Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Message-ID: <914E0A4FA4FFD11180CB00A0C98219590F8579@SBSSERVEUR>
From: Dennis SELLINGER <dennis@vigis.com>
To: "'tomcat-user@jakarta.apache.org'" <tomcat-user@jakarta.apache.org>
Subject: JDBC Realm and Digest Authentication
Date: Thu, 3 Jan 2002 14:22:36 +0100 
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C19459.B6EBEE40"

------_=_NextPart_001_01C19459.B6EBEE40
Content-Type: text/plain;
	charset="iso-8859-1"

Hi,
 
I am using Tomcat 4.0.1 with apache 1.3.22 (with the webapp warp connector)
and DB2 on windows NT4 (SP6).  I would like to use DIGEST authentication but
it does not seem to be working.  Further, after reading the Tomcat
documentation I am not sure whether it is supposed to work in this release
or not.  
 
Using the Memory Realm, DIGEST authentication works but using the JDBC realm
my authentications always fail.  When I switch to BASIC authentication
everything works as it should (in the JDBC Realm).  I have tried enabling
logging to see if it would give me a clue, but I get no log messages (simply
that the authentication was not successful).  
 
My DB2 database stores the passwords as clear text.  I am using IE5.x as a
client.  When my application is set to DIGEST mode, IE uses the "secure"
login message associated with DIGEST authentication, rather than that used
by BASIC so I suppose that the authentication message sent to Tomcat from IE
is correct.
 
Is anyone using DIGEST authentication with the JDBC realm?  Are there any
known secrets or "gotcha's" involved with JDBC Realm Digest authentications?
 
Thanks in advance.
 
Dennis SELLINGER
 

------_=_NextPart_001_01C19459.B6EBEE40--