I might be wrong.. but there is a difference between using Digest for authentication and storing the passwords as digest version in the user tomcat-users.xml file.
The former is what Pankaj is tying to do.. this causes the passwords to be transmitted as digests version of themselves from the users browser to Tomcat. Tomcat then un-digests them and calls the Realm call to do it work. In the latter, we set the digest attribute to sha or md5 in the Realm directive in server.xml. This does not affect how the passwords are transmitted from the users browser to Tomcat. The Realm implementation computes the digest of the password and compares it with the digested version.. Am I on the right track here? /s --- "PELOQUIN,JEFFREY (HP-Boise,ex1)" <[EMAIL PROTECTED]> wrote: > When you switched to Digest mode did you convert the > original clear text > passwords to the digest format you wish to use? > > -----Original Message----- > From: KUMAR,PANKAJ (HP-Cupertino,ex1) > [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 06, 2003 11:13 AM > To: '[EMAIL PROTECTED]' > Subject: REPOST: Tomcat 4.1.18: Digest > authentication not working? > > > Hi, > > I am resposting this message as I did not get any > answer/comment/advice. > > Has anyone ever got Digest authentication working > with Tomcat? > -----Original Message----- > From: KUMAR,PANKAJ (HP-Cupertino,ex1) > [mailto:[EMAIL PROTECTED]] > Subject: Tomcat 4.1.18: Digest authentication not > working? > > > Hi, > > I am a relative newbiw to Tomcat. > > The manager application works with BASIC > authentication (default > configuration), after making appropriate user and > role entries in > conf/tomcat-users.xml file. > > However, when I change BASIC to DIGEST as shown > below: > Default web.xml for "manager": > ... > <login-config> > <auth-method>BASIC</auth-method> > <realm-name>Tomcat Manager > Application</realm-name> > </login-config> > ... > Modified web.xml for "manager": > ... > <login-config> > <auth-method>DIGEST</auth-method> > <realm-name>Tomcat Manager > Application</realm-name> > </login-config> > ... > > It doesn't work. I get the login prompt in my > browser ( I tried both IE6.0 > and Netscape 7.0 ) with the right realm string, but > after entering the user > name and the password, the prompt appers again. > > I am appending the HTTP dump (captured using a home > grown interceptor tool > ): > ================================================= > [HTTP] C --> S (370 bytes) > GET /manager/html HTTP/1.1 > Accept: image/gif, image/x-xbitmap, image/jpeg, > image/pjpeg, > application/vnd.ms- > powerpoint, application/vnd.ms-excel, > application/msword, > application/x-shockwav > e-flash, */* > Accept-Language: en-us > Accept-Encoding: gzip, deflate > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; > Windows NT 5.0) > Host: localhost:8079 > Connection: Keep-Alive > > [HTTP] C <-- S (412 bytes) > HTTP/1.1 401 Unauthorized > Pragma: No-cache > Cache-Control: no-cache > Expires: Thu, 01 Jan 1970 00:00:00 GMT > WWW-Authenticate: Digest realm="Tomcat Manager > Application", qop="auth", > nonce=" > bf3c8fa05f1260f6a9d4299d3b882339", > opaque="03758823e3b14892bb4dc34ef834fa13" > Content-Type: text/html > Content-Language: en-US > Transfer-Encoding: chunked > Date: Sun, 05 Jan 2003 08:49:24 GMT > Server: Apache Coyote/1.0 > > [HTTP] C <-- S (5 bytes) > 2ad > [HTTP] C <-- S (685 bytes) > <html><head><title>Apache Tomcat/4.1.18-LE-jdk14 - > Error > report</title><STYLE><! > --H1{font-family : sans-serif,Arial,Tahoma;color : > white;background-color : > #008 > 6b2;} H3{font-family : sans-serif,Arial,Tahoma;color > : > white;background-color : > #0086b2;} BODY{font-family : > sans-serif,Arial,Tahoma;color : > black;background-co > lor : white;} B{color : white;background-color : > #0086b2;} HR{color : > #0086b2;} > --></STYLE> </head><body><h1>HTTP Status 401 - > </h1><HR size="1" > noshade><p><b>t > ype</b> Status report</p><p><b>message</b> > <u></u></p><p><b>description</b> > <u>T > his request requires HTTP authentication > ().</u></p><HR size="1" > noshade><h3>Apa > che Tomcat/4.1.18-LE-jdk14</h3></body></html> > [HTTP] C <-- S (2 bytes) > > [HTTP] C <-- S (5 bytes) > 0 > > [HTTP] C --> S (683 bytes) > GET /manager/html HTTP/1.1 > Accept: image/gif, image/x-xbitmap, image/jpeg, > image/pjpeg, > application/vnd.ms- > powerpoint, application/vnd.ms-excel, > application/msword, > application/x-shockwav > e-flash, */* > Accept-Language: en-us > Accept-Encoding: gzip, deflate > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; > Windows NT 5.0) > Host: localhost:8079 > Connection: Keep-Alive > Authorization: Digest username="pankaj", > realm="Tomcat Manager Application", > qop > ="auth", algorithm="MD5", uri="/manager/html", > nonce="bf3c8fa05f1260f6a9d4299d3b > 882339", nc=00000001, > cnonce="f7710dc1f6683517f0dd8dfd957a50bc", > opaque="0375882 > 3e3b14892bb4dc34ef834fa13", > response="8d3c122778ae3d95564f61a2238c8f51" > > [HTTP] C <-- S (412 bytes) > HTTP/1.1 401 Unauthorized > Pragma: No-cache > Cache-Control: no-cache > Expires: Thu, 01 Jan 1970 00:00:00 GMT > WWW-Authenticate: Digest realm="Tomcat Manager > Application", qop="auth", > nonce=" > d13c9c9d094919b14030f3bff72edc6b", > opaque="bd29cf774ee39e6a3cc1c396293be208" > Content-Type: text/html > Content-Language: en-US > Transfer-Encoding: chunked > Date: Sun, 05 Jan 2003 08:49:34 GMT > Server: Apache Coyote/1.0 > > [HTTP] C <-- S (697 bytes) > 2ad > <html><head><title>Apache Tomcat/4.1.18-LE-jdk14 - > Error > report</title><STYLE><! > --H1{font-family : sans-serif,Arial,Tahoma;color : > white;background-color : > #008 > 6b2;} H3{font-family : sans-serif,Arial,Tahoma;color > : > white;background-color : > #0086b2;} BODY{font-family : > sans-serif,Arial,Tahoma;color : > black;background-co > lor : white;} B{color : white;background-color : > #0086b2;} HR{color : > #0086b2;} > --></STYLE> </head><body><h1>HTTP Status 401 - > </h1><HR size="1" > noshade><p><b>t > ype</b> Status report</p><p><b>message</b> > <u></u></p><p><b>description</b> > <u>T > his request requires HTTP authentication > ().</u></p><HR size="1" > noshade><h3>Apa > che Tomcat/4.1.18-LE-jdk14</h3></body></html> > 0 > === message truncated === __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
