Apache HTTP Server Version 1.3

Module mod_digest

This module provides for user authentication using MD5 Digest Authentication.

Status: Extension
Source File: mod_digest.c
Module Identifier: digest_module
Compatibility: Available in Apache 1.1 and later.


This module implements an older version of the MD5 Digest Authentication specification which will probably not work with modern browsers. Please see mod_auth_digest for a module which implements the most recent version of the standard.


Using Digest Authentication

Using MD5 Digest authentication is very simple. Simply set up authentication normally. However, use "AuthType Digest" and "AuthDigestFile" instead of the normal "AuthType Basic" and "AuthUserFile". Everything else should remain the same.

MD5 authentication provides a more secure password system, but only works with supporting browsers. As of this writing (July 1996), the majority of browsers do not support digest authentication. Therefore, we do not recommend using this feature on a large Internet site. However, for personal and intra-net use, where browser users can be controlled, it is ideal.

AuthDigestFile directive

Syntax: AuthDigestFile filename
Context: directory, .htaccess
Override: AuthConfig
Status: Base
Module: mod_digest

The AuthDigestFile directive sets the name of a textual file containing the list of users and encoded passwords for digest authentication. Filename is the absolute path to the user file.

The digest file uses a special format. Files in this format can be created using the "htdigest" utility found in the support/ subdirectory of the Apache distribution.

Apache HTTP Server Version 1.3

Index Home