tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Victor Jesus Angus <vjan...@ntsp.nec.co.jp>
Subject RealmBase authenticate serverDigest value always different w/ clientDigest
Date Mon, 06 Jan 2003 02:08:13 GMT

I enabled the debug lines of RealmBase.authenticate class
(org.apache.catalina.realm.RealmBase.java) 
from tomcat 4.1.18 on redhat 7.3 with mozilla 1.2.1
as my client browser and the Realm used is MemoryRealm.

The value of qop is always 'ut' instead of 'auth' 
which always results to a wrong serverDigest and authenticate method
always returns null.

Digest : a852b77dccce0bb62c8153a76b172503
************ Digest info
Username:vjangus
ClientSigest:a852b77dccce0bb62c8153a76b172503
nOnce:0a2685c59020bbd7ca83587b6a8e4ccc
nc:00000001
cnonce:c5bbd25b487957ed
qop:ut
realm:myrealm
md5a2:cda7e191666d50da04e65e951582a898
Server digest : 5e4ae83c6e6106b4c5131c16ae6b557b
password:vjangus --> getPassword(username)
md5a1:b11e0c1095a37e4768272c3df45575b2 

I think also the calculation of H(A1) 
or MD5(username:nonce:password) is not necessary to be
in RealmBase.authenticate(...) rather H(A1) should
be stored already in the realm db (as per implementation of
digest authentication in apache 1.3)

Hoping for anybodys comments =)
Happy New Year!

vj


--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message