tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: SimpleRealm and digested passwords in Tomcat 3.3
Date Fri, 14 Feb 2003 06:04:13 GMT

"Whitley, Michael T." <Michael.Whitley@WCOM.Com> wrote in message
news:6EFD2D8565069542A1029F2D17B54625DA50@ripexch001.wcomnet.com...
> From the Tomcat 3.3 readme under "6.2 Container Managed Security" it says:
>
> "DIGEST authentication ... [is] not supported in this release."
>
> http://jakarta.apache.org/tomcat/tomcat-3.3-doc/readme
>
> I am assuming this means digest authentication is not supported for
> SimpleRealms in 3.3 as the documentation clearly states that it is
supported
> for JDBCRealms in 3.3. My question is this:
>
> Why is it not supported? The Class necessary to encrypt passwords is in
3.3
> () and if I place digested passwords in my tomcat-users.xml file and place
> digest="MD5" as an attribute of the SimpleRealm tag the SimpleRealm class
is
> able to translate the digested password.
>
> So if it works in 3.3 why is it not supported or documented?
> Was it put in, but just not tested in this release?
> For reasons I will not detail, I can not move to 4.0 yet, and I want to
use
> this feature. Other than the fact that the developers say it shouldn't be
> used, why can't I? I guess I am trying to find out if the feature buggy in
> 3.3 or if it was ready before the 4.0 release and put in but not announced
> until the 4.0 release for logistics reasons.
>
> Any insight would be greatly appreciated.

I'm guessing that it was simply never really checked.  The other reason
could be that CredentialsInterceptor doesn't support "DIGEST" as a method.
So you can only configure an all-or-nothing use of DIGEST for the Realm.

>
> Thanks,
> Michael Whitley




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message