tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Whitley, Michael T." <Michael.Whit...@WCOM.Com>
Subject SimpleRealm and digested passwords in Tomcat 3.3
Date Thu, 13 Feb 2003 17:01:22 GMT
>From the Tomcat 3.3 readme under "6.2 Container Managed Security" it says:

	"DIGEST authentication ... [is] not supported in this release."

I am assuming this means digest authentication is not supported for
SimpleRealms in 3.3 as the documentation clearly states that it is supported
for JDBCRealms in 3.3. My question is this:

Why is it not supported? The Class necessary to encrypt passwords is in 3.3
() and if I place digested passwords in my tomcat-users.xml file and place
digest="MD5" as an attribute of the SimpleRealm tag the SimpleRealm class is
able to translate the digested password. 

So if it works in 3.3 why is it not supported or documented? 
Was it put in, but just not tested in this release?
For reasons I will not detail, I can not move to 4.0 yet, and I want to use
this feature. Other than the fact that the developers say it shouldn't be
used, why can't I? I guess I am trying to find out if the feature buggy in
3.3 or if it was ready before the 4.0 release and put in but not announced
until the 4.0 release for logistics reasons.

Any insight would be greatly appreciated.

Michael Whitley

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message