diff options
Diffstat (limited to 'docs/manual/mod/mod_auth_digest.xml')
| -rw-r--r-- | docs/manual/mod/mod_auth_digest.xml | 89 |
1 files changed, 46 insertions, 43 deletions
diff --git a/docs/manual/mod/mod_auth_digest.xml b/docs/manual/mod/mod_auth_digest.xml index ec2b63d993..dfe15f496d 100644 --- a/docs/manual/mod/mod_auth_digest.xml +++ b/docs/manual/mod/mod_auth_digest.xml @@ -2,6 +2,7 @@ <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?> <modulesynopsis> + <name>mod_auth_digest</name> <description>User authentication using MD5 Digest Authentication.</description> @@ -20,7 +21,7 @@ <seealso><directive module="core">Require</directive></seealso> <seealso><directive module="core">Satisfy</directive></seealso> -<section><title>Using Digest Authentication</title> +<section id="using"><title>Using Digest Authentication</title> <p>Using MD5 Digest authentication is very simple. Simply set up authentication normally, using "AuthType Digest" and @@ -29,18 +30,20 @@ "AuthDigestGroupFile". Then add a "AuthDigestDomain" directive containing at least the root URI(s) for this protection space. Example:</p> -<example> - <Location /private/><br /> - AuthType Digest<br /> - AuthName "private area"<br /> - AuthDigestDomain /private/ http://mirror.my.dom/private2/<br /> - AuthDigestFile /web/auth/.digest_pw<br /> - Require valid-user<br /> - </Location> -</example> - -<note><title>Note</title> - + + <example> + <Location /private/><br /> + <indent> + AuthType Digest<br /> + AuthName "private area"<br /> + AuthDigestDomain /private/ http://mirror.my.dom/private2/<br /> + AuthDigestFile /web/auth/.digest_pw<br /> + Require valid-user<br /> + </indent> + </Location> + </example> + + <note><title>Note</title> <p>Digest authentication provides a more secure password system than Basic authentication, but only works with supporting browsers. As of July 2002, the major browsers that support digest @@ -51,15 +54,14 @@ href="http://www.mozilla.org">Mozilla</a>. Since digest authentication is not as widely implemented as basic authentication, you should use it only in controlled settings.</p> - -</note> + </note> </section> <directivesynopsis> <name>AuthDigestFile</name> <description>Location of the text file containing the list of users and encoded passwords for digest authentication</description> -<syntax>AuthDigestFile <em>file-path</em></syntax> +<syntax>AuthDigestFile <var>file-path</var></syntax> <contextlist><context>directory</context><context>.htaccess</context> </contextlist> <override>AuthConfig</override> @@ -67,7 +69,7 @@ of users and encoded passwords for digest authentication</description> <usage> <p>The <directive>AuthDigestFile</directive> directive sets the name of a textual file containing the list of users and encoded - passwords for digest authentication. <em>File-path</em> is the + passwords for digest authentication. <var>File-path</var> is the absolute path to the user file.</p> <p>The digest file uses a special format. Files in this format @@ -81,7 +83,7 @@ of users and encoded passwords for digest authentication</description> <name>AuthDigestGroupFile</name> <description>Name of the text file containing the list of groups for digest authentication</description> -<syntax>AuthDigestGroupFile <em>file-path</em></syntax> +<syntax>AuthDigestGroupFile <var>file-path</var></syntax> <contextlist><context>directory</context><context>.htaccess</context> </contextlist> <override>AuthConfig</override> @@ -89,14 +91,14 @@ for digest authentication</description> <usage> <p>The <directive>AuthDigestGroupFile</directive> directive sets the name of a textual file containing the list of groups and their - members (user names). <em>File-path</em> is the absolute path to + members (user names). <var>File-path</var> is the absolute path to the group file.</p> <p>Each line of the group file contains a groupname followed by a colon, followed by the member usernames separated by spaces. Example:</p> -<example>mygroup: bob joe anne</example> + <example>mygroup: bob joe anne</example> <p>Note that searching large text files is <em>very</em> inefficient.</p> @@ -120,25 +122,26 @@ authentication</description> <usage> <p>The <directive>AuthDigestQop</directive> directive determines - the quality-of-protection to use. <em>auth</em> will only do - authentication (username/password); <em>auth-int</em> is + the quality-of-protection to use. <code>auth</code> will only do + authentication (username/password); <code>auth-int</code> is authentication plus integrity checking (an MD5 hash of the entity - is also computed and checked); <em>none</em> will cause the module + is also computed and checked); <code>none</code> will cause the module to use the old RFC-2069 digest algorithm (which does not include - integrity checking). Both <em>auth</em> and <em>auth-int</em> may + integrity checking). Both <code>auth</code> and <code>auth-int</code> may be specified, in which the case the browser will choose which of - these to use. <em>none</em> should only be used if the browser for + these to use. <code>none</code> should only be used if the browser for some reason does not like the challenge it receives otherwise.</p> - <p><strong><em>auth-int</em> is not implemented - yet</strong>.</p> + <note> + <code>auth-int</code> is not implemented yet. + </note> </usage> </directivesynopsis> <directivesynopsis> <name>AuthDigestNonceLifetime</name> <description>How long the server nonce is valid</description> -<syntax>AuthDigestNonceLifetime <em>seconds</em></syntax> +<syntax>AuthDigestNonceLifetime <var>seconds</var></syntax> <default>AuthDigestNonceLifetime 300</default> <contextlist><context>directory</context><context>.htaccess</context> </contextlist> @@ -148,11 +151,11 @@ authentication</description> <p>The <directive>AuthDigestNonceLifetime</directive> directive controls how long the server nonce is valid. When the client contacts the server using an expired nonce the server will send - back a 401 with <code>stale=true</code>. If <em>seconds</em> is + back a 401 with <code>stale=true</code>. If <var>seconds</var> is greater than 0 then it specifies the amount of time for which the nonce is valid; this should probably never be set to less than 10 - seconds. If <em>seconds</em> is less than 0 then the nonce never - expires. <!-- Not implemented yet If <EM>seconds</EM> is 0 then + seconds. If <var>seconds</var> is less than 0 then the nonce never + expires. <!-- Not implemented yet If <var>seconds</var> is 0 then the nonce may be used exactly once by the client. Note that while one-time-nonces provide higher security against replay attacks, they also have significant performance implications, as the @@ -172,7 +175,7 @@ authentication</description> <directivesynopsis> <name>AuthDigestNonceFormat</name> <description>Determines how the nonce is generated</description> -<syntax>AuthDigestNonceFormat <em>format</em></syntax> +<syntax>AuthDigestNonceFormat <var>format</var></syntax> <contextlist><context>directory</context><context>.htaccess</context> </contextlist> <override>AuthConfig</override> @@ -195,7 +198,10 @@ server</description> <contextlist><context>server config</context></contextlist> <usage> - <p><strong>Not implemented yet.</strong> <!-- + <note> + Not implemented yet. + </note> + <!-- <P>The AuthDigestNcCheck directive enables or disables the checking of the nonce-count sent by the server. @@ -206,8 +212,7 @@ server</description> a critical section. If the server is handling a large number of requests which contain the Authorization header then this may noticeably impact performance. - --> - </p> + --> </usage> </directivesynopsis> @@ -226,12 +231,13 @@ response hases in digest authentication</description> selects the algorithm used to calculate the challenge and response hashes.</p> - <p><strong><em>MD5-sess</em> is not correctly implemented - yet</strong>. <!-- + <note> + <code>MD5-sess</code> is not correctly implemented yet. + </note> + <!-- <P>To use <EM>MD5-sess</EM> you must first code up the <VAR>get_userpw_hash()</VAR> function in <VAR>mod_auth_digest.c</VAR> . - --> - </p> + --> </usage> </directivesynopsis> @@ -239,7 +245,7 @@ response hases in digest authentication</description> <name>AuthDigestDomain</name> <description>URIs that are in the same protection space for digest authentication</description> -<syntax>AuthDigestDomain <em>URI</em> [<em>URI</em>] ...</syntax> +<syntax>AuthDigestDomain <var>URI</var> [<var>URI</var>] ...</syntax> <contextlist><context>directory</context><context>.htaccess</context> </contextlist> <override>AuthConfig</override> @@ -269,6 +275,3 @@ authentication</description> </directivesynopsis> </modulesynopsis> - - - |