www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Dietrich <alexan...@dietrich.cx>
Subject Re: general/9977: Digest authentication fails on POST request
Date Thu, 28 Feb 2002 18:49:33 GMT
slive@apache.org wrote:

> 1. Try it in IE6 or another browser known to support
> the most recent digest spec.

Sorry, I don't have IE6. Does Opera for Linux support it ?

> 2. Put a sniffer on the line and see if mozilla is
> really sending the right thing.

This is what ethereal sniffed, I only include the auth headers:
(I am not a digest auth expert, so unfortuantely I can't tell
if there's anything suspicious going on.)

GET /cgi-bin/forum.pl HTTP/1.1

HTTP/1.1 401 Authorization Required
WWW-Authenticate: Digest realm="private", nonce="EXZ+PA==82751188dcd5a82a6cda69656d8473f8efe2cbce",
algorithm=MD5, domain="/cgi-bin/forum.pl", qop="auth"

GET /cgi-bin/forum.pl HTTP/1.1
Authorization: Digest username="foo", realm="private", nonce="EXZ+PA==82751188dcd5a82a6cda69656d8473f8efe2cbce",
uri="/cgi-bin/forum.pl", algorithm=MD5, response="b349ac4f14357acc9e38a6f16895f7b9", qop=auth,
nc=00000001, cnonce="c5bbd25b487957ed"

HTTP/1.1 200 OK
Authentication-Info: rspauth="7327570c586207eca2afae94fc20903d", cnonce="c5bbd25b487957ed",
nc=00000001, qop=auth

GET /cgi-bin/forum.pl?submit HTTP/1.1
Authorization: Digest username="foo", realm="private", nonce="EXZ+PA==82751188dcd5a82a6cda69656d8473f8efe2cbce",
uri="/cgi-bin/forum.pl?submit", algorithm=MD5, response="b18ef2508218534c8b23ac5a816dbeeb",
qop=auth, nc=00000002, cnonce="9a29032c2611e37c"

HTTP/1.1 200 OK
Authentication-Info: rspauth="34171bff37b1de3113044ad44af36351", cnonce="9a29032c2611e37c",
nc=00000002, qop=auth

POST /cgi-bin/forum.pl?preview HTTP/1.1
Authorization: Digest username="foo", realm="private", nonce="EXZ+PA==82751188dcd5a82a6cda69656d8473f8efe2cbce",
uri="/cgi-bin/forum.pl?preview", algorithm=MD5, response="e19850a9a261cce58820e35b406bfaf0",
qop=auth, nc=00000003, cnonce="94977e4b7b6d45cd"

HTTP/1.1 401 Authorization Required
WWW-Authenticate: Digest realm="private", nonce="HXZ+PA==e7e86a9c01f7d33dfda8ae0dd70a990186b3411a",
algorithm=MD5, domain="/cgi-bin/forum.pl", qop="auth"

POST /cgi-bin/forum.pl?preview HTTP/1.1
Authorization: Digest username="foo", realm="private", nonce="HXZ+PA==e7e86a9c01f7d33dfda8ae0dd70a990186b3411a",
uri="/cgi-bin/forum.pl?preview", algorithm=MD5, response="200fbc500ae40f80473ad5f3464058e6",
qop=auth, nc=00000001, cnonce="1e7129d500603edc"

HTTP/1.1 200 OK
Authentication-Info: rspauth="ad4426f5abf89d62a4a24b6b031a9598", cnonce="1e7129d500603edc",
nc=00000001, qop=auth

POST /cgi-bin/forum.pl HTTP/1.1
Authorization: Digest username="foo", realm="private", nonce="HXZ+PA==e7e86a9c01f7d33dfda8ae0dd70a990186b3411a",
uri="/cgi-bin/forum.pl", algorithm=MD5, response="fd6058180c27e85961b803a5007b3eff", qop=auth,
nc=00000002, cnonce="385b7a706dda4b95"

HTTP/1.1 401 Authorization Required
WWW-Authenticate: Digest realm="private", nonce="IXZ+PA==94aba433108fb50a6027aac831c6c8aea80e0591",
algorithm=MD5, domain="/cgi-bin/forum.pl", qop="auth"

POST /cgi-bin/forum.pl HTTP/1.1
Authorization: Digest username="foo", realm="private", nonce="IXZ+PA==94aba433108fb50a6027aac831c6c8aea80e0591",
uri="/cgi-bin/forum.pl", algorithm=MD5, response="3d0e1afff2f49af0bf4e6b9f5077cda1", qop=auth,
nc=00000001, cnonce="a26dc43d5ae89c6d"

HTTP/1.1 200 OK
Authentication-Info: rspauth="42b4e9ddcc29a6bd9dfa0b19994b1071", cnonce="a26dc43d5ae89c6d",
nc=00000001, qop=auth

GET /cgi-bin/forum.pl?msg=7 HTTP/1.1
Authorization: Digest username="foo", realm="private", nonce="IXZ+PA==94aba433108fb50a6027aac831c6c8aea80e0591",
uri="/cgi-bin/forum.pl?msg=7", algorithm=MD5, response="858d4eb819b1f612eb4eebbbb4facbad",
qop=auth, nc=00000002, cnonce="5cad73ed2d9694b4"

HTTP/1.1 200 OK
Authentication-Info: rspauth="4deb794450cd3b31eb22db5ce2682553", cnonce="5cad73ed2d9694b4",
nc=00000002, qop=auth


Regards,
Alexander Dietrich
-- 
( Alexander Dietrich <alexander@dietrich.cx> )

Mime
View raw message