In Basic authentication, you create a passwords file (using htpasswd command) then configure apache as in the link above. To migrate to Digest authentication all you have to do is to:
- Use the command htdigest instead of htpasswd to create users
htdigest -c /path/to/your/passwords/file "Authentication Realm" username
- Configure apache by adding the following:
AuthType Digest
AuthName "Authentication Realm"
AuthUserFile /path/to/your/passwords/file
Require valid-user - If you have SELinux running, enable httpd to access the passwords file:
setsebool -P httpd_enable_homedirs 1
- Restart apache:
service httpd restart
Note: the apache user (usually apache) needs to have read access to the passwords file, apparently!
It is worth nothing that Digest authentication only encrypts your password, but not the content. Moreover, anyone sniffing on the packets, having the encrypted password, can use it directly to access your content. To overcome these issues, you have to put your content under SSL, but this is another story.
1 comment:
جزاك الله خيرا كنت أحتاج هذا الأمر
https://twitter.com/#!/3n6_4hm4d
Post a Comment