httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Galić <>
Subject Re: [users@httpd] mod_auth_form and digest authentication
Date Wed, 28 Dec 2011 20:24:56 GMT

----- Original Message -----
> I couldn't figure out how to get digest authentication working with
> mod_auth_form, the documentation mentions it once, but offers no
> specifics and I was unable to guess it (I even tried looking at the
> source for comments that might help).
> Now as to why I would rather use digest authentication, I have been
> unsuccessful in compiling mod_session_crypto. A site that had been

Why? -- Did you use the latest apr-util?

> using Digest would obviously have the bigger concern of preserving
> user passwords. It happens that for the property I'm hoping to
> deploy mod_auth_form on the next release I have most of the
> passwords in both digest and htpasswd compatible formats. Based on
> the pace of the release cycle I don't expect an official Ubuntu
> package until end of October 2012, since apache httpd 2.3 isn't in
> Sid I can't assume a working package through Debian anytime soon.

It will be in Sid as soon as we release a "stable" release. sf
(Stefan Fritsch) is the Debian Maintainer of the packages and one
of our busiest committers. 
> I would prefer the stronger cryptography of mod_session_crypto, or a
> cryptographically enhanced version of digest if one was available.
> Since I store both password forms in my database I can use digest
> now and then switch later.


Igor Galić

Tel: +43 (0) 664 886 22 883
GPG: 6880 4155 74BD FD7C B515  2EA5 4B1D 9E08 A097 C9AE

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message