Introduction

Digest auth pops up a user/password dialog in the browser, but they're not very popular. Maybe because you can't log out or control the length of time that you wish to be logged in for. Digest auth does not send the password over as plain text like basic auth or a unencrypted web form. DBM is quicker than a plain text file especially when you have lots of users.

Ubuntu contains 3 different password managers for apache: dbmmanage, htdigest, htdbm Unfortunately, none of them work with digest + DBM.

  • htdigest can do digest auth but only with a plain text file, not a dbm file.

  • htdbm can do dbm but can't handle usernames with colons.

  • dbmmanage produces a custom md5 number that doesn't work anywhere else.

Steps to set it all up

To create a user

Make up a realm name & type in a dumbie password for now...

dbmmanage -p /etc/apache2/digest.db adduser username:realm - group 

To set up the password

Now use your real password...

echo -n 'username:realm:password' | md5sum 

Now we have a md5 hex number, replace the <md5> with this number...

dbmmanage -p /etc/apache2/digest.db update username:realm <md5> group 

Example:

dbmmanage -p /etc/apache2/digest.db update username:realm 66999343281b2624585fd58cc9d36dfc group

Now you'll notice that there is no 'digest.db' file, only a 'digest' file. So add the below to your site's config in /etc/apache2/sites-enabled/...

  • <Directory />
            AuthType Digest
            AuthName "realm"
            AuthDigestDomain /
    
            AuthDigestProvider dbm
            AuthDBMType db
            AuthDBMUserFile /etc/apache2/digest
            Require valid-user
    
    </Directory>

Enable the modules

sudo a2enmod authn_dbm
sudo a2enmod auth_digest
sudo service apache2 restart

Your site should now ask you for a user name/password.

External Links

Apache2DigestDBMAuth (last edited 2012-05-17 12:14:20 by hankin0)