tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "richard" <rich...@securimine.com>
Subject RE: digest authentication
Date Thu, 29 Apr 2004 16:29:26 GMT
Hi,

Did you save the digested password instead of the password itself?
During authentication, the passwords entered by the user is converted into a
digested password and then compared to the password stored for that user.

Richard

-----Original Message-----
From: Fábio Araújo [mailto:Araujo@trifax.com.br] 
Sent: Thursday, April 29, 2004 9:01 AM
To: tomcat-user@jakarta.apache.org
Subject: digest authentication

Hi

	I'm a new Tomcat's user and I'm trying to configure Digest
Authentication without success. I'm able to work with Basic authentication
(login is working perfectly), but with digest the browser ask user and
password information but the user never get a success login. I tested with
Tomcat 5.0.19 and Tomcat 4.1.29 and got the same results. I tried access the
pages with 3 diferent browsers Mozzila 1.5, IE 6.0 and Konqueror 3.1-15.

	The only doc that I found tell to change the WEB.XML <auth-method>
tag to "DIGEST". 

	What is my error ?  Where can I find more documentation about digest
authentication using Tomcat ?

	Here is the relevant part of my web.xml:

<security-constraint>
    <display-name>Tomcat Server Configuration Security
Constraint</display-name>
    <web-resource-collection>
      <web-resource-name>Protected Area</web-resource-name>
      <!-- Define the context-relative URL(s) to be protected -->
      <url-pattern>*.jsp</url-pattern>
      <url-pattern>*.do</url-pattern>
      <url-pattern>*.html</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <!-- Anyone with one of the listed roles may access this area -->
      <role-name>tomcat</role-name>
    </auth-constraint>
  </security-constraint>

  <!-- Login configuration uses form-based authentication -->

  <login-config>
    <auth-method>DIGEST</auth-method>
    <realm-name>Tomcat Server Configuration DIGEST Authentication
Area</realm-name>
  </login-config>

  <!-- Security roles referenced by this web application -->
  <security-role>
    <description>
      The role that is required to log in to the Administration Application
    </description>
    <role-name>tomcat</role-name>
  </security-role>


Thank you in advance


Fábio Araújo


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message