You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ch...@apache.org on 2013/08/14 23:59:10 UTC
svn commit: r1514065 [1/3] - in /httpd/httpd/trunk/docs/manual:
mod/directives.html.en mod/mod_auth_basic.html.en
mod/quickreference.html.en upgrading.xml.fr
Author: chrisd
Date: Wed Aug 14 21:59:10 2013
New Revision: 1514065
URL: http://svn.apache.org/r1514065
Log:
Update transformations.
Modified:
httpd/httpd/trunk/docs/manual/mod/directives.html.en
httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.html.en
httpd/httpd/trunk/docs/manual/mod/quickreference.html.en
httpd/httpd/trunk/docs/manual/upgrading.xml.fr
Modified: httpd/httpd/trunk/docs/manual/mod/directives.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/directives.html.en?rev=1514065&r1=1514064&r2=1514065&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/directives.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/directives.html.en Wed Aug 14 21:59:10 2013
@@ -85,6 +85,7 @@
<li><a href="mod_auth_basic.html#authbasicauthoritative">AuthBasicAuthoritative</a></li>
<li><a href="mod_auth_basic.html#authbasicfake">AuthBasicFake</a></li>
<li><a href="mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></li>
+<li><a href="mod_auth_basic.html#authbasicusedigestalgorithm">AuthBasicUseDigestAlgorithm</a></li>
<li><a href="mod_authn_dbd.html#authdbduserpwquery">AuthDBDUserPWQuery</a></li>
<li><a href="mod_authn_dbd.html#authdbduserrealmquery">AuthDBDUserRealmQuery</a></li>
<li><a href="mod_authz_dbm.html#authdbmgroupfile">AuthDBMGroupFile</a></li>
Modified: httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.html.en?rev=1514065&r1=1514064&r2=1514065&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.html.en Wed Aug 14 21:59:10 2013
@@ -48,6 +48,7 @@
<li><img alt="" src="../images/down.gif" /> <a href="#authbasicauthoritative">AuthBasicAuthoritative</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authbasicfake">AuthBasicFake</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authbasicprovider">AuthBasicProvider</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#authbasicusedigestalgorithm">AuthBasicUseDigestAlgorithm</a></li>
</ul>
<h3>See also</h3>
<ul class="seealso">
@@ -188,6 +189,77 @@ username and password</td></tr>
<code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> and <code class="module"><a href="../mod/mod_authn_socache.html">mod_authn_socache</a></code>.</p>
</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="AuthBasicUseDigestAlgorithm" id="AuthBasicUseDigestAlgorithm">AuthBasicUseDigestAlgorithm</a> <a name="authbasicusedigestalgorithm" id="authbasicusedigestalgorithm">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Check passwords against the authentication providers as if
+Digest Authentication was in force instead of Basic Authentication.
+</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthBasicUseDigestAlgorithm MD5|Off</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthBasicUseDigestAlgorithm Off</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_basic</td></tr>
+</table>
+ <p>Normally, when using Basic Authentication, the providers listed in
+ <code class="directive"><a href="#authbasicprovider">AuthBasicProvider</a></code>
+ attempt to verify a user by checking their data stores for
+ a matching username and associated password. The stored passwords
+ are usually encrypted, but not necessarily so; each provider may
+ choose its own storage scheme for passwords.</p>
+
+ <p>When using <code class="directive"><a href="../mod/mod_auth_digest.html#authdigestprovider">AuthDigestProvider</a></code> and Digest
+ Authentication, providers perform a similar check to find a matching
+ username in their data stores. However, unlike in the Basic
+ Authentication case, the value associated with each stored username
+ must be an encrypted string composed from the username, realm name,
+ and password. (See
+ <a href="http://tools.ietf.org/html/rfc2617#section-3.2.2.2">
+ RFC 2617, Section 3.2.2.2</a> for more details on the format used
+ for this encrypted string.)</p>
+
+ <p>As a consequence of the difference in the stored values between
+ Basic and Digest Authentication, converting from Digest
+ Authentication to Basic Authentication generally requires that all
+ users be assigned new passwords, as their existing passwords cannot
+ be recovered from the password storage scheme imposed on those
+ providers which support Digest Authentication.</p>
+
+ <p>Setting the <code class="directive"><a href="#authbasicusedigestalgorithm">AuthBasicUseDigestAlgorithm</a></code> directive
+ to <code>MD5</code> will cause the user's Basic Authentication password
+ to be checked using the same encrypted format as for Digest
+ Authentication. First a string composed from the username, realm name,
+ and password is hashed with MD5; then the username and this encrypted
+ string are passed to the providers listed in
+ <code class="directive"><a href="#authbasicprovider">AuthBasicProvider</a></code>
+ as if
+ <code class="directive"><a href="../mod/mod_authn_core.html#authtype">AuthType</a></code>
+ was set to <code>Digest</code> and Digest Authentication was in force.
+ </p>
+
+ <p>Through the use of <code class="directive"><a href="#authbasicusedigestalgorithm">AuthBasicUseDigestAlgorithm</a></code>
+ a site may switch from Digest to Basic Authentication without
+ requiring users to be assigned new passwords.</p>
+
+ <div class="note">
+ The inverse process of switching from Basic to Digest
+ Authentication without assigning new passwords is generally
+ not possible. Only if the Basic Authentication passwords
+ have been stored in plain text or with a reversable encryption
+ scheme will it be possible to recover them and generate a
+ new data store following the Digest Authentication password
+ storage scheme.
+ </div>
+
+ <div class="note">
+ Only providers which support Digest Authentication will be able
+ to authenticate users when <code class="directive"><a href="#authbasicusedigestalgorithm">AuthBasicUseDigestAlgorithm</a></code>
+ is set to <code>MD5</code>. Use of other providers will result
+ in an error response and the client will be denied access.
+ </div>
+
+</div>
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_auth_basic.html" title="English"> en </a> |