mod_auth_digest cannot implement nonce-count checking or the md5-sess
algorithm if the platform doesn't have shared memory.
Right now, if the admin configures either of these options and the
platform doesn't have shared memory, the module issues a warning and
continues without the requested option.
In my opinion, if a security check that the admin requested in the
configuration cannot be implemented, it should be more than a warning;
it should be a fatal startup error.
What's the consensus on changing this?
1) What's the right behavior?
2) If it should be changed, what's the best way to do it? The change
could break configurations that currently appear to "work", although
they're not really doing what the admin configured them to do.
Thanks,
Dan
