-
Notifications
You must be signed in to change notification settings - Fork 0
omonar/nginx-http-auth-digest
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Nginx Digest Authentication Module
--
Description:
--
Digest authentication module as described in RFC2617.
No support for "auth-int" type of quality of protection.
Installation:
--
You'll need to re-compile Nginx from source to include this module.
Modify your compile of Nginx by adding the following directive
(modified to suit your path of course):
./configure --add-module=/absolute/path/to/nginx-http-auth-digest
make
make install
Example configuration:
--
http {
auth_digest_zone zone=nonces:10m;
...
server {
...
auth_digest_user_file /etc/nginx/test.digest;
auth_digest_secret_key 0123456789abcdef;
auth_digest_algorithm MD5-sess;
location / {
auth_digest 'test' zone=nonces replays=20 expires=10;
}
Directives:
--
Syntax: auth_digest realm zone=name replays=number expires=number
Default: auth_digest off zone=name replays=512 expires=300
Context: http, server, location
Enables validation of user name and password using the "HTTP Digest Authentication"
protocol. The specified parameter is used as realm. Realm can contain variables.
The special value off allows cancelling the effect of the auth_digest directive
inherited from the previous configuration level. Each validation expires after
time in seconds specified by parameter expires or number of requests specified
by parameter replays.
Syntax: auth_digest_algorithm MD5 | MD5-sess
Default: auth_digest_algorithm MD5
Context: http, server, location
Sets the algorithm to be used during digest generation.
Syntax: auth_digest_zone zone=name:size
Default: --
Context: http
Sets parameters for a shared memory zone that will keep states for various nonces.
In particular, the state includes the current number of uses of a given nonce.
The stored state always occupies 64 bytes of memory. One megabyte zone can keep
about 16 thousand 64-byte states. If the zone storage is exhausted, the server
will return the 503 (Service Temporarily Unavailable) error to all further requests.
Syntax: auth_digest_secret_key key
Default: --
Context: http, server, location
Sets a secret key for nonce generation and verification. For reasonable protection,
secret should be a string of 22 characters. If secret key is not provided than a random key
is generated when nginx starts.
Syntax: auth_digest_user_file file
Default: --
Context: http, server, location
Specifies a file that keeps user names, realms, and md5 hash of a string username:realm:password
in the following format:
# comment
name1:realm1:md5hash(name1:realm1:password1)
name2:realm2:md5hash(name2:realm2:password2)
name3:realm2:md5hash(name3:realm3:password3)
Use attached perl script htdigest.py writen by Christian Swinehart to generate the file.
Embedded variables:
--
$auth_digest_user
The username used by a remote client.
Contributing:
--
Git source repositories:
http://github.com/omonar/nginx-http-auth-digest/tree/master
Please feel free to fork the project at GitHub and submit pull requests or patches.
About
Nginx digest authentication module
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published