09/03/10

Authentication & Authorization

  - 5 steps
  - 401 response with WWW-Authenticate header
  - second client request has Authenticated header,
    containing the userid and password

  - Two types: 
      - Basic: uses Base64 to encode the password
      - Digest: uses MD5 to encrypt the password

  - Modules: decide what type (Basic/Digest),
      what you are checking (e.g. users, groups),
      where passwords are stored (files, databases)
    Hence, often 3 modules needed
      mod_auth_basic
      mod_authz_user
      mod_authn_file

  - Directives 
      AuthType Basic
      AuthName "Our internal web site"
      AuthUserFile conf/.htpasswd
      Require valid-user