DekGenius.com
[ Team LiB ] Previous Section Next Section

Recipe 6.8 Making Password Files for Digest Authentication

Problem

You need to create a password file to be used for Digest authentication.

Solution

Use the following command forms to set up a credential file for a realm to be protected by Digest authentication:

% htdigest -c  "By invitation only" rbowen 
% htdigest  "By invitation only" krietz 

Discussion

Digest authorization, implemented by mod_auth_digest, uses an MD5 hash of the username, password, and authentication realm to check the credentials of the client. The htdigest utility, which comes with Apache, creates these files for you.

The syntax for the command is very similar to the syntax for the htpasswd utility, except that you must also specify the authentication realm that the password will be used for. The resulting file contains one line per user, looking something like the following:

rbowen:By invitation only:23bc21f78273f49650d4b8c2e26141a6

Note that, unlike entries in the password files created by htpasswd, which can be used anywhere, these passwords can be used only in the specified authentication realm, because the encrypted hash includes the realm.

As with htpasswd, the -c flag creates a new file, possibly overwriting an existing file. You will be prompted for the password and then asked to type it again to verify it.

htdigest does not have any of the additional options that htpasswd does.

See Also

    [ Team LiB ] Previous Section Next Section