tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: auth-mode=DIGEST and MD5 digested passwords
Date Sun, 30 Apr 2006 13:47:02 GMT
digby wrote:
> Is there anything to be aware of when (confusingly) you're doing DIGEST
> authentication with a standard JDBC realm using MD5 digested passwords?
> 
> I've just tried changing an existing app with BASIC authentication to
> DIGEST and it stopped authenticating me. I tried all sorts of web.xml
> combinations but nothing worked until I put it back to BASIC.

If you switch from BASIC auth + MD5 digested password in realm to DIGEST
auth + MD5 digested password in realm then you will need to regenerate
the digests.

In the BASIC auth + digested passwords case you digest:
password

In the DIGEST auth + digested passwords case you digest:
username:realm:cleartext-password

The realm is as specified in web.xml or, if not specifed, host:port

http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#Digested%20Passwords
explains this fully.

HTH,

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message