> I'll have to check the latest (1.3.4?) version of Apache, but at
> least in 1.3.1 it appears that Apache only supports RFC 2069 Digest,
> which does not cover authentication of the message body (which is
> the only thing that really makes Digest more secure and authoritative
> than Basic).
No, RFC 2069 Digest is more secure than Basic because it doesn't
require sending the password in the clear.
However, qop=auth-int is a good idea. You might also want to consider
requiring MD5-sess in clients, since it would allow print servers
to use third-party authentication services without having to store
user passwords at all.