What we described in the previous section is a way to provide user authenticated access control. We used the Basic protocol and simple text files to store the userids, passwords and groups.
The Basic protocol can be replaced with the Digest protocol. This comes from module auth_digest_module from mod_auth_digest.so.
LoadModule auth_digest_module /usr/lib/apache2/mod_auth_digest.so LoadModule authn_file_module /usr/lib/apache2/mod_authn_file.so LoadModule authz_user_module /usr/lib/apache2/mod_authz_user.so LoadModule authz_groupfile_module /usr/lib/apache2/mod_authz_groupfile.so <Directory /srv/www/WWW/bestiary> AuthType Digest AuthName "Restricted area" AuthDigestDomain / AuthUserFile /etc/apache2/access/digest_passwd AuthGroupFile /etc/apache2/access/group Require group managers </Directory>
The password file is replaced with one with a different structure, but the group file is the same as it was before.
$ touch /etc/apache2/access/digest_password $ htdigest /etc/apache2/access/digest_password "Restricted area" bob Adding user bob in realm Restricted area New password: password Re-type new password: password
The other issue we mentioned was that text files were used to hold the users, passwords and groups. For a small number of users this is fine but if your users reach into the thousands you may want to consider alternatives that are faster to search. Alternatively, you may already have an LDAP authentication mechanism and want to use that. A series of other modules exist for providing authentication with passwords and groups held in other formats.