DO NOT REPLY [Bug 22563] - Digest authentication failure due to bug in org.apache.catalina.authenticator.DigestAuthenticator
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=22563. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=22563 Digest authentication failure due to bug in org.apache.catalina.authenticator.DigestAuthenticator [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2004-08-15 15:50 --- Fix in CVS for TC4 and TC5. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 22563] New: - Digest authentication failure due to bug in org.apache.catalina.authenticator.DigestAuthenticator
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22563. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22563 Digest authentication failure due to bug in org.apache.catalina.authenticator.DigestAuthenticator Summary: Digest authentication failure due to bug in org.apache.catalina.authenticator.DigestAuthenticator Product: Tomcat 4 Version: 4.1.27 Platform: Macintosh OS/Version: MacOS X Status: NEW Severity: Major Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] RFC2617 defines the nc-value in the BNF as 8LHEX which should be used unquoted in the digest computation. Clients are allowed to quote any token. Server must be able to strip quotes appropriately. The findPrincipal() method of the DigestAuthentictor class does not correctly strip quotes off of the nc-value token. References: http://www.ietf.org/rfc/rfc2617.txt http://lists.w3.org/Archives/Public/ietf-http-wg/2003AprJun/0017.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 22563] - Digest authentication failure due to bug in org.apache.catalina.authenticator.DigestAuthenticator
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22563. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22563 Digest authentication failure due to bug in org.apache.catalina.authenticator.DigestAuthenticator --- Additional Comments From [EMAIL PROTECTED] 2003-08-19 17:42 --- Created an attachment (id=7890) Parsing of nc token in digest response will remove quotes if they exist. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Bug in org.apache.catalina.authenticator.DigestAuthenticator
line 317: qop = removeQuotes(currentTokenValue); needs to be: qop = currentTokenValue; I was using the Tomcat 4.1.24 code as an example for Digest Authentication and discovered that the hashes weren't matching in my code. Since auth was being stripped to ut, the hashes were screwed up. I checked the RFC 2617 spec http://asg.web.cmu.edu/rfc/rfc2617.html#sec-3.5 and qop doesn't have quotes. I searched the list and couldn't find if this was discovered or not, so I decided to post here :) Adam Hathcock - This mail sent through IMP: http://horde.org/imp/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 21529] New: - Bug in org.apache.catalina.authenticator.DigestAuthenticator
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21529. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21529 Bug in org.apache.catalina.authenticator.DigestAuthenticator Summary: Bug in org.apache.catalina.authenticator.DigestAuthenticator Product: Tomcat 4 Version: 4.1.24 Platform: All OS/Version: All Status: UNCONFIRMED Severity: Blocker Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] line 317: qop = removeQuotes(currentTokenValue); needs to be: qop = currentTokenValue; I was using the Tomcat 4.1.24 code as an example for Digest Authentication and discovered that the hashes weren't matching in my code. Since auth was being stripped to ut, the hashes were screwed up. I checked the RFC 2617 spec http://asg.web.cmu.edu/rfc/rfc2617.html#sec-3.5 and qop doesn't have quotes. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]