Re: How do auth-method BASIC and DIGEST play together with some credential helper?

Mark Thomas Tue, 15 Nov 2022 03:51:20 -0800

On 15/11/2022 10:20, Thorsten Schöning wrote:

<snip/>

So, is it even possible to use SecretKeyCredentialHandler and
auth-method DIGEST together or am I required to use BASIC? If DIGEST
is supported, how does that and credential helper work together
without plain-text password available at the server at all?

Yes. Completely possible. You just have to create the digests in theright format.


https://tomcat.apache.org/tomcat-10.1-doc/realm-howto.html#Digested_Passwords

In short, the digested value you save as the user credential is one ofthe inputs the client uses when calculating the value to use in theauthorization header. The other values are parts of the request and/orprovided by the server. Hence both the client and server are able tocalculate the same digest.

Seehttps://github.com/apache/tomcat/blob/main/java/org/apache/catalina/realm/RealmBase.java#L389


Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How do auth-method BASIC and DIGEST play together with some credential helper?

Reply via email to