tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Valid values for digestEncoding attribute?
Date Thu, 27 Jan 2011 21:55:51 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Etienne,

> Sure enough, when I reversed the saved password back to the MD5 hash, Tomcat
> authenticated my login, regardless of the SHA-1 attribute set in my <Realm>
> tag's digest attribute.

Are you using DIGEST authentication? If so, all current web browsers
only implement MD5 as the digest algorithm, since HTTP-AUTH-DIGEST
doesn't provide any algorithm negotiation between the client and server.
If you have a custom client, you may be able to use a different digest
algorithm.

> Is this one application for programmatic authenticators as opposed to the
> default that ships with Tomcat?

Not likely: Tomcat is configurable while most clients are not.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk1B6ecACgkQ9CaO5/Lv0PAPkACfctQAY1P7fwdRGjIjhZi6QWwT
08YAoLPRaddCXJfJe/PGpwJ1OUZaNDpg
=NKU1
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message