On 9/15/05, bachoo jahnkar <[EMAIL PROTECTED]> wrote:
> Im trying to use Digest authentication with an AXIS web service hosted on
> ...
> connect the URL configured on the secure realm from IE 6.0. Presto whatever
> I tried I always got 401. Once i changed authentication back
http://www.devx.com/DevX/Article/21911
Chandan Gupta <[EMAIL PROTECTED]> wrote:
Hi,
Im trying to use Digest authentication with an AXIS web service hosted on
Tomcat 5.0.28. The problem is in setting up Digest authentication for
Tomcat. I did as was written in HOW-TO setting up a JDBC re
Hi,
Im trying to use Digest authentication with an AXIS web service hosted on
Tomcat 5.0.28. The problem is in setting up Digest authentication for
Tomcat. I did as was written in HOW-TO setting up a JDBC realm, I tried to
connect the URL configured on the secure realm from IE 6.0. Presto
ntication
by putting the following in my web.xml
BASIC
JDBCRealm
However, I change "BASIC" above to "DIGEST" to induce the server to
tell the client that DIGEST authentication is required, meaning that
instead of sending the username and password as a Base64 en
to "DIGEST" to induce the server to tell
the client that DIGEST authentication is required, meaning that instead
of sending the username and password as a Base64 encoded text string,
which anyone can decode and thereby compromise the user's credentials,
it will send a hash of the
uot;DIGEST" to induce the server to tell
the client that DIGEST authentication is required, meaning that instead
of sending the username and password as a Base64 encoded text string,
which anyone can decode and thereby compromise the user's credentials,
it will send a hash of the
To: Tomcat Users List
Subject: Re: DIGEST authentication; Does it work??
So at 3:00 AM I decided to read the Basic and Digest Access
Authentication spec (RFC 2617), and it says that MD5 is the default hash
algorithm. I had previously seen that Tomcat wasn't sending any response
he
n the element in Server.xml. So I changed my
digest algorithm for the realm to MD5, and DIGEST authentication is now
working.
I'd like to make it work with SHA-1. I've looked all through the Tomcat
documentation, and I can't find a configuration parameter to set the
www-authenti
omcat 4.1.24. But guess what. When I digest the same info
with the same algorithm specifier (SHA) in Tomcat 4.1.24 and Tomcat
5.5.8 I get different digest values. And DIGEST authentication still
doesn't work, in either case. Something very strange is going on here. :(
-Mark
Mark Leone wrote:
O
Okay, I was using 5.5.7. So I just downloaded the source and built
5.5.8, and things got worse. Digest authentication is not working for
me. I believe I've set everything up correctly. Using an HTTP monitor I
see a 401 response coming back from Tomcat with a www-authenticate
header
digest realm.
You need to be using 4.1.x from CVS HEAD or 5.5.8+
For more info see:
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/realm-howto.html
Mark
Mark Leone wrote:
I'm trying to use DIGEST authentication with Tomcat, and it doesn't seem
to work. I found some articles with Googl
I'm trying to use DIGEST authentication with Tomcat, and it doesn't seem
to work. I found some articles with Google about IE implementing DIGEST
authentication in a way that only worked with MS servers, and I assume
that hasn't been corrected. But I'm also using Firefox wi
Hi all,
> Has anyone created a DataSourceRealm that works with DIGEST
> authentication? I'm planning to make one, but only if I'm not
> reinventing the wheel.
If anyone's interested, here's what I have so far:
http://sylow.no-ip.com/pub/apache/jakarta/tomcat/D
Hi all,
Has anyone created a DataSourceRealm that works with DIGEST
authentication? I'm planning to make one, but only if I'm not
reinventing the wheel.
A relative bugzilla issue:
http://issues.apache.org/bugzilla/show_bug.cgi?id=19767
Best regards,
-- Shinobu Kawai
--
Shi
>-Original Message-
>From: Shinobu Kawai [mailto:[EMAIL PROTECTED]
>Sent: Friday, October 08, 2004 1:14 AM
>To: Tomcat Users List
>Subject: Re: Using Digested Passwords and DIGEST Authentication at the
sam
>e time.
>
>Hi Phillip,
>
>Thanks for the inform
Hi Phillip,
Thanks for the information.
> - Not all browsers supported DIGEST authentication, so you can't gurantee
> that all clients will be able to authenticate... Internet Explorer and
> Knoqueror are two browsers that do support DIGEST authentication. Mozilla
> 1.0 claims
As I am knew to Tomcat I will ask you to excuse my ignorance. I have just
realized (and I am asking those with the necessary experience to verify
this) that when you talk about "DIGEST" authentication there are really two
separate and distinct forms of it:
1. Indicate to the BROWSER
It's interesting you know. I read a book called "Professional Apache Tomcat"
published by Worx. In Chapter 16 Tomcat Security, the author says
- Not all browsers supported DIGEST authentication, so you can't gurantee
that all clients will be able to authenticate... Internet Ex
re it with the value stored in database.
-Original Message-
From: Shinobu Kawai [mailto:[EMAIL PROTECTED]
Sent: October 7, 2004 12:51 PM
To: Tomcat Users List
Subject: Re: Using Digested Passwords and DIGEST Authentication at the sam e
time.
Hi Phillip,
> Have you tried it based on t
Hi Phillip,
> Have you tried it based on the howto?
Yep.
Here's what I tried: (All with o.a.c.r.MemoryRealm)
clear text + BASIC -> works!
clear text + DIGEST -> works!
MD5 digest + BASIC -> works!
SHA digest + BASIC -> works!
MD5 digest + DIGEST -> doesn't work!
SHA digest + DIGEST -> doesn't work
Have you tried it based on the howto?
-Original Message-
From: Shinobu Kawai [mailto:[EMAIL PROTECTED]
Sent: October 7, 2004 12:01 PM
To: [EMAIL PROTECTED]
Subject: Using Digested Passwords and DIGEST Authentication at the same
time.
Hi all,
I'm looking for a way to use Dig
Hi all,
I'm looking for a way to use Digested Passwords as in
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html
and DIGEST Authentication at the same time. I have found relative
questions/threads in the list:
http://www.mail-archive.com/[EMAIL PROTECTED]/msg97135
To: 'Tomcat Users List'
> Subject: DIGEST Authentication in Tomcat 4 vs Tomcat 5
>
> Can anyone point me to information concerning whether or not DIGEST
> authentication works in Tomcat 4 and/or Tomcat 5? I have only found
> conflicting information on the web as wel
x27;t done tested it for 4.x
(you should upgrade to 5 anyways if possible for you).
Yoav Shapira
Millennium Research Informatics
>-Original Message-
>From: Anderson, M. Paul [mailto:[EMAIL PROTECTED]
>Sent: Tuesday, October 05, 2004 6:30 PM
>To: 'Tomcat Users List'
&g
Can anyone point me to information concerning whether or not DIGEST
authentication works in Tomcat 4 and/or Tomcat 5? I have only found
conflicting information on the web as well as in several books. Is there a
tutorial out there somewhere that would help me set this up? I have seen
comments
Hi guys.
I'm having trouble setting up DIGEST authentication for single webapp in
Tomcat 5.0.27.
does anyone have done it successfully
I'd appreciate some guidance in this area
Alex
There is only very minimal support for DIGEST authentication. So minimal that in
practice I can't see how it could be of any use at this point in time.
It is on the list to be improved, but no idea for when:
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/status.html
Original Me
I think it supports digest authentication. However I
can not make it works even in the simplest case. I
have a basic tomcat 5 installation with one of my web
application. I'd like to use digest authentication(I
do not send password to server in clear text).
The configuration is like
I can use Basic auth, and FORM-based auth,using the UserDatabaseRealm, with no
problem. But when I try to use DIGEST, like this:
DIGEST
UserDatabase
...etc
Tomcat obviously recognizes the keyword, because I get prompted by a different type of
screen from IE. But I can';t authentic
Hi,
I'm using Tomcat 4.1.18, Apache 1.3.27 and mod_jk as the connector. I want
to implement DIGEST authentication on tomcat. I implemented already the
BASIC authentication which is working fine. But if I want to change to
DIGEST it doesn't work anymore.
This is the contents of
> -Original Message-
> From: Sam Ewing [mailto:[EMAIL PROTECTED]]
>
>
> On the same issue... does using DIGEST Authentication
> work when the password itself is stored in digest
> form?
No, it doesn't. I tried with MD5 digested passwords ( set "digest"
On the same issue... does using DIGEST Authentication
work when the password itself is stored in digest
form?
I wasnt able to get it to work...
/s
--- Sam Ewing <[EMAIL PROTECTED]> wrote:
> I might be wrong.. but there is a difference between
> using Digest for authentication and
digest format you wish to use?
>
> -Original Message-
> From: KUMAR,PANKAJ (HP-Cupertino,ex1)
> [mailto:[EMAIL PROTECTED]]
> Sent: Monday, January 06, 2003 11:13 AM
> To: '[EMAIL PROTECTED]'
> Subject: REPOST: Tomcat 4.1.18: Digest
> authentication not work
ct: REPOST: Tomcat 4.1.18: Digest authentication not working?
Hi,
I am resposting this message as I did not get any answer/comment/advice.
Has anyone ever got Digest authentication working with Tomcat?
-Original Message-
From: KUMAR,PANKAJ (HP-Cupertino,ex1) [mailto:[EMAIL PROTECTED]]
Subje
Ahoy there!
This is an automated response, to let you know
that we have received your query and will answer
your email as soon as possible.
We know you'd like to get back to playing our
state-of-the-art online games. We'd therefore like
to assure you that we are determined to keep our
service at
Hi,
I am resposting this message as I did not get any answer/comment/advice.
Has anyone ever got Digest authentication working with Tomcat?
-Original Message-
From: KUMAR,PANKAJ (HP-Cupertino,ex1) [mailto:[EMAIL PROTECTED]]
Subject: Tomcat 4.1.18: Digest authentication not working?
Hi
Hi,
I am a relative newbiw to Tomcat.
The manager application works with BASIC authentication (default
configuration), after making appropriate user and role entries in
conf/tomcat-users.xml file.
However, when I change BASIC to DIGEST as shown below:
Default web.xml for "manager":
...
BA
ra: 'Tomcat Users List'
Assunto: RE-POST RE: digest authentication or
DIGEST
-Original Message-
From: Koes, Derrick
Sent: Tuesday, November 05, 2002 6:43 PM
To: 'Tomcat Users List'
Subject: RE: digest authentication or DIGEST
I think what is really happenin
2002 16:53
Para: 'Tomcat Users List'
Assunto: RE: Digest authentication with JDBCRealm: doesn't seems to work
Change
DIGEST
to
BASIC
-Original Message-
From: Iran Marcius [mailto:iran@;isic.com.br]
Sent: Thursday, November 07, 2002 1:29 PM
To: [EM
-Original Message-
From: Koes, Derrick
Sent: Tuesday, November 05, 2002 6:43 PM
To: 'Tomcat Users List'
Subject: RE: digest authentication or DIGEST
I think what is really happening is that the realm is handling the digesting
to do the password "match". Setting a
Change
DIGEST
to
BASIC
-Original Message-
From: Iran Marcius [mailto:iran@;isic.com.br]
Sent: Thursday, November 07, 2002 1:29 PM
To: [EMAIL PROTECTED]
Subject: Digest authentication with JDBCRealm: doesn't seems to work
Hi.
I'm trying to
Hi.
I'm trying to use digest authentication with JDBCRealm and SHA
algorithm, but it doesn't seems to work.
Here is my context:
And here is my relevant lines in web.xml:
DIGEST
When I use BASIC method, as a lot of people wrote before, everything
works
Hi.
I'm trying to do a digest authentication using a JDBCRealm with SHA
digest.
Here is my context:
And here is my relevant lines in web.xml:
DIGEST
When I use the BASIC method, as a lot of people wrote before, everything
works fine, but with DIGEST met
you select
DIGEST? What if all your passwords are SHA-1?
Derrick
-Original Message-
From: Frank Balluffi [mailto:frank.balluffi@;db.com]
Sent: Tuesday, November 05, 2002 6:25 PM
To: Tomcat Users List
Subject: RE: digest authentication or DIGEST
Jake,
Because tomcat-users.xml only co
e was that web.xml's auth-method needed to be set to BASIC, not DIGEST.
That said, I do not see much advantage in using digest authentication over
"Koes,
Derrick"
nephew.com> cc:
Subject: RE: digest
authentication or DIGEST
11/05/2002 01:29
PM
Please respond
to
cc:
Subject: RE: digest authentication
or DIGEST
11/05/2002 01:29 PM
Plea
Leave the in the web.xml as BASIC.
-Original Message-
From: Frank Balluffi [mailto:frank.balluffi@;db.com]
Sent: Monday, November 04, 2002 6:01 PM
To: [EMAIL PROTECTED]
Subject: digest authentication or DIGEST
I am able to successfully configure Tomcat 4.1.12 to use basic
servlet successfully runs.
When I attempt to configure Tomcat to use digest authentication (and restart Tomcat),
weird things happen. conf/server.xml contains:
conf/tomcat-users.xml contains:
I used the following command to MD5 digest the password "password" [without th
Hi Folks,
I'm trying to setup a web app protected with an http digest
authentication. Everything looks fine, except that Tomcat behaves like my
username/password were always wrong.
I tested it against the following clients (supporting digest auth of
course) :
- Opera 6.0
- Internet Exp
:
Client: MZ-0.9.9/Deb-2.2r5
Server: Apache 1.3.24/Deb-2.2r5
Auth: DIGEST
Hope this helps...
Larry
>>> [EMAIL PROTECTED] 05/29/02 01:45AM >>>
Hello,
We have an authentication problem using Tomcat.
Briefly, we have set up a simple webapp with DIGEST
authentication.
Hello,
We have an authentication problem using Tomcat.
Briefly, we have set up a simple webapp with DIGEST
authentication. It works fine with IE5, but it fails
on Mozilla. We have also tested Mozilla on an Apache
Http server with DIGEST authentication, and it works!
So, we assume that there is
Hi Shimon,
Those browser versions probably don't support Digest authentication. The
default is Base 64 encoding (not encryption) so at least your password don't
go as clear text.
If you don't want to use HTTPS you'll have to use form based authentication
and put an ap
As nobody answered this question the first time around lets have another go !
Using the default memory realm I have modified the Tomcat server.xml to
store the passwords encrypted as follows :
This works fine.
For my tests I would also like to use digest authorization to transfer the
password
Using the default memory realm I have modified the Tomcat server.xml to
store the passwords encrypted as follows :
This works fine.
For my tests I would also like to use digest authorization to transfer the
password over the wire. To do this I put the following in my web.xml file
DIGES
hi attila
thank you. can u give some pointers on bind authentication method.
thanks.
regards
jay
On Mon, 18 Feb 2002 Attila Szegedi wrote :
> Netscape 4.x versions don't implement DIGEST
> authentication. When faced with a DIGEST auth, Netscape
> 4.x will ask the user for
Netscape 4.x versions don't implement DIGEST authentication. When faced with a DIGEST
auth, Netscape 4.x will ask the user for a username and password, and send the server
a BASIC auth. This is why you're seeing base64 encoded header in a Netscape request -
it's BASIC auth,
Thanks, I´ll go the same way (now I don´t know really how the bind
authentication can be done) ;)
-Mensaje original-
De: jay n gaba [mailto:[EMAIL PROTECTED]]
Enviado el: lunes, 18 de febrero de 2002 15:51
Para: Tomcat Users List
Asunto: Re: RE: Digest authentication problem
hi
i am
hi
i am facing the same problem. there is a problem while using the digest authentication
mode. it seems the password format return by ldap,in my case netscape directory
structure, is different than one used by the digest class of tomcat.netscape uses
base64 encoding while tomcat uses some
I forgot to mention that it´s a tomcat 4.01 .
-Mensaje original-
De: Meurant , Gerald [mailto:[EMAIL PROTECTED]]
Enviado el: lunes, 18 de febrero de 2002 13:23
Para: [EMAIL PROTECTED]
Asunto: Digest authentication problem
Hi,
I have a tomcat server using a JNDI-Realm to authenticate
Hi,
I have a tomcat server using a JNDI-Realm to authenticate against a LDAP
server. It works fine when using the BASIC authentication mode, but it
doesn´t work when specifying the DIGEST authentication mode.
There´s no error message in tomcat, neither in the LDAP server, so I used a
sniffer to
Hi,
I am using Tomcat 4.0.1 with apache 1.3.22 (with the webapp warp connector)
and DB2 on windows NT4 (SP6). I would like to use DIGEST authentication but
it does not seem to be working. Further, after reading the Tomcat
documentation I am not sure whether it is supposed to work in this
Hi all,
I need to implement digest authentication using servlets.
Just wondering if anyone came across something that can be reused.
Is there any support for it in Tomcat? how do i use it if so?
I'm also not sure if JDK itself provides any support for it. I see there'
Hi,
I'd like to use the Digest authentication on Tomcat. I set my app's
web.xml as follows:
http://java.sun.com/j2ee/dtds/web-app_2_3.dtd";>
sample
SampleServlet
properties
WEB-INF/sample.properties
sam
64 matches
Mail list logo
