[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd2] branch master updated: rough start on authentication (i
|
From: |
Admin |
|
Subject: |
[libmicrohttpd2] branch master updated: rough start on authentication (incomplete) |
|
Date: |
Sat, 15 Feb 2025 00:15:52 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository libmicrohttpd2.
The following commit(s) were added to refs/heads/master by this push:
new 008cf75 rough start on authentication (incomplete)
008cf75 is described below
commit 008cf75f73b09357fb88bfc504d828812366a019
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sat Feb 15 00:15:49 2025 +0100
rough start on authentication (incomplete)
---
doc/libmicrohttpd2.texi | 5 +++-
doc/manual/authentication.inc | 63 +++++++++++++++++++++++--------------------
2 files changed, 38 insertions(+), 30 deletions(-)
diff --git a/doc/libmicrohttpd2.texi b/doc/libmicrohttpd2.texi
index 0a4f32a..bb2a561 100644
--- a/doc/libmicrohttpd2.texi
+++ b/doc/libmicrohttpd2.texi
@@ -114,9 +114,12 @@ Indices
@chapter Parsing HTML form data with the POST processor
@include manual/postprocessor.inc
+@node libmicrohttpd2-authentication
+@chapter Handling HTTP authentication
+@include manual/authentication.inc
+
@c NEXT:
-@c - post [Fr]
@c - auth [Sa]
@c - introspection [Su]
@c - upgrade + response-upgrade [Mo]
diff --git a/doc/manual/authentication.inc b/doc/manual/authentication.inc
index ad32d23..dead73d 100644
--- a/doc/manual/authentication.inc
+++ b/doc/manual/authentication.inc
@@ -1,37 +1,38 @@
@noindent
MHD support three types of client authentication.
-Basic authentication uses a simple authentication method based
-on BASE64 algorithm. Username and password are exchanged in clear
-between the client and the server, so this method must only be used
-for non-sensitive content or when the session is protected with https.
-When using basic authentication MHD will have access to the clear
-password, possibly allowing to create a chained authentication
-toward an external authentication server.
-
-Digest authentication uses a one-way authentication method based
-on MD5 hash algorithm. Only the hash will transit over the network,
-hence protecting the user password. The nonce will prevent replay
-attacks. This method is appropriate for general use, especially
-when https is not used to encrypt the session.
-
-Client certificate authentication uses a X.509 certificate from
-the client. This is the strongest authentication mechanism but it
-requires the use of HTTPS. Client certificate authentication can
-be used simultaneously with Basic or Digest Authentication in order
-to provide a two levels authentication (like for instance separate
-machine and user authentication). A code example for using
-client certificates is presented in the MHD tutorial.
+Basic authentication uses a simple authentication method that
+transmits username and password in simple base64 encoding. Username
+and password are exchanged in cleartext between the client and the
+server, so this method must only be used for non-sensitive content or
+when the session is protected with TLS. When using basic
+authentication MHD will have access to the clear password, possibly
+allowing to create a chained authentication toward an external
+authentication server.
+
+Digest authentication uses a one-way authentication method based on
+cryptographic hash algorithms. Only the hash is transmitted over the
+network, hence protecting the user's password. A nonce is used to
+prevent replay attacks. This method is appropriate for general use,
+especially when TLS is not used to encrypt the transmission.
+
+Client certificate authentication uses a X.509 certificate from the
+client. This is the strongest authentication mechanism and also
+requires the use of TLS. Client certificate authentication can be used
+simultaneously with Basic or Digest Authentication in order to provide
+a two levels authentication (like, for instance, separate machine and
+user authentication).
@menu
-* microhttpd-dauth basic:: Using Basic Authentication.
-* microhttpd-dauth digest:: Using Digest Authentication.
+* libmicrohttpd-dauth basic:: Using Basic Authentication.
+* libmicrohttpd-dauth digest:: Using Digest Authentication.
+* libmicrohttpd-dauth example:: Example for Digest Authentication.
+@c * libmicrohttpd-dauth token:: Using Token Authentication.
+@c FIXME * libmicrohttpd-dauth tls:: Using TLS Client Authentication.
@end menu
-@c ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-@c ------------------------------------------------------------
-@node microhttpd-dauth basic
+@node libmicrohttpd-dauth basic
@section Using Basic Authentication
@deftypefun {void} MHD_free (void *ptr)
@@ -60,10 +61,9 @@ that UTF-8 encoding is preferred for username and password.
client with a 401 HTTP status.
@end deftypefun
-@c ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-@c ------------------------------------------------------------
-@node microhttpd-dauth digest
+
+@node libmicrohttpd-dauth digest
@section Using Digest Authentication
MHD supports MD5 (deprecated by IETF) and SHA-256 hash algorithms
@@ -282,6 +282,11 @@ parameters and only a new nonce gets generated.
@code{MHD_YES} to generate a new
nonce, @code{MHD_NO} to ask for authentication parameters.
@end deftypefun
+
+
+@node libmicrohttpd-dauth example
+@section Example for Digest Authentication
+
Example: handling digest authentication requests and responses.
@example
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [libmicrohttpd2] branch master updated: rough start on authentication (incomplete),
Admin <=