tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Phillip Qin <Phillip....@shareowner.com>
Subject RE: Using Digested Passwords and DIGEST Authentication at the sam e time.
Date Thu, 07 Oct 2004 17:17:09 GMT
I don't think MD5+DIGEST will work. Take a look at any subclass of
RealmBase. Realm has nothing to do with web.xml attribute <login-config>. In
the authenticate method, Realm checks hasMessageDigest() - value of Realm
digest=. If hasMessageDigest, in your case =MD5, Realm digests the password
and compare it with the value stored in database.

-----Original Message-----
From: Shinobu Kawai [mailto:shinobu.kawai@gmail.com] 
Sent: October 7, 2004 12:51 PM
To: Tomcat Users List
Subject: Re: Using Digested Passwords and DIGEST Authentication at the sam e
time.


Hi Phillip,

> Have you tried it based on the howto?
Yep.
Here's what I tried: (All with o.a.c.r.MemoryRealm)
clear text + BASIC -> works!
clear text + DIGEST -> works!
MD5 digest + BASIC -> works!
SHA digest + BASIC -> works!
MD5 digest + DIGEST -> doesn't work!
SHA digest + DIGEST -> doesn't work!

Strangely, if I enter the digested password, it passes.

Best regards,
-- Shinobu Kawai

-- 
Shinobu Kawai <shinobu.kawai@gmail.com>

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


!DSPAM:416573fa311026568999013!

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message