Article:
  Apache Web-Serving with Mac OS X, Part 6
Subject:   Mod_Digest
Date:   2002-04-25 23:50:01
From:   aly77
I have been reading conflicting reports as to whether or not it is possible to use Digest Authentication with Apache on Mac OS X. Up to date -- today, April 2002 - do the browsers Explorer 5.0 and Netscape Communicator 4.7 support Digest? And if so, can you give details on the correct syntax to use for the .htaccess file and the .htdigest file. Also, could you explain how the AuthGroupFile works and where to put it, ie, do you put it at the top level or at the level that you want to limit groups, or both? I have 3 groups and need to put permissions on several directories, I have read the concepts in books and web sites over and over, but they only mention 1 group. Will the users need to type in passwords a second time for entrance into deeper files, or will the user names included in the AuthGroupFile be sufficient?
Full Threads Oldest First

Showing messages 1 through 1 of 1.

  • Morbus Iff photo Mod_Digest
    2002-04-26 04:55:30  Morbus Iff | O'Reilly Author [View]

    Before you go on, you may want to read this report concerning IE and Digest authentication. In a nutshell, the report says that IE won't work with Digest authentication unless the underlying server is IIS. As for NS 4.7, I can't tell you - I never investigated it much further after I read "will probably not work with modern browsers". I try to stay away from stuff that doesn't work everywhere.

    As for the AuthGroupFile, you can put it anywhere you want - it'll only become active if you use a "require group" directive, as opposed to a "require user" directive (which dips into AuthUserFile).

    Concerning your directory hierarchy: .htaccess files do not merge, so only the "nearest" .htaccess file will be taken into consideration, whether that be in the current directory, the parent directory, or the great great great grandparent directory. If you put an .htaccess file in the ggg grandparent directory, then it will affect all subdirectories beneath it, unless of course, another .htaccess appears in them.

    If there is only ONE .htaccess file in the ggg grandparent directory, then the user won't need to be authenticated for any of the subdirectories. If, however, they authenticate in the ggg grandparent directory, and then dip into a subdirectory that has its own .htaccess file (with a diff. authentication scheme perhaps), then authentication would probably occur again (honestly, that's a guess, though -I've not tested it just now).