Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 94680 invoked from network); 28 Jan 2011 12:54:22 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 28 Jan 2011 12:54:22 -0000 Received: (qmail 58118 invoked by uid 500); 28 Jan 2011 12:54:19 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 57776 invoked by uid 500); 28 Jan 2011 12:54:16 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 57767 invoked by uid 99); 28 Jan 2011 12:54:15 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 28 Jan 2011 12:54:15 +0000 X-ASF-Spam-Status: No, hits=0.7 required=5.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: 213.165.172.39 is neither permitted nor denied by domain of edepa@ieee.org) Received: from [213.165.172.39] (HELO zamco.net) (213.165.172.39) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 28 Jan 2011 12:54:08 +0000 Received: from lightseeker ([192.168.0.56]) by zamco.net (zamco.net [127.0.0.1]) (MDaemon.Standard.v7.2.3.R) with ESMTP id md50000366577.msg for ; Fri, 28 Jan 2011 14:02:50 +0100 Reply-To: From: "Ing. Etienne V. Depasquale" To: "'Tomcat Users List'" References: <154001cbbe19$88768680$3800a8c0@lightseeker> <4D41E9E7.4030006@christopherschultz.net> Subject: RE: Valid values for digestEncoding attribute? Date: Fri, 28 Jan 2011 13:59:13 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 Thread-Index: Acu+bRJsmJJXfnimQR+2VaKUuF3yfAAfb3Og In-Reply-To: <4D41E9E7.4030006@christopherschultz.net> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3664 X-MDRemoteIP: 192.168.0.56 X-Return-Path: edepa@ieee.org X-MDaemon-Deliver-To: users@tomcat.apache.org X-Virus-Checked: Checked by ClamAV on apache.org Yes, I am using DIGEST authentication. But what about the www-authenticate HTTP/1.1 header that Tomcat sends over to the browser? Is it ignored by any browser, simply defaulting to MD5? Cheers, Etienne -----Original Message----- From: Christopher Schultz [mailto:chris@christopherschultz.net] Sent: 27 January 2011 22:56 To: Tomcat Users List Subject: Re: Valid values for digestEncoding attribute? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Etienne, > Sure enough, when I reversed the saved password back to the MD5 hash, Tomcat > authenticated my login, regardless of the SHA-1 attribute set in my > tag's digest attribute. Are you using DIGEST authentication? If so, all current web browsers only implement MD5 as the digest algorithm, since HTTP-AUTH-DIGEST doesn't provide any algorithm negotiation between the client and server. If you have a custom client, you may be able to use a different digest algorithm. > Is this one application for programmatic authenticators as opposed to the > default that ships with Tomcat? Not likely: Tomcat is configurable while most clients are not. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1B6ecACgkQ9CaO5/Lv0PAPkACfctQAY1P7fwdRGjIjhZi6QWwT 08YAoLPRaddCXJfJe/PGpwJ1OUZaNDpg =NKU1 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org