tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <>
Subject Re: SimpleRealm and digested passwords in Tomcat 3.3
Date Fri, 14 Feb 2003 06:04:13 GMT

"Whitley, Michael T." <Michael.Whitley@WCOM.Com> wrote in message
> From the Tomcat 3.3 readme under "6.2 Container Managed Security" it says:
> "DIGEST authentication ... [is] not supported in this release."
> I am assuming this means digest authentication is not supported for
> SimpleRealms in 3.3 as the documentation clearly states that it is
> for JDBCRealms in 3.3. My question is this:
> Why is it not supported? The Class necessary to encrypt passwords is in
> () and if I place digested passwords in my tomcat-users.xml file and place
> digest="MD5" as an attribute of the SimpleRealm tag the SimpleRealm class
> able to translate the digested password.
> So if it works in 3.3 why is it not supported or documented?
> Was it put in, but just not tested in this release?
> For reasons I will not detail, I can not move to 4.0 yet, and I want to
> this feature. Other than the fact that the developers say it shouldn't be
> used, why can't I? I guess I am trying to find out if the feature buggy in
> 3.3 or if it was ready before the 4.0 release and put in but not announced
> until the 4.0 release for logistics reasons.
> Any insight would be greatly appreciated.

I'm guessing that it was simply never really checked.  The other reason
could be that CredentialsInterceptor doesn't support "DIGEST" as a method.
So you can only configure an all-or-nothing use of DIGEST for the Realm.

> Thanks,
> Michael Whitley

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message