mod_auth_digest MD5 Digest AuthenticationÀ» »ç¿ëÇÑ »ç¿ëÀÚÀÎÁõ. Experimental mod_auth_digest.c auth_digest_module

ÀÌ ¸ðµâÀº HTTP Digest AuthenticationÀ» ±¸ÇöÇÑ´Ù. ±×·¯³ª ¸¹Àº Å×½ºÆ®¸¦ °ÅÄ¡Áö ¾ÊÀº ½ÇÇèÀûÀÎ ¸ðµâÀÌ´Ù.

AuthName AuthType Require Satisfy
Digest Authentication »ç¿ëÇϱâ

MD5 Digest authenticationÀº ¸Å¿ì ½±°Ô »ç¿ëÇÒ ¼ö ÀÖ´Ù. AuthType Basic°ú AuthBasicProvider ´ë½Å AuthType Digest¿Í AuthDigestProvider¸¦ »ç¿ëÇÏ¿© °£´ÜÈ÷ ÀÎÁõÀ» ¼³Á¤ÇÒ ¼ö ÀÖ´Ù. ±×¸®°í ÃÖ¼ÒÇÑ º¸È£ÇÏ·Á´Â ¿µ¿ªÀÇ ±âº» URIÀ» AuthDigestDomain Áö½Ã¾î¿¡ »ç¿ëÇÑ´Ù.

htdigest µµ±¸¸¦ »ç¿ëÇÏ¿© »ç¿ëÀÚ (¹®ÀÚ)ÆÄÀÏÀ» ¸¸µé ¼ö ÀÖ´Ù.

¿¹Á¦: <Location /private/>
AuthType Digest
AuthName "private area"
AuthDigestDomain /private/ http://mirror.my.dom/private2/

AuthDigestProvider file
AuthUserFile /web/auth/.digest_pw
Require valid-user
</Location>
ÁÖÀÇ

Digest authenticationÀº Basic authenticationº¸´Ù ´õ ¾ÈÀüÇÏÁö¸¸, ºê¶ó¿ìÀú°¡ Áö¿øÇØ¾ß ÇÑ´Ù. 2002³â 11¿ù ÇöÀç digest authenticationÀ» Áö¿øÇÏ´Â ºê¶ó¿ìÀú¿¡´Â Amaya, Konqueror, (Windows¿ëÀº ÁúÀǹ®ÀÚ¿­°ú ÇÔ²² »ç¿ëÇÏ¸é ¾ÈµÇÁö¸¸ - ÇØ°á¹æ¹ýÀº ¾Æ·¡ "MS Internet Explorer ¹®Á¦ ÇØ°áÇϱâ"¸¦ Âü°í) Mac OS X¿Í Windows¿ë MS Internet Explorer, Mozilla, Netscape ¹öÀü 7, Opera, Safari µîÀÌ ÀÖ´Ù. lynx´Â digest authenticationÀ» Áö¿øÇÏÁö ¾Ê´Â´Ù. digest authenticationÀÌ basic authentication ¸¸Å­ ³Î¸® ±¸ÇöµÇÁö ¾Ê¾Ò±â¶§¹®¿¡ ¸ðµç »ç¿ëÀÚ°¡ Áö¿øÇÏ´Â ºê¶ó¿ìÀú¸¦ »ç¿ëÇÏ´Â °æ¿ì¿¡¸¸ »ç¿ëÇØ¾ß ÇÑ´Ù.

MS Internet Explorer ¹®Á¦ ÇØ°áÇϱâ

ÇöÀç Windows¿ë Internet Explorer´Â Digest authentication »ç¿ë½Ã ÁúÀǹ®ÀÚ¿­ÀÌ ÀÖ´Â GET ¿äûÀ» RFC¿Í ´Ù¸£°Ô ó¸®ÇÏ´Â ¹®Á¦°¡ ÀÖ´Ù. ¸î°¡Áö ¹æ¹ýÀ¸·Î ÀÌ ¹®Á¦¸¦ ÇØ°áÇÒ ¼ö ÀÖ´Ù.

ù¹ø°´Â ÇÁ·Î±×·¥¿¡ ÀڷḦ ³Ñ°ÜÁÖ±âÀ§ÇØ GET ´ë½Å POST ¿äûÀ» »ç¿ëÇÏ´Â ¹æ¹ýÀÌ´Ù. ÀÌ ¹æ¹ýÀÌ °¡´ÉÇÏ´Ù¸é °¡Àå °£´ÜÇÑ ÇØ°áÃ¥ÀÌ´Ù.

¶Ç, ¾ÆÆÄÄ¡ 2.0.51ºÎÅÍ AuthDigestEnableQueryStringHack ȯ°æº¯¼ö¸¦ Á¦°øÇÏ¿© ¹®Á¦¸¦ ÇØ°áÇÑ´Ù. ¿äû¿¡ AuthDigestEnableQueryStringHackÀ» ¼³Á¤ÇÏ¸é ¾ÆÆÄÄ¡´Â MSIE ¹ö±×¸¦ ÇÇÇØ°¥ Á¶Ä¡¸¦ ÃëÇÏ°í ¿äû URI¸¦ digest ºñ±³¿¡¼­ Á¦¿ÜÇÑ´Ù. ÀÌ ¹æ¹ýÀº ´ÙÀ½°ú °°ÀÌ »ç¿ëÇÑ´Ù.

MSIE¿¡¼­ Digest Authentication »ç¿ëÇϱâ: BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On

¼±ÅÃÀûÀΠȯ°æº¯¼ö ¼³Á¤¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ ³»¿ëÀº BrowserMatch Áö½Ã¾î¸¦ Âü°íÇ϶ó.

AuthDigestProvider ÀÌ À§Ä¡¿¡ ´ëÇÑ ÀÎÁõÁ¦°øÀÚ¸¦ ÁöÁ¤ÇÑ´Ù AuthDigestProvider On|Off|provider-name [provider-name] ... AuthDigestProvider On directory.htaccess AuthConfig

AuthDigestProvider Áö½Ã¾î´Â ÀÌ À§Ä¡¿¡¼­ »ç¿ëÀÚ¸¦ ÀÎÁõÇÒ Á¦°øÀÚ¸¦ ÁöÁ¤ÇÑ´Ù. °ªÀÌ OnÀÌ¸é ±âº»Á¦°øÀÚ(file)¸¦ »ç¿ëÇÑ´Ù. mod_authn_file ¸ðµâÀÌ file Á¦°øÀÚ¸¦ ±¸ÇöÇϱ⶧¹®¿¡ ¼­¹ö¿¡ ÀÌ ¸ðµâÀÌ ÀÖ´ÂÁö È®ÀÎÇØ¾ß ÇÑ´Ù.

Á¦°øÀÚ´Â mod_authn_dbm°ú mod_authn_fileÀ» Âü°íÇ϶ó.

°ªÀÌ OffÀ̸é Á¦°øÀÚ ¸ñ·ÏÀ» Áö¿ì°í ±âº»»óÅ·Πµ¹¾Æ°£´Ù.

AuthDigestQop digest authentication°¡ »ç¿ëÇÒ º¸È£¼öÁØ(quality-of-protection)À» ÁöÁ¤ÇÑ´Ù. AuthDigestQop none|auth|auth-int [auth|auth-int] AuthDigestQop auth directory.htaccess AuthConfig

AuthDigestQop Áö½Ã¾î´Â º¸È£¼öÁØ(quality-of-protection)À» ÁöÁ¤ÇÑ´Ù. auth´Â (»ç¿ëÀÚ¸í/¾ÏÈ£) ÀÎÁõ¸¸ ÇÏ°í, auth-int´Â ÀÎÁõ°ú ¿Ï°á¼º °Ë»ç¸¦ (MD5 Çؽ¬µµ °è»êÇÏ¿© °Ë»çÇÑ´Ù) ÇÑ´Ù. noneÀº (¿Ï°á¼º °Ë»ç¸¦ ÇÏÁö¾Ê´Â) ¿À·¡µÈ RFC-2069 digest ¾Ë°í¸®ÁòÀ» »ç¿ëÇÑ´Ù. auth¿Í auth-int¸¦ ¸ðµÎ ÁöÁ¤ÇÒ ¼ö ÀÖ´Ù. ÀÌ °æ¿ì ºê¶ó¿ìÀú´Â ¾î¶² °ÍÀ» »ç¿ëÇÒÁö ¼±ÅÃÇÑ´Ù. ºê¶ó¿ìÀú°¡ ¾î´ø ÀÌÀ¯¿¡¼­°Ç challenge¸¦ ÁÁ¾ÆÇÏÁö ¾Ê´Â´Ù¸é noneÀ» »ç¿ëÇØ¾ß ÇÑ´Ù.

auth-int´Â ¾ÆÁ÷ ±¸ÇöµÇÁö ¾Ê¾Ò´Ù.
AuthDigestNonceLifetime ¼­¹ö nonce°¡ À¯È¿ÇÑ ±â°£ AuthDigestNonceLifetime seconds AuthDigestNonceLifetime 300 directory.htaccess AuthConfig

AuthDigestNonceLifetime Áö½Ã¾î´Â ¼­¹ö nonce°¡ À¯È¿ÇÑ ±â°£À» Á¶ÀýÇÑ´Ù. Ŭ¶óÀ̾ðÆ®°¡ ¸¸±âµÈ nonce¸¦ °¡Áö°í ¼­¹ö¿¡ Á¢±ÙÇÏ¸é ¼­¹ö´Â stale=true¿Í ÇÔ²² 401À» ¹ÝȯÇÑ´Ù. seconds°¡ 0º¸´Ù Å©¸é nonce°¡ À¯È¿ÇÑ ±â°£À» ÁöÁ¤ÇÑ´Ù. ¾Æ¸¶µµ 10 Ãʺ¸´Ù ÀÛ°Ô ¼³Á¤ÇÏ¸é ¾ÈµÈ´Ù. seconds°¡ 0º¸´Ù ÀÛÀ¸¸é nonce´Â ¿µ¿øÈ÷ ¸¸±âµÇÁö ¾Ê´Â´Ù.

AuthDigestNonceFormat nonce¸¦ ¸¸µå´Â ¹æ¹ýÀ» °áÁ¤ÇÑ´Ù AuthDigestNonceFormat format directory.htaccess AuthConfig ¾ÆÁ÷ ±¸ÇöµÇÁö ¾Ê¾Ò´Ù. AuthDigestNcCheck ¼­¹ö°¡ º¸³»´Â nonce-count¸¦ °Ë»çÇÒÁö ¿©ºÎ AuthDigestNcCheck On|Off AuthDigestNcCheck Off server config ¾ÆÁ÷ ±¸ÇöµÇÁö ¾Ê¾Ò´Ù. AuthDigestAlgorithm digest authentication¿¡¼­ challenge¿Í response hash¸¦ °è»êÇÏ´Â ¾Ë°í¸®ÁòÀ» ¼±ÅÃÇÑ´Ù AuthDigestAlgorithm MD5|MD5-sess AuthDigestAlgorithm MD5 directory.htaccess AuthConfig

AuthDigestAlgorithm Áö½Ã¾î´Â challenge¿Í response hash¸¦ °è»êÇÏ´Â ¾Ë°í¸®ÁòÀ» ¼±ÅÃÇÑ´Ù.

MD5-sess´Â ¾ÆÁ÷ ¿ÏÀüÈ÷ ±¸ÇöµÇÁö ¾Ê¾Ò´Ù.
AuthDigestDomain digest authentication¿¡¼­ °°Àº º¸È£¿µ¿ª¿¡ ¼ÓÇÏ´Â URIµé AuthDigestDomain URI [URI] ... directory.htaccess AuthConfig

AuthDigestDomain Áö½Ã¾î´Â °°Àº º¸È£¿µ¿ª¿¡ ÀÖ´Â (¿¹¸¦ µé¾î °°Àº ¿µ¿ª°ú »ç¿ëÀÚ¸í/¾ÏÈ£ Á¤º¸¸¦ »ç¿ëÇÏ´Â) URIµéÀ» ÁöÁ¤ÇÑ´Ù. ÁöÁ¤ÇÑ URI´Â Á¢µÎ»ç·Î »ç¿ëÇÑ´Ù. Ŭ¶óÀ̾ðÆ®´Â URI "¾Æ·¡" ¸ðµÎ¸¦ °°Àº »ç¿ëÀÚ¸í/¾ÏÈ£·Î º¸È£ÇÑ´Ù°í °¡Á¤ÇÑ´Ù. URI´Â (Áï, ½ºÅ´(scheme), È£½ºÆ®, Æ÷Æ® µîÀ» Æ÷ÇÔÇÏ´Â) Àý´ë URLÀ̰ųª »ó´ë URIÀÌ´Ù.

ÀÌ Áö½Ã¾î´Â Ç×»ó ÁöÁ¤ÇØ¾ß Çϸç, ÃÖ¼ÒÇÑ ¿µ¿ªµéÀÇ ±âº» URI(µé)¸¦ Æ÷ÇÔÇØ¾ß ÇÑ´Ù. »ý·«Çϸé Ŭ¶óÀ̾ðÆ®´Â ÀÌ ¼­¹ö·Î º¸³»´Â ¸ðµç ¿äû¿¡ Authorization Çì´õ¸¦ Æ÷ÇÔÇÑ´Ù. ±×·¯¸é ¿äûÀÇ Å©±â°¡ Ä¿Áö¸ç, AuthDigestNcCheck¸¦ »ç¿ëÇÑ´Ù¸é ¼º´É¿¡ ³ª»Û ¿µÇâÀ» ÁÙ ¼ö ÀÖ´Ù.

´Ù¸¥ ¼­¹öÀÇ URI¸¦ ÁöÁ¤Çϸé, (À̸¦ ÀÌÇØÇÏ´Â) Ŭ¶óÀ̾ðÆ®´Â ¿©·¯ ¼­¹ö¸¶´Ù ¸Å¹ø »ç¿ëÀÚ¿¡°Ô ¹¯Áö¾Ê°í °°Àº »ç¿ëÀÚ¸í/¾ÏÈ£¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Ù.

AuthDigestShmemSize Ŭ¶óÀ̾ðÆ®¸¦ ÃßÀûÇϱâÀ§ÇØ ÇÒ´çÇÏ´Â °øÀ¯¸Þ¸ð¸®·® AuthDigestShmemSize size AuthDigestShmemSize 1000 server config

AuthDigestShmemSize Áö½Ã¾î´Â Ŭ¶óÀ̾ðÆ®¸¦ ÃßÀûÇϱâÀ§ÇØ ¼­¹ö°¡ ½ÃÀÛÇÒ¶§ ÇÒ´çÇÏ´Â °øÀ¯¸Þ¸ð¸®·®À» Á¤ÀÇÇÑ´Ù. °øÀ¯¸Þ¸ð¸®´Â ÃÖ¼ÒÇÑ ÇϳªÀÇ Å¬¶óÀ̾ðÆ®¸¦ ÃßÀûÇϱâÀ§ÇØ ÇÊ¿äÇÑ °ø°£º¸´Ù ÀÛÀ» ¼ö ¾øÀ½À» ÁÖÀÇÇ϶ó. ÀÌ °ªÀº ½Ã½ºÅÛ¿¡ µû¶ó ´Ù¸£´Ù. Á¤È®ÇÑ °ªÀ» ¾Ë·Á¸é AuthDigestShmemSize¸¦ 0À¸·Î ¼³Á¤ÇÏ°í ¼­¹ö¸¦ ½ÃÀÛÇÑÈÄ ¿À·ù¹®À» Âü°íÇ϶ó.

size´Â º¸Åë ¹ÙÀÌÆ® ´ÜÀ§ÀÌÁö¸¸, µÚ¿¡ K³ª MÀ» »ç¿ëÇÏ¿© KBytes³ª MBytes¸¦ ³ªÅ¸³¾ ¼ö ÀÖ´Ù. ¿¹¸¦ µé¾î, ´ÙÀ½ Áö½Ã¾îµéÀº ¸ðµÎ °°´Ù:

AuthDigestShmemSize 1048576
AuthDigestShmemSize 1024K
AuthDigestShmemSize 1M