www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Wilga <dwi...@mtholyoke.edu>
Subject mod_digest/1297: mod_digest: what browsers does it work with?
Date Wed, 22 Oct 1997 13:58:50 GMT

>Number:         1297
>Category:       mod_digest
>Synopsis:       mod_digest: what browsers does it work with?
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Wed Oct 22 07:00:00 PDT 1997
>Originator:     dwilga@mtholyoke.edu
>Release:        1.2.1
Linux <hostname> 2.0.30 #3 Thu Sep 4 14:34:05 EDT 1997 i686 unknown
I have been trying to get digest auth to work. So far, I have tried Netscape Navigator 4.03
(which specifically says it supports MD5
encryption in the 'about' page) and Explorer 3.01a for the Mac.

When using Navigator, I get a '401: Forbidden' at the client and this message in the error

  [Date/time] access to /admin failed for <IP address>, reason: client used wrong authentication

When using Explorer, I get only the Forbidden and no log message.

So the question is: what browsers has this feature been verified to work with? Does this sound
like user error on my part?
In this case, the .htdigest file (containing the encrypted password created by the htdigest
is stored in the same folder as the .htaccess file itself. All files starting with .ht* are
protected using the <Files> segment of the .htaccess:

Contents of .htaccess

AuthType Digest
AuthName Realm
AuthDigestFile <path to .htdigest file>
AuthGroupFile /dev/null
<limit GET POST>
        order deny,allow
        deny from all
        allow from <first two octets of my domain>
        require valid-user
<Files .ht*>
        <limit GET POST>
                order deny,allow
                deny from all
                allow from none

Contents of .htdigest (created with htdigest utility)

dwilga:Realm:<encrypted password>


View raw message