Support ignoring the HTTP method.

author: Stef Walter <stef@memberwebs.com> 2007-05-31 23:29:35 +0000
committer: Stef Walter <stef@memberwebs.com> 2007-05-31 23:29:35 +0000
commit: 6d7feb248daf16c260007388692d6de48416d9b7 (patch)
tree: 7bb76f937b738c78f8c6dabd66e7b721e1b73b3a /doc
parent: 82a32ff78428bec9f9a4f69cc21ccf9d197a38ff (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/doc/httpauthd.conf.5 b/doc/httpauthd.conf.5
index 8d967c3..bae1d2d 100644
--- a/doc/httpauthd.conf.5
+++ b/doc/httpauthd.conf.5
@@ -148,6 +148,14 @@ How this exactly works depends on the method it applies to.
 [ Default:
 .Em 900
 ]
+.It Cd DigestIgnoreMethod
+When set to 
+.Em True
+allows the HTTP method value in 
+.Em Digest
+authentication to be mismatched with the actual request. This opens 
+up a variety of replay attacks, but is useful for pass-through 
+authentication (eg: a website using a SOAP service).
 .It Cd DigestIgnoreNC
 When set to 
 .Em True
@@ -164,7 +172,8 @@ When set to
 allows the URI value in
 .Em Digest
 authentication to be mismatched with the URI requested. This opens up 
-a variety of replay attacks, but may be necessary in some cases.
+a variety of replay attacks, but is useful for pass-through 
+authentication (eg: a website using a SOAP service).
 .Pp
 [ Default:
 .Em False
author	Stef Walter <stef@memberwebs.com>	2007-05-31 23:29:35 +0000
committer	Stef Walter <stef@memberwebs.com>	2007-05-31 23:29:35 +0000
commit	6d7feb248daf16c260007388692d6de48416d9b7 (patch)
tree	7bb76f937b738c78f8c6dabd66e7b721e1b73b3a /doc
parent	82a32ff78428bec9f9a4f69cc21ccf9d197a38ff (diff)