: Digest access authentication "realm" I have attempted to find documentation on what this actually is with no luck. http://en.wikipedia.org/wiki/Digest_access_authentication The hashed value is username:realm:password.

@Jennifer507

You can refer to RFC1945 - Hypertext Transfer Protocol -- HTTP 1.0, which provides the definition of a realm:


The realm value (case-sensitive), in combination with the canonical root URL of the server being accessed, defines the protection space. These realms allow the protected resources on the server to be partitioned into a set of protection spaces, each with its own authentication scheme and/or authorization database.


So, let's say you have a web site and on that web site, you have a set of pages that display a bunch of useful debug, metric, and diagnostic information that your site admins would find useful but your regular users should never see. You want your webmasters to utilize a username and password to log onto the site but you don't want to force them to have to enter the user name and password for each request to pages within that set. The Realm serves two main purposes in that it allows you to say "take all these pages in directory DIR and restrict them to users within authorization database DB and as long as the user, realm, and password are provided for subsequent requests into that directory (and the browser has not been restarted), don't present the user with another login dialog." The Realm can be used to create some pretty sophisticated access control solutions for a web site but I hope my example here makes sense.

The Apache Authentication, Authorization, and Access Control How To provides a pretty good description as well.

Vote Up Vote Down