httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Schulman <and...@alumni.utexas.net>
Subject [users@httpd] AuthDigestDomain doesn't work
Date Sun, 12 Sep 2010 04:45:38 GMT
I have two domains, example1.com and example2.com, both served as virtual hosts
from my one Apache server.  Digest authentication is required on both hosts,
using the same realm and htdigest file.  Here's the configuration for
example1.com:

<VirtualHost *:80>
  ServerName www.example1.com:80
  AuthType Digest
  AuthName "example realm"
  AuthDigestDomain http://www.example1.com http://www.example2.com
  AuthUserFile /path/to/htdigest
  Require valid-user
</VirtualHost>

The configuration for example2.com is identical.  The two sites use the same
AuthUserFile and AuthName.

I have AuthDigestDomain there, because I want to avoid prompting the user twice
for their login credentials when they visit both of these sites.  That's what
AuthDigestDomain is explicitly supposed to be for.  And yet, in my experience so
far it doesn't work at all.  When someone visits example1.com and then goes to
example2.com, they have to enter their same username and password again.

Looking around for an explanation of this, I found very little.  The most I
could find was one comment
(http://stackoverflow.com/questions/357939/example-of-using-authtype-digest-to-authenticate-a-user-once-across-sub-domains/1978392#1978392)
claiming that "Most browsers do not respect the Digest "domain" directive and
will not resend credentials for other URIs. As far as I know, Opera is the only
browser that honors it."

Can anyone comment on whether this is true?  Is AuthDigestDomain essentially
useless, because most browsers won't honor it?

Thanks,
Andrew.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message