Apache HTTP Server Version 2.4
¼³¸í: | MD5 Digest AuthenticationÀ» »ç¿ëÇÑ »ç¿ëÀÚÀÎÁõ. |
---|---|
»óÅÂ: | Experimental |
¸ðµâ¸í: | auth_digest_module |
¼Ò½ºÆÄÀÏ: | mod_auth_digest.c |
ÀÌ ¸ðµâÀº HTTP Digest AuthenticationÀ» ±¸ÇöÇÑ´Ù. ±×·¯³ª ¸¹Àº Å×½ºÆ®¸¦ °ÅÄ¡Áö ¾ÊÀº ½ÇÇèÀûÀÎ ¸ðµâÀÌ´Ù.
MD5 Digest authenticationÀº ¸Å¿ì ½±°Ô »ç¿ëÇÒ ¼ö ÀÖ´Ù.
AuthType Basic
°ú AuthBasicProvider
´ë½Å
AuthType Digest
¿Í AuthDigestProvider
¸¦
»ç¿ëÇÏ¿© °£´ÜÈ÷ ÀÎÁõÀ» ¼³Á¤ÇÒ ¼ö ÀÖ´Ù. ±×¸®°í ÃÖ¼ÒÇÑ º¸È£ÇÏ·Á´Â
¿µ¿ªÀÇ ±âº» URIÀ» AuthDigestDomain
Áö½Ã¾î¿¡ »ç¿ëÇÑ´Ù.
htdigest µµ±¸¸¦ »ç¿ëÇÏ¿© »ç¿ëÀÚ (¹®ÀÚ)ÆÄÀÏÀ» ¸¸µé ¼ö ÀÖ´Ù.
<Location /private/>
AuthType Digest
AuthName "private area"
AuthDigestDomain /private/ https://mirror.my.dom/private2/
AuthDigestProvider file
AuthUserFile /web/auth/.digest_pw
Require valid-user
</Location>
Digest authenticationÀº Basic authenticationº¸´Ù ´õ ¾ÈÀüÇÏÁö¸¸, ºê¶ó¿ìÀú°¡ Áö¿øÇØ¾ß ÇÑ´Ù. 2002³â 11¿ù ÇöÀç digest authenticationÀ» Áö¿øÇÏ´Â ºê¶ó¿ìÀú¿¡´Â Amaya, Konqueror, (Windows¿ëÀº ÁúÀǹ®ÀÚ¿°ú ÇÔ²² »ç¿ëÇÏ¸é ¾ÈµÇÁö¸¸ - ÇØ°á¹æ¹ýÀº ¾Æ·¡ "MS Internet Explorer ¹®Á¦ ÇØ°áÇϱâ"¸¦ Âü°í) Mac OS X¿Í Windows¿ë MS Internet Explorer, Mozilla, Netscape ¹öÀü 7, Opera, Safari µîÀÌ ÀÖ´Ù. lynx´Â digest authenticationÀ» Áö¿øÇÏÁö ¾Ê´Â´Ù. digest authenticationÀÌ basic authentication ¸¸Å ³Î¸® ±¸ÇöµÇÁö ¾Ê¾Ò±â¶§¹®¿¡ ¸ðµç »ç¿ëÀÚ°¡ Áö¿øÇÏ´Â ºê¶ó¿ìÀú¸¦ »ç¿ëÇÏ´Â °æ¿ì¿¡¸¸ »ç¿ëÇØ¾ß ÇÑ´Ù.
ÇöÀç Windows¿ë Internet Explorer´Â Digest authentication
»ç¿ë½Ã ÁúÀǹ®ÀÚ¿ÀÌ ÀÖ´Â GET
¿äûÀ» RFC¿Í ´Ù¸£°Ô
ó¸®ÇÏ´Â ¹®Á¦°¡ ÀÖ´Ù. ¸î°¡Áö ¹æ¹ýÀ¸·Î ÀÌ ¹®Á¦¸¦ ÇØ°áÇÒ ¼ö
ÀÖ´Ù.
ù¹ø°´Â ÇÁ·Î±×·¥¿¡ ÀڷḦ ³Ñ°ÜÁÖ±âÀ§ÇØ GET
´ë½Å POST
¿äûÀ» »ç¿ëÇÏ´Â ¹æ¹ýÀÌ´Ù. ÀÌ ¹æ¹ýÀÌ
°¡´ÉÇÏ´Ù¸é °¡Àå °£´ÜÇÑ ÇØ°áÃ¥ÀÌ´Ù.
¶Ç, ¾ÆÆÄÄ¡ 2.0.51ºÎÅÍ AuthDigestEnableQueryStringHack
ȯ°æº¯¼ö¸¦ Á¦°øÇÏ¿© ¹®Á¦¸¦ ÇØ°áÇÑ´Ù. ¿äû¿¡
AuthDigestEnableQueryStringHack
À» ¼³Á¤Çϸé
¾ÆÆÄÄ¡´Â MSIE ¹ö±×¸¦ ÇÇÇØ°¥ Á¶Ä¡¸¦ ÃëÇÏ°í ¿äû URI¸¦ digest
ºñ±³¿¡¼ Á¦¿ÜÇÑ´Ù. ÀÌ ¹æ¹ýÀº ´ÙÀ½°ú °°ÀÌ »ç¿ëÇÑ´Ù.
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
¼±ÅÃÀûÀΠȯ°æº¯¼ö ¼³Á¤¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ ³»¿ëÀº BrowserMatch
Áö½Ã¾î¸¦
Âü°íÇ϶ó.
¼³¸í: | digest authentication¿¡¼ challenge¿Í response hash¸¦ °è»êÇÏ´Â ¾Ë°í¸®ÁòÀ» ¼±ÅÃÇÑ´Ù |
---|---|
¹®¹ý: | AuthDigestAlgorithm MD5|MD5-sess |
±âº»°ª: | AuthDigestAlgorithm MD5 |
»ç¿ëÀå¼Ò: | directory, .htaccess |
Override ¿É¼Ç: | AuthConfig |
»óÅÂ: | Experimental |
¸ðµâ: | mod_auth_digest |
AuthDigestAlgorithm
Áö½Ã¾î´Â
challenge¿Í response hash¸¦ °è»êÇÏ´Â ¾Ë°í¸®ÁòÀ» ¼±ÅÃÇÑ´Ù.
MD5-sess
´Â ¾ÆÁ÷ ¿ÏÀüÈ÷ ±¸ÇöµÇÁö ¾Ê¾Ò´Ù.
¼³¸í: | digest authentication¿¡¼ °°Àº º¸È£¿µ¿ª¿¡ ¼ÓÇÏ´Â URIµé |
---|---|
¹®¹ý: | AuthDigestDomain URI [URI] ... |
»ç¿ëÀå¼Ò: | directory, .htaccess |
Override ¿É¼Ç: | AuthConfig |
»óÅÂ: | Experimental |
¸ðµâ: | mod_auth_digest |
AuthDigestDomain
Áö½Ã¾î´Â °°Àº
º¸È£¿µ¿ª¿¡ ÀÖ´Â (¿¹¸¦ µé¾î °°Àº ¿µ¿ª°ú »ç¿ëÀÚ¸í/¾ÏÈ£
Á¤º¸¸¦ »ç¿ëÇÏ´Â) URIµéÀ» ÁöÁ¤ÇÑ´Ù. ÁöÁ¤ÇÑ URI´Â Á¢µÎ»ç·Î
»ç¿ëÇÑ´Ù. Ŭ¶óÀ̾ðÆ®´Â URI "¾Æ·¡" ¸ðµÎ¸¦
°°Àº »ç¿ëÀÚ¸í/¾ÏÈ£·Î º¸È£ÇÑ´Ù°í °¡Á¤ÇÑ´Ù. URI´Â
(Áï, ½ºÅ´(scheme), È£½ºÆ®, Æ÷Æ® µîÀ» Æ÷ÇÔÇÏ´Â)
Àý´ë URLÀ̰ųª »ó´ë URIÀÌ´Ù.
ÀÌ Áö½Ã¾î´Â Ç×»ó ÁöÁ¤ÇØ¾ß Çϸç, ÃÖ¼ÒÇÑ ¿µ¿ªµéÀÇ
±âº» URI(µé)¸¦ Æ÷ÇÔÇØ¾ß ÇÑ´Ù. »ý·«Çϸé Ŭ¶óÀ̾ðÆ®´Â
ÀÌ ¼¹ö·Î º¸³»´Â ¸ðµç ¿äû¿¡ Authorization Çì´õ¸¦
Æ÷ÇÔÇÑ´Ù. ±×·¯¸é ¿äûÀÇ Å©±â°¡ Ä¿Áö¸ç, AuthDigestNcCheck
¸¦
»ç¿ëÇÑ´Ù¸é ¼º´É¿¡ ³ª»Û ¿µÇâÀ» ÁÙ ¼ö ÀÖ´Ù.
´Ù¸¥ ¼¹öÀÇ URI¸¦ ÁöÁ¤Çϸé, (À̸¦ ÀÌÇØÇÏ´Â) Ŭ¶óÀ̾ðÆ®´Â ¿©·¯ ¼¹ö¸¶´Ù ¸Å¹ø »ç¿ëÀÚ¿¡°Ô ¹¯Áö¾Ê°í °°Àº »ç¿ëÀÚ¸í/¾ÏÈ£¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Ù.
¼³¸í: | ¼¹ö nonce°¡ À¯È¿ÇÑ ±â°£ |
---|---|
¹®¹ý: | AuthDigestNonceLifetime seconds |
±âº»°ª: | AuthDigestNonceLifetime 300 |
»ç¿ëÀå¼Ò: | directory, .htaccess |
Override ¿É¼Ç: | AuthConfig |
»óÅÂ: | Experimental |
¸ðµâ: | mod_auth_digest |
AuthDigestNonceLifetime
Áö½Ã¾î´Â
¼¹ö nonce°¡ À¯È¿ÇÑ ±â°£À» Á¶ÀýÇÑ´Ù. Ŭ¶óÀ̾ðÆ®°¡ ¸¸±âµÈ
nonce¸¦ °¡Áö°í ¼¹ö¿¡ Á¢±ÙÇÏ¸é ¼¹ö´Â stale=true
¿Í
ÇÔ²² 401À» ¹ÝȯÇÑ´Ù. seconds°¡ 0º¸´Ù Å©¸é nonce°¡
À¯È¿ÇÑ ±â°£À» ÁöÁ¤ÇÑ´Ù. ¾Æ¸¶µµ 10 Ãʺ¸´Ù ÀÛ°Ô ¼³Á¤ÇÏ¸é ¾ÈµÈ´Ù.
seconds°¡ 0º¸´Ù ÀÛÀ¸¸é nonce´Â ¿µ¿øÈ÷ ¸¸±âµÇÁö
¾Ê´Â´Ù.
¼³¸í: | ÀÌ À§Ä¡¿¡ ´ëÇÑ ÀÎÁõÁ¦°øÀÚ¸¦ ÁöÁ¤ÇÑ´Ù |
---|---|
¹®¹ý: | AuthDigestProvider On|Off|provider-name
[provider-name] ... |
±âº»°ª: | AuthDigestProvider On |
»ç¿ëÀå¼Ò: | directory, .htaccess |
Override ¿É¼Ç: | AuthConfig |
»óÅÂ: | Experimental |
¸ðµâ: | mod_auth_digest |
AuthDigestProvider
Áö½Ã¾î´Â ÀÌ
À§Ä¡¿¡¼ »ç¿ëÀÚ¸¦ ÀÎÁõÇÒ Á¦°øÀÚ¸¦ ÁöÁ¤ÇÑ´Ù. °ªÀÌ
On
ÀÌ¸é ±âº»Á¦°øÀÚ(file
)¸¦ »ç¿ëÇÑ´Ù.
mod_authn_file
¸ðµâÀÌ file
Á¦°øÀÚ¸¦ ±¸ÇöÇϱ⶧¹®¿¡ ¼¹ö¿¡ ÀÌ ¸ðµâÀÌ ÀÖ´ÂÁö È®ÀÎÇؾß
ÇÑ´Ù.
Á¦°øÀÚ´Â mod_authn_dbm
°ú
mod_authn_file
À» Âü°íÇ϶ó.
°ªÀÌ Off
À̸é Á¦°øÀÚ ¸ñ·ÏÀ» Áö¿ì°í ±âº»»óÅ·Î
µ¹¾Æ°£´Ù.
¼³¸í: | digest authentication°¡ »ç¿ëÇÒ º¸È£¼öÁØ(quality-of-protection)À» ÁöÁ¤ÇÑ´Ù. |
---|---|
¹®¹ý: | AuthDigestQop none|auth|auth-int [auth|auth-int] |
±âº»°ª: | AuthDigestQop auth |
»ç¿ëÀå¼Ò: | directory, .htaccess |
Override ¿É¼Ç: | AuthConfig |
»óÅÂ: | Experimental |
¸ðµâ: | mod_auth_digest |
AuthDigestQop
Áö½Ã¾î´Â
º¸È£¼öÁØ(quality-of-protection)À» ÁöÁ¤ÇÑ´Ù.
auth
´Â (»ç¿ëÀÚ¸í/¾ÏÈ£) ÀÎÁõ¸¸ ÇÏ°í,
auth-int
´Â ÀÎÁõ°ú ¿Ï°á¼º °Ë»ç¸¦ (MD5 Çؽ¬µµ
°è»êÇÏ¿© °Ë»çÇÑ´Ù) ÇÑ´Ù. none
Àº (¿Ï°á¼º °Ë»ç¸¦
ÇÏÁö¾Ê´Â) ¿À·¡µÈ RFC-2069 digest ¾Ë°í¸®ÁòÀ» »ç¿ëÇÑ´Ù.
auth
¿Í auth-int
¸¦ ¸ðµÎ ÁöÁ¤ÇÒ
¼ö ÀÖ´Ù. ÀÌ °æ¿ì ºê¶ó¿ìÀú´Â ¾î¶² °ÍÀ» »ç¿ëÇÒÁö ¼±ÅÃÇÑ´Ù.
ºê¶ó¿ìÀú°¡ ¾î´ø ÀÌÀ¯¿¡¼°Ç challenge¸¦ ÁÁ¾ÆÇÏÁö ¾Ê´Â´Ù¸é
none
À» »ç¿ëÇØ¾ß ÇÑ´Ù.
auth-int
´Â ¾ÆÁ÷ ±¸ÇöµÇÁö ¾Ê¾Ò´Ù.
¼³¸í: | Ŭ¶óÀ̾ðÆ®¸¦ ÃßÀûÇϱâÀ§ÇØ ÇÒ´çÇÏ´Â °øÀ¯¸Þ¸ð¸®·® |
---|---|
¹®¹ý: | AuthDigestShmemSize size |
±âº»°ª: | AuthDigestShmemSize 1000 |
»ç¿ëÀå¼Ò: | ÁÖ¼¹ö¼³Á¤ |
»óÅÂ: | Experimental |
¸ðµâ: | mod_auth_digest |
AuthDigestShmemSize
Áö½Ã¾î´Â
Ŭ¶óÀ̾ðÆ®¸¦ ÃßÀûÇϱâÀ§ÇØ ¼¹ö°¡ ½ÃÀÛÇÒ¶§ ÇÒ´çÇÏ´Â
°øÀ¯¸Þ¸ð¸®·®À» Á¤ÀÇÇÑ´Ù. °øÀ¯¸Þ¸ð¸®´Â ÃÖ¼ÒÇÑ ÇϳªÀÇ
Ŭ¶óÀ̾ðÆ®¸¦ ÃßÀûÇϱâÀ§ÇØ ÇÊ¿äÇÑ °ø°£º¸´Ù ÀÛÀ» ¼ö ¾øÀ½À»
ÁÖÀÇÇ϶ó. ÀÌ °ªÀº ½Ã½ºÅÛ¿¡ µû¶ó ´Ù¸£´Ù. Á¤È®ÇÑ °ªÀ» ¾Ë·Á¸é
AuthDigestShmemSize
¸¦ 0
À¸·Î
¼³Á¤ÇÏ°í ¼¹ö¸¦ ½ÃÀÛÇÑÈÄ ¿À·ù¹®À» Âü°íÇ϶ó.
size´Â º¸Åë ¹ÙÀÌÆ® ´ÜÀ§ÀÌÁö¸¸, µÚ¿¡
K
³ª M
À» »ç¿ëÇÏ¿© KBytes³ª MBytes¸¦
³ªÅ¸³¾ ¼ö ÀÖ´Ù. ¿¹¸¦ µé¾î, ´ÙÀ½ Áö½Ã¾îµéÀº ¸ðµÎ °°´Ù:
AuthDigestShmemSize 1048576
AuthDigestShmemSize 1024K
AuthDigestShmemSize 1M