There is only very minimal support for DIGEST authentication. So minimal that in practice I can't see how it could be of any use at this point in time.
It is on the list to be improved, but no idea for when: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/status.html ---- Original Message ---- Message-ID: <[EMAIL PROTECTED]> Date: Thu, 22 Jul 2004 20:35:13 -0700 (PDT) From: jiesheng zhang <[EMAIL PROTECTED]> Subject: Does tomcat5 support digest authentication? To: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii I think it supports digest authentication. However I can not make it works even in the simplest case. I have a basic tomcat 5 installation with one of my web application. I'd like to use digest authentication(I do not send password to server in clear text). The configuration is like this <security-constraint> <web-resource-collection> <web-resource-name>The Entire Web Application</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>tomcat</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>DIGEST</auth-method> <realm-name>Tomcat Supported Realm</realm-name> </login-config> <security-role> <description> An example role defined in \"conf/tomcat-users.xml\" </description> <role-name>tomcat</role-name> </security-role> However, it does not work. I always get 403 (access is denied error). If I use BASIC authentication, everything works fine. I searched the mail list. It seemed other people also has this problem. However there is no any solution posted for it. Have anyone get digest authentication works?If anyone does, what extra step/caution should I takes? Thanks __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
