How To Enable Apache Digest Authentication
Basic http authentication in Apache (mod_auith) has been available for a while, but one major downside still exists, which is the exchange of plain text user name and password information over a possibly unsecured network.
That is where Apache Digest Authentication takes over and provides us with MD5 encrypted values, using the mod_digest Apache module.
Here are the steps to create a password file to store all account information, install the apache module mod_auth_digest and the necessary configuration parameters to enable security of our restricted area.
Create Account file
For digest authentication we need to use a utility called htdigest, unlike with basic authentication where we used htpasswd. The application takes the file name, realm and username as arguments, then prompts twice for the user’s password. The flag -c creates a new file, it overrides the existing one if exists.
# sudo htdigest -c /path/to/user/file realm username
Install Module mod_auth_digest
Installing mod_auth_digest on Ubuntu is as easy as calling:
# sudo a2enmod auth_digest
On other systems, you might have to compile Apache with the –enable-mod-digest flag.
Configure Virtual Host
Finally, we add the necessary directives to the virtual host configuration, inside the directory section to be more precisely.
<Directory /var/www/website.com> AuthType Digest AuthName "Restricted Access" AuthDigestProvider file AuthUserFile /var/.htpass AuthGroupFile /dev/null AuthDigestDomain / Require valid-user </Directory>
Restart apache and verify your configuration. If you encounter login problems, check the Apache error log. A common mistake is to have a mismatch between the “realm” when creating the user file with htdigest and the “AuthName” in the Apache config file. These two values need to match.