You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Geoffrey Young <ge...@modperlcookbook.org> on 2002/05/23 20:27:45 UTC
[RFC] Apache::DigestAPI
hi all...
I wanted to present Apache::DigestAPI as an RFC. the module can be downloaded here for
trials:
http://www.modperlcookbook.org/~geoff/modules/Apache-DigestAPI-0.01.tar.gz
basically, Apache::DigestAPI is a release of Recipe 13.8 in the Cookbook - a simple API
for supporting Digest authentication a la mod_digest.c from the Apache distribution. it
follows the same path as the API for Basic authentication that mod_perl supports natively,
providing an API so that you can authenticate using something other than the default
flat-file method provided by auth_digest.
keep in mind that the current implementation doesn't work with MSIE, so you'll have to
use something like Opera or Konqueror (or mozilla now, I hear?) to play around with it.
you can find the entire RFC for Digest authentication here (if you're interested):
ftp://ftp.isi.edu/in-notes/rfc2617.txt
included with Apache::DigestAPI is a subclass called Apache::DigestAPI::Session. it is an
interesting but experimental interface that attempts to use the "nonce" part of the Digest
authentication scheme to store a unique session identifier (instead of in, say, a cookie).
it is experimental because I'm still playing with the interface, digesting RFC 2617,
looking for possible security holes, and (in general) seeing if it can actually work like
I think it can. but it is there if anyone is interested in playing around with it for fun
and folly.
anyway, the manpages are pretty sparse for the moment, but I plan on fixing them up
before a real release. if anyone is interested in the original explanantion of the code
from the book who doesn't already have it, you can see Recipe 13.8 here:
http://www.modperlcookbook.org/chapters/13.8.pdf
--Geoff
Re: [RFC] Apache::DigestAPI
Posted by Geoffrey Young <ge...@modperlcookbook.org>.
Andrew Ho wrote:
> Hello,
>
> GY>Apache::DigestAPI is a release of Recipe 13.8 in the Cookbook - a simple
> GY>API for supporting Digest authentication a la mod_digest.c from the
> GY>Apache distribution.
>
> I think this is a great idea. I'm a huge fan of digest authentication as a
> simple basic authentication replacement, and many modern clients now
> support it. One comment, why the odd name? Shouldn't it be
> Apache::AuthDigest or similar? Every library is an API so it seems kind of
> odd to call it Apache::DigestAPI.
well, it's an API in that it doesn't do anything for you except provide an API. meaning,
I'd expect Apache::AuthDigest to work as so:
PerlAuthenHandler Apache::AuthDigest
all this module does is provide methods that parallel $r->get_basic_auth_pw() and
$r->note_basic_auth_failure - you need to use the methods yourself to build an actual
authentication mechanism.
>
> GY>keep in mind that the current implementation doesn't work with MSIE, so
> GY>you'll have to use something like Opera or Konqueror (or mozilla now, I
> GY>hear?) to play around with it.
>
> MSIE does do digest authentication that works with mod_digest.c. And
> Mozilla past 0.9.7 should do digest authentication.
>
are you sure? I can't get it to work right now using MSIE 5.00.31. in fact, I can
confirm that Apache sends the 401, but MSIE doesn't even display a dialogue box. Opera
works just fine.
when I was researching this for the book, it was my understanding that MSIE requires
parameters not supplied by mod_digest.c (such as "qop") for it's implementation. some old
threads on new-httpd on mod_auth_digest.c pointed me in this direction, IIRC.
then there was this recent article:
http://www.eweek.com/article/0,3658,s=702&a=24177,00.asp
which, even though it seemed to confirm what I had found out, suprised me somewhat, since
I figured it was old news that MSIE and Apache's "standard" (for lack of a better term)
Digest implementation didn't play nice together...
--Geoff
Re: [RFC] Apache::DigestAPI
Posted by Andrew Ho <an...@tellme.com>.
Hello,
GY>Apache::DigestAPI is a release of Recipe 13.8 in the Cookbook - a simple
GY>API for supporting Digest authentication a la mod_digest.c from the
GY>Apache distribution.
I think this is a great idea. I'm a huge fan of digest authentication as a
simple basic authentication replacement, and many modern clients now
support it. One comment, why the odd name? Shouldn't it be
Apache::AuthDigest or similar? Every library is an API so it seems kind of
odd to call it Apache::DigestAPI.
GY>keep in mind that the current implementation doesn't work with MSIE, so
GY>you'll have to use something like Opera or Konqueror (or mozilla now, I
GY>hear?) to play around with it.
MSIE does do digest authentication that works with mod_digest.c. And
Mozilla past 0.9.7 should do digest authentication.
Humbly,
Andrew
----------------------------------------------------------------------
Andrew Ho http://www.tellme.com/ andrew@tellme.com
Engineer info@tellme.com Voice 650-930-9062
Tellme Networks, Inc. 1-800-555-TELL Fax 650-930-9101
----------------------------------------------------------------------