Apache HTTP Server Version 1.3

Module mod_digest

This module provides for user authentication using MD5 Digest Authentication.

Status: Extension
Source File: mod_digest.c
Module Identifier: digest_module
Compatibility: Available in Apache 1.1 and later.


This module implements an older version of the MD5 Digest Authentication specification which will probably not work with modern browsers. Please see mod_auth_digest for a module which implements the most recent version of the standard.


Using Digest Authentication

Using MD5 Digest authentication is very simple. Simply set up authentication normally. However, use "AuthType Digest" and "AuthDigestFile" instead of the normal "AuthType Basic" and "AuthUserFile". Everything else should remain the same.

MD5 authentication provides a more secure password system, but only works with supporting browsers. As of this writing (January 2002), the only major browsers which support digest authentication are Opera 4.0, MS Internet Explorer 5.0 and Amaya. Therefore, we do not recommend using this feature on a large Internet site. However, for personal and intra-net use, where browser users can be controlled, it is ideal.

See also mod_auth_digest, which is an updated version of this module, in order to determine whether you want to use that module instead. In either case, if you are using one, you should not use the other, as they share some of the same configuration directives.

AuthDigestFile directive

Syntax: AuthDigestFile filename
Context: directory, .htaccess
Override: AuthConfig
Status: Base
Module: mod_digest

The AuthDigestFile directive sets the name of a textual file containing the list of users and encoded passwords for digest authentication. Filename is the absolute path to the user file.


AuthDigestFile /usr/local/apache/passwords/passwords.digest

The digest file uses a special format. Files in this format can be created using the "htdigest" utility found in the support/ subdirectory of the Apache distribution.

Apache HTTP Server Version 1.3

Index Home