well, after a bit of tweaking, I have a preliminary release of a suite of tools for using Digest authentication with mod_perl:
Apache::AuthDigest
I put out an RFC to the mod_perl list and got some decent initial feedback from Andrew Ho. As a result, I totally reconfigured the package so that it makes more sense (and actually works). now, Apache::AuthDigest makes up the following suite of tools:
Apache::AuthDigest - re-implementation of mod_digest in PerlApache::AuthzDigest - pick up the authorization pieces of mod_digestApache::AuthDigest::API - mod_perl API for Digest authentication so you can write your own authentication scheme instead of using flat-files.Apache::AuthDigest::API::Full - fully RFC 2617 compliant Digest API (not yet implemented). we need this since the mod_digest implementation (upon which Apache::AuthDigest::API is based) isn't fully RFC compliant and, as a result, doesn't work with MSIE.Apache::AuthDigest::API::Session - experimental API that uses the nonce value in the Authorization header like a cookie for storing a session identifier.
I think it still needs some tweaking before it's CPAN ready, but hopefully more feedback will iron out any pre-release issues. enjoy.
