>Number: 1297
>Category: mod_digest
>Synopsis: mod_digest: what browsers does it work with?
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: apache
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Wed Oct 22 07:00:00 PDT 1997
>Last-Modified:
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: 1.2.1
>Environment:
Linux <hostname> 2.0.30 #3 Thu Sep 4 14:34:05 EDT 1997 i686 unknown
>Description:
I have been trying to get digest auth to work. So far, I have tried Netscape
Navigator 4.03 (which specifically says it supports MD5
encryption in the 'about' page) and Explorer 3.01a for the Mac.
When using Navigator, I get a '401: Forbidden' at the client and this message
in the error log:
[Date/time] access to /admin failed for <IP address>, reason: client used
wrong authentication scheme
When using Explorer, I get only the Forbidden and no log message.
So the question is: what browsers has this feature been verified to work with?
Does this sound
like user error on my part?
>How-To-Repeat:
In this case, the .htdigest file (containing the encrypted password created by
the htdigest utility)
is stored in the same folder as the .htaccess file itself. All files starting
with .ht* are
protected using the <Files> segment of the .htaccess:
Contents of .htaccess
AuthType Digest
AuthName Realm
AuthDigestFile <path to .htdigest file>
AuthGroupFile /dev/null
<limit GET POST>
order deny,allow
deny from all
allow from <first two octets of my domain>
require valid-user
</limit>
<Files .ht*>
<limit GET POST>
order deny,allow
deny from all
allow from none
</limit>
</files>
---------------------------------
Contents of .htdigest (created with htdigest utility)
dwilga:Realm:<encrypted password>
>Fix:
>Audit-Trail:
>Unformatted:
