Hi,
Im trying to use Digest authentication with an AXIS web service hosted on
Tomcat 5.0.28. The problem is in setting up Digest authentication for
Tomcat. I did as was written in HOW-TO setting up a JDBC realm, I tried to
connect the URL configured on the secure realm from IE 6.0. Presto
http://www.devx.com/DevX/Article/21911
Chandan Gupta [EMAIL PROTECTED] wrote:
Hi,
Im trying to use Digest authentication with an AXIS web service hosted on
Tomcat 5.0.28. The problem is in setting up Digest authentication for
Tomcat. I did as was written in HOW-TO setting up a JDBC realm, I
On 9/15/05, bachoo jahnkar [EMAIL PROTECTED] wrote:
Im trying to use Digest authentication with an AXIS web service hosted on
...
connect the URL configured on the secure realm from IE 6.0. Presto whatever
I tried I always got 401. Once i changed authentication back to basic,
things started
in the realm/ element in Server.xml. So I changed my
digest algorithm for the realm to MD5, and DIGEST authentication is now
working.
I'd like to make it work with SHA-1. I've looked all through the Tomcat
documentation, and I can't find a configuration parameter to set the
www-authenticate response
, 2005 1:53 AM
To: Tomcat Users List
Subject: Re: DIGEST authentication; Does it work??
So at 3:00 AM I decided to read the Basic and Digest Access
Authentication spec (RFC 2617), and it says that MD5 is the default hash
algorithm. I had previously seen that Tomcat wasn't sending any response
However, I change BASIC above to DIGEST to induce the server to tell
the client that DIGEST authentication is required, meaning that instead
of sending the username and password as a Base64 encoded text string,
which anyone can decode and thereby compromise the user's credentials,
it will send
However, I change BASIC above to DIGEST to induce the server to tell
the client that DIGEST authentication is required, meaning that instead
of sending the username and password as a Base64 encoded text string,
which anyone can decode and thereby compromise the user's credentials,
it will send
the following in my web.xml
login-config
auth-methodBASIC/auth-method
realm-nameJDBCRealm/realm-name
/login-config
However, I change BASIC above to DIGEST to induce the server to
tell the client that DIGEST authentication is required, meaning that
instead of sending the username and password as a Base64
with the digest realm.
You need to be using 4.1.x from CVS HEAD or 5.5.8+
For more info see:
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/realm-howto.html
Mark
Mark Leone wrote:
I'm trying to use DIGEST authentication with Tomcat, and it doesn't seem
to work. I found some articles with Google about IE
Okay, I was using 5.5.7. So I just downloaded the source and built
5.5.8, and things got worse. Digest authentication is not working for
me. I believe I've set everything up correctly. Using an HTTP monitor I
see a 401 response coming back from Tomcat with a www-authenticate
header whose
4.1.24. But guess what. When I digest the same info
with the same algorithm specifier (SHA) in Tomcat 4.1.24 and Tomcat
5.5.8 I get different digest values. And DIGEST authentication still
doesn't work, in either case. Something very strange is going on here. :(
-Mark
Mark Leone wrote:
Okay, I
I'm trying to use DIGEST authentication with Tomcat, and it doesn't seem
to work. I found some articles with Google about IE implementing DIGEST
authentication in a way that only worked with MS servers, and I assume
that hasn't been corrected. But I'm also using Firefox with the same
results
Hi all,
Has anyone created a DataSourceRealm that works with DIGEST
authentication? I'm planning to make one, but only if I'm not
reinventing the wheel.
If anyone's interested, here's what I have so far:
http://sylow.no-ip.com/pub/apache/jakarta/tomcat/DigestableDataSourceRealm.java
Any
Hi all,
Has anyone created a DataSourceRealm that works with DIGEST
authentication? I'm planning to make one, but only if I'm not
reinventing the wheel.
A relative bugzilla issue:
http://issues.apache.org/bugzilla/show_bug.cgi?id=19767
Best regards,
-- Shinobu Kawai
--
Shinobu Kawai
-Original Message-
From: Shinobu Kawai [mailto:[EMAIL PROTECTED]
Sent: Friday, October 08, 2004 1:14 AM
To: Tomcat Users List
Subject: Re: Using Digested Passwords and DIGEST Authentication at the
sam
e time.
Hi Phillip,
Thanks for the information.
- Not all browsers supported DIGEST
Hi all,
I'm looking for a way to use Digested Passwords as in
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html
and DIGEST Authentication at the same time. I have found relative
questions/threads in the list:
http://www.mail-archive.com/[EMAIL PROTECTED]/msg97135.html
Have you tried it based on the howto?
-Original Message-
From: Shinobu Kawai [mailto:[EMAIL PROTECTED]
Sent: October 7, 2004 12:01 PM
To: [EMAIL PROTECTED]
Subject: Using Digested Passwords and DIGEST Authentication at the same
time.
Hi all,
I'm looking for a way to use Digested
Hi Phillip,
Have you tried it based on the howto?
Yep.
Here's what I tried: (All with o.a.c.r.MemoryRealm)
clear text + BASIC - works!
clear text + DIGEST - works!
MD5 digest + BASIC - works!
SHA digest + BASIC - works!
MD5 digest + DIGEST - doesn't work!
SHA digest + DIGEST - doesn't work!
and compare it with the value stored in database.
-Original Message-
From: Shinobu Kawai [mailto:[EMAIL PROTECTED]
Sent: October 7, 2004 12:51 PM
To: Tomcat Users List
Subject: Re: Using Digested Passwords and DIGEST Authentication at the sam e
time.
Hi Phillip,
Have you tried it based
It's interesting you know. I read a book called Professional Apache Tomcat
published by Worx. In Chapter 16 Tomcat Security, the author says
- Not all browsers supported DIGEST authentication, so you can't gurantee
that all clients will be able to authenticate... Internet Explorer and
Knoqueror
As I am knew to Tomcat I will ask you to excuse my ignorance. I have just
realized (and I am asking those with the necessary experience to verify
this) that when you talk about DIGEST authentication there are really two
separate and distinct forms of it:
1. Indicate to the BROWSER to digest
Hi Phillip,
Thanks for the information.
- Not all browsers supported DIGEST authentication, so you can't gurantee
that all clients will be able to authenticate... Internet Explorer and
Knoqueror are two browsers that do support DIGEST authentication. Mozilla
1.0 claims to recognize
tested it for 4.x
(you should upgrade to 5 anyways if possible for you).
Yoav Shapira
Millennium Research Informatics
-Original Message-
From: Anderson, M. Paul [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 05, 2004 6:30 PM
To: 'Tomcat Users List'
Subject: DIGEST Authentication in Tomcat 4
List'
Subject: DIGEST Authentication in Tomcat 4 vs Tomcat 5
Can anyone point me to information concerning whether or not DIGEST
authentication works in Tomcat 4 and/or Tomcat 5? I have only found
conflicting information on the web as well as in several
books. Is there a
tutorial out
Can anyone point me to information concerning whether or not DIGEST
authentication works in Tomcat 4 and/or Tomcat 5? I have only found
conflicting information on the web as well as in several books. Is there a
tutorial out there somewhere that would help me set this up? I have seen
comments
Hi guys.
I'm having trouble setting up DIGEST authentication for single webapp in
Tomcat 5.0.27.
does anyone have done it successfully
I'd appreciate some guidance in this area
Alex
There is only very minimal support for DIGEST authentication. So minimal that in
practice I can't see how it could be of any use at this point in time.
It is on the list to be improved, but no idea for when:
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/status.html
Original Message
I think it supports digest authentication. However I
can not make it works even in the simplest case. I
have a basic tomcat 5 installation with one of my web
application. I'd like to use digest authentication(I
do not send password to server in clear text).
The configuration is like this
security
I can use Basic auth, and FORM-based auth,using the UserDatabaseRealm, with no
problem. But when I try to use DIGEST, like this:
login-config
auth-methodDIGEST/auth-method
realm-nameUserDatabase/realm-name
...etc
Tomcat obviously recognizes the keyword, because I get prompted by a
Hi,
I'm using Tomcat 4.1.18, Apache 1.3.27 and mod_jk as the connector. I want
to implement DIGEST authentication on tomcat. I implemented already the
BASIC authentication which is working fine. But if I want to change to
DIGEST it doesn't work anymore.
This is the contents of my web.xml
Hi,
I am resposting this message as I did not get any answer/comment/advice.
Has anyone ever got Digest authentication working with Tomcat?
-Original Message-
From: KUMAR,PANKAJ (HP-Cupertino,ex1) [mailto:[EMAIL PROTECTED]]
Subject: Tomcat 4.1.18: Digest authentication not working?
Hi
Ahoy there!
This is an automated response, to let you know
that we have received your query and will answer
your email as soon as possible.
We know you'd like to get back to playing our
state-of-the-art online games. We'd therefore like
to assure you that we are determined to keep our
service at
: Tomcat 4.1.18: Digest authentication not working?
Hi,
I am resposting this message as I did not get any answer/comment/advice.
Has anyone ever got Digest authentication working with Tomcat?
-Original Message-
From: KUMAR,PANKAJ (HP-Cupertino,ex1) [mailto:[EMAIL PROTECTED]]
Subject: Tomcat
?
-Original Message-
From: KUMAR,PANKAJ (HP-Cupertino,ex1)
[mailto:[EMAIL PROTECTED]]
Sent: Monday, January 06, 2003 11:13 AM
To: '[EMAIL PROTECTED]'
Subject: REPOST: Tomcat 4.1.18: Digest
authentication not working?
Hi,
I am resposting this message as I did not get any
answer
On the same issue... does using DIGEST Authentication
work when the password itself is stored in digest
form?
I wasnt able to get it to work...
/s
--- Sam Ewing [EMAIL PROTECTED] wrote:
I might be wrong.. but there is a difference between
using Digest for authentication and storing
-Original Message-
From: Sam Ewing [mailto:[EMAIL PROTECTED]]
On the same issue... does using DIGEST Authentication
work when the password itself is stored in digest
form?
No, it doesn't. I tried with MD5 digested passwords ( set digest attribute
of Realm element to MD5
Hi,
I am a relative newbiw to Tomcat.
The manager application works with BASIC authentication (default
configuration), after making appropriate user and role entries in
conf/tomcat-users.xml file.
However, when I change BASIC to DIGEST as shown below:
Default web.xml for manager:
...
: quinta-feira, 7 de novembro de 2002 16:53
Para: 'Tomcat Users List'
Assunto: RE: Digest authentication with JDBCRealm: doesn't seems to work
Change
login-config
auth-methodDIGEST/auth-method
/login-config
to
login-config
auth-methodBASIC/auth-method
/login-config
-Original
-POST RE: digest authentication or
auth-methodDIGEST/auth-method
-Original Message-
From: Koes, Derrick
Sent: Tuesday, November 05, 2002 6:43 PM
To: 'Tomcat Users List'
Subject: RE: digest authentication or auth-methodDIGEST/auth-method
I think what is really happening is that the realm
Hi.
I'm trying to use digest authentication with JDBCRealm and SHA
algorithm, but it doesn't seems to work.
Here is my context:
Context docBase=permission path=/permission reloadable=true
privileged=true
ResourceLink name=jdbc/global global=jdbc/global
type=javax.sql.DataSource
authentication with JDBCRealm: doesn't seems to work
Hi.
I'm trying to use digest authentication with JDBCRealm and SHA
algorithm, but it doesn't seems to work.
Here is my context:
Context docBase=permission path=/permission reloadable=true
privileged=true
ResourceLink name=jdbc/global
-Original Message-
From: Koes, Derrick
Sent: Tuesday, November 05, 2002 6:43 PM
To: 'Tomcat Users List'
Subject: RE: digest authentication or auth-methodDIGEST/auth-method
I think what is really happening is that the realm is handling the digesting
to do the password match. Setting
Hi.
I'm trying to do a digest authentication using a JDBCRealm with SHA
digest.
Here is my context:
Context docBase=permission path=/permission reloadable=true
privileged=true
ResourceLink name=jdbc/global global=jdbc/global
type=javax.sql.DataSource/
Realm className
Leave the auth-method in the web.xml as BASIC.
-Original Message-
From: Frank Balluffi [mailto:frank.balluffi;db.com]
Sent: Monday, November 04, 2002 6:01 PM
To: [EMAIL PROTECTED]
Subject: digest authentication or auth-methodDIGEST/auth-method
I am able to successfully configure
:
Subject: RE: digest authentication
or auth-methodDIGEST/auth-method
11/05/2002 01:29 PM
@smith-To: 'Tomcat
Users List' [EMAIL PROTECTED]
nephew.com cc:
Subject: RE: digest
authentication or auth-methodDIGEST/auth-method
11/05/2002 01:29
PM
-method needed to be set to BASIC, not DIGEST.
That said, I do not see much advantage in using digest authentication over basic
authentication.
Frank
-method DIGEST? What if all your passwords are SHA-1?
Derrick
-Original Message-
From: Frank Balluffi [mailto:frank.balluffi;db.com]
Sent: Tuesday, November 05, 2002 6:25 PM
To: Tomcat Users List
Subject: RE: digest authentication or auth-methodDIGEST/auth-method
Jake,
Because tomcat
and
the servlet successfully runs.
When I attempt to configure Tomcat to use digest authentication (and restart Tomcat),
weird things happen. conf/server.xml contains:
Realm className = org.apache.catalina.realm.MemoryRealm
digest= MD5
pathname = conf/tomcat-users.xml
Hi Folks,
I'm trying to setup a web app protected with an http digest
authentication. Everything looks fine, except that Tomcat behaves like my
username/password were always wrong.
I tested it against the following clients (supporting digest auth of
course) :
- Opera 6.0
- Internet Explorer
Hello,
We have an authentication problem using Tomcat.
Briefly, we have set up a simple webapp with DIGEST
authentication. It works fine with IE5, but it fails
on Mozilla. We have also tested Mozilla on an Apache
Http server with DIGEST authentication, and it works!
So, we assume
:
Client: MZ-0.9.9/Deb-2.2r5
Server: Apache 1.3.24/Deb-2.2r5
Auth: DIGEST
Hope this helps...
Larry
[EMAIL PROTECTED] 05/29/02 01:45AM
Hello,
We have an authentication problem using Tomcat.
Briefly, we have set up a simple webapp with DIGEST
authentication. It works fine with IE5
Using the default memory realm I have modified the Tomcat server.xml to
store the passwords encrypted as follows :
Realm className=org.apache.catalina.realm.MemoryRealm digest=MD5 /
This works fine.
For my tests I would also like to use digest authorization to transfer the
password over the
As nobody answered this question the first time around lets have another go !
Using the default memory realm I have modified the Tomcat server.xml to
store the passwords encrypted as follows :
Realm className=org.apache.catalina.realm.MemoryRealm digest=MD5 /
This works fine.
For my tests I
Hi,
I have a tomcat server using a JNDI-Realm to authenticate against a LDAP
server. It works fine when using the BASIC authentication mode, but it
doesn´t work when specifying the DIGEST authentication mode.
There´s no error message in tomcat, neither in the LDAP server, so I used a
sniffer
I forgot to mention that it´s a tomcat 4.01 .
-Mensaje original-
De: Meurant , Gerald [mailto:[EMAIL PROTECTED]]
Enviado el: lunes, 18 de febrero de 2002 13:23
Para: [EMAIL PROTECTED]
Asunto: Digest authentication problem
Hi,
I have a tomcat server using a JNDI-Realm to authenticate
hi
i am facing the same problem. there is a problem while using the digest authentication
mode. it seems the password format return by ldap,in my case netscape directory
structure, is different than one used by the digest class of tomcat.netscape uses
base64 encoding while tomcat uses some
Thanks, I´ll go the same way (now I don´t know really how the bind
authentication can be done) ;)
-Mensaje original-
De: jay n gaba [mailto:[EMAIL PROTECTED]]
Enviado el: lunes, 18 de febrero de 2002 15:51
Para: Tomcat Users List
Asunto: Re: RE: Digest authentication problem
hi
i am
Netscape 4.x versions don't implement DIGEST authentication. When faced with a DIGEST
auth, Netscape 4.x will ask the user for a username and password, and send the server
a BASIC auth. This is why you're seeing base64 encoded header in a Netscape request -
it's BASIC auth, not DIGEST auth
hi attila
thank you. can u give some pointers on bind authentication method.
thanks.
regards
jay
On Mon, 18 Feb 2002 Attila Szegedi wrote :
Netscape 4.x versions don't implement DIGEST
authentication. When faced with a DIGEST auth, Netscape
4.x will ask the user for a username
Hi all,
I need to implement digest authentication using servlets.
Just wondering if anyone came across something that can be reused.
Is there any support for it in Tomcat? how do i use it if so?
I'm also not sure if JDK itself provides any support for it. I see there's
a class
61 matches
Mail list logo