tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Www-authenticate ...
Date Mon, 21 Dec 2009 12:34:05 GMT
insi wrote:
> Hi,
> My tomcat server is sending www-authenticate (digest) header but the header
> doesn't contain the algorithm field, which one is choosen by default?
> How do I specify it to use particular algorithm (sha1/md5)?

In short, you can't.
See HTTP 2616 and 2617.
Theoretically, you could, via the optional "Authentication-Info" header 
indicated in RFC2617. But in the practice, to my knowledge, browsers 
support only Digest with MD5, so it doesn't really help.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message