Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tlug] apache mod_auth_digest


I am trying to set up mod_auth_digest in apache 2.2.3, in order to
restrict access to a web server directory. My .htaccess file in the
private directory contains something like the following:

AuthType Digest
AuthName "private area"
AuthDigestDomain /private/
AuthUserFile /var/www/html/private/.htdigest
AuthDigestNonceLifetime 30
require user privuser

(my httpd.conf contains an "AllowOverride AuthConfig" declaration for
the private directory)

1) How can I make the authentication expire after some time? It seems
the AuthDigestNonceLifetime line does not make this happen (after I
enter the password once, I have permanent access to the directory)

2) Is it a security problem to put the .htdigest file in the same
private directory? The httpd.conf contains the following lines, but I
don't know if that's enough:

# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
<Files ~ "^\.ht">
   Order allow,deny
   Deny from all


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links