Torgeir Veimo wrote:
>
> "Craig R. McClanahan" wrote:
> >
> > * Support for two major modes of operation:
> >
> > * SYSTEM LOGIN. Realm implementation binds itself to the server using
> > a system-level username/password, then reads the username and password
> > attributes to perform authentication (analogous to how JDBCRealm
> > works). Would also support the optional digesting functionality that
> > JDBCRealm supports.
> >
> > * USER LOGIN. Realm implementation attempts to bind to the server
> > using the username and password specified by the user. If this is
> > successful, the user is considered to be authenticated, and the
> > associated roles are looked up.
>
> This is the way we do it, but it has the problem of not being able to be
> used with digest authentication, since the input to the digest method
> are different when done on the LDAP server, and when done by the http
> client.
Well I was wrong, see http://www.ietf.org/rfc/rfc2831.txt.
--
- Torgeir