ItecSoftware Logo

How To Enable Apache Digest Authentication

Written by Peter Gilg on - like this:
apache digest authentication

Basic http authentication in Apache (mod_auith) has been available for a while, but one major downside still exists, which is the exchange of plain text user name and password information over a possibly unsecured network.
That is where Apache Digest Authentication takes over and provides us with MD5 encrypted values, using the mod_digest Apache module.

Here are the steps to create a password file to store all account information, install the apache module mod_auth_digest and the necessary configuration parameters to enable security of our restricted area.

Create Account file

For digest authentication we need to use a utility called htdigest, unlike with basic authentication where we used htpasswd. The application takes the file name, realm and username as arguments, then prompts twice for the user’s password. The flag -c creates a new file, it overrides the existing one if exists.

# sudo htdigest -c /path/to/user/file realm username

Install Module mod_auth_digest

Installing mod_auth_digest on Ubuntu is as easy as calling:

# sudo a2enmod auth_digest

On other systems, you might have to compile Apache with the –enable-mod-digest flag.

Configure Virtual Host

Finally, we add the necessary directives to the virtual host configuration, inside the directory section to be more precisely.

<Directory /var/www/website.com>
  AuthType Digest
  AuthName "Restricted Access"
  AuthDigestProvider file
  AuthUserFile /var/.htpass
  AuthGroupFile /dev/null
  AuthDigestDomain /
  Require valid-user
</Directory>

Restart apache and verify your configuration. If you encounter login problems, check the Apache error log. A common mistake is to have a mismatch between the “realm” when creating the user file with htdigest and the “AuthName” in the Apache config file. These two values need to match.

Listed in Linux, Web Development

Tags: apache, authentication, digest

2 responses to “How To Enable Apache Digest Authentication”

  1. Yamada says:

    “Finally, we add the necessary directives to the virtual host configuration, inside the directory section to be more precisely.”

    Hwo exactly is that accomlished ..which file exactly and to I just add this into the file?

    “A common mistake is to have a mismatch between the “realm” when creating the user file with htdigest and the “AuthName” in the apache config file. These two values need to match.”

    Can you explain this a bit more in-depth?

    i don`t get it :9

    The first step worked without any Problems :)

    Thanks a bunch

Leave a Reply