tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Remy Maucherat" <r...@apache.org>
Subject Re: Digest authentication in Tomcat?
Date Fri, 07 Sep 2001 16:44:10 GMT
> > Tomcat 4.0 already supports DIGEST, but only if the realm can return
clear
> > text passwords. Designing a cheme to store the limited digest in the
> > realmshould be possible, but should be postponed until 4.1.
>
> My implementation works with the situation where server only knows
> H(username ":" realm ":" password)

Ok, but that would still require some modifications in the JDBC realm, for
example, because it has the annoying habit to store H(password) ;-)
I was planning to add a mechanism a bit like you describe, but after 4.0.

> > Also, IE supports DIGEST.
>
> My IE 5.5 fails with DIGEST. I've checked by an experimental installation
of
> Apache 1.3.7. IE 5.5, NN 6 and NN 4.72 failed to process the
authentication
> request (NN 4.72 returned Basic authentication :-)) Opera succeeded
cleanly.

NN doesn't support DIGEST, that's for sure.
IE 5.0 did, and I was able to use it with TC 4.0 implementation of DIGEST.
Of course, that was some time ago, and I never tried with 6.0.

Remy


Mime
View raw message