tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <craig...@apache.org>
Subject Re: Digest authentication in Tomcat?
Date Fri, 07 Sep 2001 16:30:39 GMT


On Fri, 7 Sep 2001, Remy Maucherat wrote:

> Date: Fri, 7 Sep 2001 09:13:29 -0700
> From: Remy Maucherat <remm@apache.org>
> Reply-To: tomcat-dev@jakarta.apache.org
> To: tomcat-dev@jakarta.apache.org
> Subject: Re: Digest authentication in Tomcat?
>
> > Just wanted you to know: I've done with implementing Digest authentication
> > in Tomcat 3.2.1 code, will incorporate it into current 3.2.x latest code
> > from CVS. The funny thing is that so-called "mainstream" browsers (IE and
> > NN; tried many versions this afternoon) DO NOT support the Digest
> > authentication scheme... However, Opera does, so I finally have a test
> > environment :-). I think I like that browser more and more.
>
> Tomcat 4.0 already supports DIGEST, but only if the realm can return clear
> text passwords. Designing a cheme to store the limited digest in the
> realmshould be possible, but should be postponed until 4.1.
>

By the way Costin, this support is *not* in the core -- it's in a plug-in
authenticator valve that's only added if you select DIGEST authentication
:-).  Same is true for the other login methods, and none of them are added
(i.e. zero overhead) if your app does not use container managed security.

> Also, IE supports DIGEST.
>
> Remy
>
>
Craig



Mime
View raw message