Apache 2.2 and Digest Authentication

A few weeks ago I wanted to enable digest authentication on an Apache 2.2 web server. I got basic authentication working within minutes, but I didn't want to send plain text passwords over the web, so how difficult could it be?

I followed some tutorial on the net but despite following the instructions throughly, all I could get was an error message in my error.log file:

Invalid command 'AuthDigestFile', perhaps misspelled or defined
  by a module not included in the server configuration

It turns out that the AuthDigestFile configuration command from Apache 2.0 and earlier (see 1.3 docs or 2.2 docs) doesn't work on Apache 2.2 anymore. In 2.2, you use AuthUserFile, just like with basic authentication.

It's all in mod_auth_digest's documentation, including a nice, working example. It didn't occur to me until late that the tutorial I had found on the net could have been outdated. Oh well.

social