hi all... I wanted to present Apache::DigestAPI as an RFC. the module can be downloaded here for trials:
http://www.modperlcookbook.org/~geoff/modules/Apache-DigestAPI-0.01.tar.gz basically, Apache::DigestAPI is a release of Recipe 13.8 in the Cookbook - a simple API for supporting Digest authentication a la mod_digest.c from the Apache distribution. it follows the same path as the API for Basic authentication that mod_perl supports natively, providing an API so that you can authenticate using something other than the default flat-file method provided by auth_digest. keep in mind that the current implementation doesn't work with MSIE, so you'll have to use something like Opera or Konqueror (or mozilla now, I hear?) to play around with it. you can find the entire RFC for Digest authentication here (if you're interested): ftp://ftp.isi.edu/in-notes/rfc2617.txt included with Apache::DigestAPI is a subclass called Apache::DigestAPI::Session. it is an interesting but experimental interface that attempts to use the "nonce" part of the Digest authentication scheme to store a unique session identifier (instead of in, say, a cookie). it is experimental because I'm still playing with the interface, digesting RFC 2617, looking for possible security holes, and (in general) seeing if it can actually work like I think it can. but it is there if anyone is interested in playing around with it for fun and folly. anyway, the manpages are pretty sparse for the moment, but I plan on fixing them up before a real release. if anyone is interested in the original explanantion of the code from the book who doesn't already have it, you can see Recipe 13.8 here: http://www.modperlcookbook.org/chapters/13.8.pdf --Geoff
