-2617: HTTP Authentication: Basic and Digest Access
	Authentication

[2]	Just playing around with an idea, and Digest is the preferred
	method, but I would like to support the Basic scheme, just a 
	bit differently though.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message