https://bz.apache.org/bugzilla/show_bug.cgi?id=65036
Bug ID: 65036
Summary: adding http-digest-auth RFC2069 to mod_authnz_ldap
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_authnz_ldap
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Created attachment 37653
--> https://bz.apache.org/bugzilla/attachment.cgi?id=37653&action=edit
mod_authnz_ldap_md5digest-2.4.patch
mod_authnz_ldap lacks of RFC2069 Digest Access Authentication which is needed
in some scenarios, like apache mod_dav + windows webdav client (without
registry tweak).
also digest auth supported by most browsers and has advantages over plain Basic
auth scheme.
we using this patch over 10 years with different http clients (browsers, webdav
client & etc)
example configuration:
AuthType Digest
AuthName "ldap-md5-digest"
AuthDigestDomain /
AuthDigestProvider ldap
AuthLDAPURL
"ldaps://127.0.0.1/dc=root?uid,MD5DigestPassword?sub?(objectClass=posixAccount)"
AuthLDAPBindDN uid=apache,dc=root
AuthLDAPBindPassword "secretldappassword"
it's like for basic auth, but second attribute MD5DigestPassword must by
specify ldap field (any text field), which contants concatenated value of:
AuthName:md5(username:AuthName:password)
shell-code example for generation:
echo -n "ldap-md5-digest:" && echo -n "username:ldap-md5-digest:123456" |md5sum
ldap-md5-digest:a0ebfc0b3bc7f5eb8803aa02799f939b -
access to MD5DigestPassword field on ldap server must be restricted from other
users.
only user self (for set or change), admins and apache readonly.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
