Return-Path: 
 <users-return-221343-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: (qmail 45078 invoked from network); 28 Jan 2011 14:44:27 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 28 Jan 2011 14:44:27 -0000
Received: (qmail 28068 invoked by uid 500); 28 Jan 2011 14:44:23 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 27849 invoked by uid 500); 28 Jan 2011 14:44:21 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 27840 invoked by uid 99); 28 Jan 2011 14:44:20 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 28 Jan 2011 14:44:20 +0000
X-ASF-Spam-Status: No, hits=0.7 required=5.0
	tests=RCVD_IN_DNSWL_NONE,SPF_NEUTRAL
X-Spam-Check-By: apache.org
Received-SPF: neutral (nike.apache.org: local policy)
Received: from [76.96.59.243] (HELO qmta13.westchester.pa.mail.comcast.net)
 (76.96.59.243)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 28 Jan 2011 14:44:12 +0000
Received: from omta18.westchester.pa.mail.comcast.net ([76.96.62.90])
	by qmta13.westchester.pa.mail.comcast.net with comcast
	id 12CC1g0041wpRvQ5D2jr9K; Fri, 28 Jan 2011 14:43:51 +0000
Received: from [192.168.1.201] ([69.143.109.145])
	by omta18.westchester.pa.mail.comcast.net with comcast
	id 12jr1g00D38FjT13e2jrFj; Fri, 28 Jan 2011 14:43:51 +0000
Message-ID: <4D42D629.5080306@christopherschultz.net>
Date: Fri, 28 Jan 2011 09:43:53 -0500
From: Christopher Schultz <chris@christopherschultz.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US;
 rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7
MIME-Version: 1.0
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Valid values for digestEncoding attribute?
References: <153301cbbe11$90d6aa60$3800a8c0@lightseeker>
 <4D4280C9.50502@pidster.com>
 <!&!AAAAAAAAAAAYAAAAAAAAAIu4dyAgEtgRh7EAgK2o+dPCgAAAEAAAABYguqMNH2lKt8bMpnVN/vgBAAAAAA==@ieee.org>
In-Reply-To: 
 <!&!AAAAAAAAAAAYAAAAAAAAAIu4dyAgEtgRh7EAgK2o+dPCgAAAEAAAABYguqMNH2lKt8bMpnVN/vgBAAAAAA==@ieee.org>
X-Enigmail-Version: 1.2a1pre
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Etienne,

On 1/28/2011 7:55 AM, Ing. Etienne V. Depasquale wrote:
> The real problem lies in the fact that Tomcat does not specify any digest
> algorithm in the www-authenticate header of HTTP/1.1, which leads the
> browser to digest the password using MD5, regardless of the value of the
> digest attribute in the <Realm> tag.

You should definitely log a bug in bugzilla for that: Tomcat should be
sending the digest algorithm to the client for DIGEST authentication.

Be sure you use a protocol analyzer to ensure that the WWW-Authenticate
header doesn't contain the digest. Otherwise, you'll waste your time
filing the bug only to have it marked as INVALID.

Also, always test with the most recent version in your version line (you
didn't say which you were using). Current versions are Tomcat 7.0.6,
6.0.30, and 5.5.31:

http://tomcat.apache.org/whichversion.html

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk1C1igACgkQ9CaO5/Lv0PDSBwCcDWdYZhmI1EGrMyKFnZg5Hq+d
iLAAoKTUilFEIuAG3J8wO1P2dmwwqtXh
=BX+3
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org