I'll have to check the latest (1.3.4?) version of Apache, but at
least in 1.3.1 it appears that Apache only supports RFC 2069 Digest,
which does not cover authentication of the message body (which is
the only thing that really makes Digest more secure and authoritative
> In summary, it looks like there is lots of official support for
> Digest Authentication, although some of these products are recent
> (IE 5 was just released) or only in beta (Windows 2000). However, if
> you're sufficiently motivated, I'm sure those who are interested can
> get their hands on the implementations to try them out.
I think we need to keep in mind that many products out there
implement Digest based on RFC 2069, but can't handle the message
body authentication in the current draft...
-- ______________________________________________________________________ Michael Sweet, Easy Software Products firstname.lastname@example.org Printing Software for UNIX http://www.easysw.com