Re: DIGEST authentication; Does it work??

2005-03-23 Thread Mark Leone
So at 3:00 AM I decided to read the Basic and Digest Access Authentication spec (RFC 2617), and it says that MD5 is the default hash algorithm. I had previously seen that Tomcat wasn't sending any response headers explicitly specifying the hash algorithm, even though I had specified SHA in the

RE: DIGEST authentication; Does it work??

2005-03-23 Thread David Owens
, 2005 1:53 AM To: Tomcat Users List Subject: Re: DIGEST authentication; Does it work?? So at 3:00 AM I decided to read the Basic and Digest Access Authentication spec (RFC 2617), and it says that MD5 is the default hash algorithm. I had previously seen that Tomcat wasn't sending any response

Re: DIGEST authentication; Does it work??

2005-03-23 Thread Mark Leone
for you. |)ave -Original Message- From: Mark Leone [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 23, 2005 1:53 AM To: Tomcat Users List Subject: Re: DIGEST authentication; Does it work?? So at 3:00 AM I decided to read the Basic and Digest Access Authentication spec (RFC 2617), and it says

Re: DIGEST authentication; Does it work??

2005-03-23 Thread Mark Leone
if this works for you. |)ave -Original Message- From: Mark Leone [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 23, 2005 1:53 AM To: Tomcat Users List Subject: Re: DIGEST authentication; Does it work?? So at 3:00 AM I decided to read the Basic and Digest Access Authentication spec (RFC 2617

Re: DIGEST authentication; Does it work??

2005-03-23 Thread Mark Leone
think they are trying to indicate this is a key word you can use in the realm tag. Let us know if this works for you. |)ave -Original Message- From: Mark Leone [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 23, 2005 1:53 AM To: Tomcat Users List Subject: Re: DIGEST authentication; Does

Re: DIGEST authentication; Does it work??

2005-03-22 Thread Mark Thomas
Yes it does. I tested this extensively with both IE and Firefox. Any combination of the following is OK: Auth: BASIC, FORM, DIGEST Realm: Memory, UserDatabase, JDBC, DataSource Passwords: Cleartext, digested There is a complication when using digested passwords with the

Re: DIGEST authentication; Does it work??

2005-03-22 Thread Mark Leone
Okay, I was using 5.5.7. So I just downloaded the source and built 5.5.8, and things got worse. Digest authentication is not working for me. I believe I've set everything up correctly. Using an HTTP monitor I see a 401 response coming back from Tomcat with a www-authenticate header whose

Re: DIGEST authentication; Does it work??

2005-03-22 Thread Mark Leone
I found a silly classpath error that fixed the problem using RealmBase. I didn't realize that my system still had environment variable %catalina_home% pointing to an old tomcat 4.1.24 directory. So when I opened a command window to generate digest values I was executing RealmBase in tomcat