Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is the "realm" in basic authentication

I'm setting up basic authentication on a php site and found this page on the php manual showing the set up. What does "realm" mean here in the header?

header('WWW-Authenticate: Basic realm="My Realm"'); 

Is it the page page being requested?

like image 947
RayLoveless Avatar asked Oct 03 '12 02:10

RayLoveless


People also ask

What is realm in basic authentication?

The basic-auth-realm command specifies the realm name for basic authentication. The realm name is the text that is displayed in the dialog box that appears when the browser prompts the user for login data. The realm name is also the name of the realm to which the user is authenticated.

What is a realm in security?

A realm is a security policy domain defined for a web or application server. The protected resources on a server can be partitioned into a set of protection spaces, each with its own authentication scheme and/or authorization database containing a collection of users and groups.

What is realm value?

The realm value is a free-form string that can only be compared for equality with other realms on that server. The server will service the request only if it can validate the user-id and password for the protection space applying to the requested resource.

What is realm Windows authentication?

The user account location is also called the realm or realm name, and is synonymous with the concept of domain, including DNS domains, Active Directory® domains, and Windows NT 4.0 domains.


1 Answers

From RFC 1945 (HTTP/1.0) and RFC 2617 (HTTP Authentication referenced by HTTP/1.1)

The realm attribute (case-insensitive) is required for all authentication schemes which issue a challenge. The realm value (case-sensitive), in combination with the canonical root URL of the server being accessed, defines the protection space. These realms allow the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme and/or authorization database. The realm value is a string, generally assigned by the origin server, which may have additional semantics specific to the authentication scheme.

In short, pages in the same realm should share credentials. If your credentials work for a page with the realm "My Realm", it should be assumed that the same username and password combination should work for another page with the same realm.

like image 102
Tim Cooper Avatar answered Oct 11 '22 02:10

Tim Cooper