Peter,
On 11/16/23 13:06, Peter Otto wrote:
1. Configure BASIC auth with clear-text passwords in the Realm and get
that working.
2. Switch to DIGEST auth with clear-text passwords in the Realm and get
that working.
3. Then configure DIGEST auth and digested passwords in the Realm.
Hi Chris,
Step 1 & 2 work
Good.
Step 3 will not work with the clear txt password, only the digested password,
which means the text password in tomcat-users.xml. In past versions of
Tomcat, the clear text password would work.
What does your Authentication request header look like?
On line # 1154 in Realmbase.java we read.
String digestValue = username + ":" + realmName + ":" + getPassword(username);
The method getPassword(username) is using the digested password, when it should
use the clear text password.
Here is how I run digest in powershell.
.\digest.bat -a MD5 -i 1 -s 0 tomcat:UserDatabase:nobueno
RealmBase.java is not using the clear text password, instead it is using the
digested password. This will return false for the manager access.
When I replace the getPassword(username) and replace it with the clear text
password, it will then WORK.
How did you configure things for Mark's #3 task above? Including the
commands you used to generate the stored-credential?
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org