one of the main goals I had set for myself before I started writing the book was that it would have an API for Digest authentication. to refresh your memory, while Apache (and mod_perl) had interfaces for plugging Basic authentication into any verification mechanism you want (via $r->note_basic_auth_failure() and so on), nothing yet existed for Digest authentication... and I wanted one, so I wrote one.
The API, in its latest form, is now on CPAN (and apparently people are actually using it). however, Apache::AuthDigest is still somewhat lacking - it implements Digest auth patterned after the older mod_digest implementation, and isn't fully RFC compliant. this is not a big deal to Opera, Mozilla, and other browsers but causes problems with (you guessed it) MSIE (of course, MSIE isn't RFC compliant either...).
now, I had planned on writing all the Perl to make Digest auth proper (mostly by stealing from LWP), but I thought that Apache 2.0/mod_perl 2.0 might offer a better solution. well, I was (almost) right - the experimental, Apache 2.1 branch provides a set of new authentication hooks, free for the taking. so, after a few hours of dedicated snooping and coding, there is now Apache::AuthenHook - the coolest thing I think I have ever done. authentication, both Basic and Digest, have never been so easy.
with open source, most days are ok, some days make you want to quit, and some days you feel like you've actually accomplished something meaningful. now, all I have to do is find somebody who's interested in hiring me to do this stuff for real :)
coming soon to CPAN and a perl.com article near you...
