You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by "Roy T. Fielding" <fi...@liege.ICS.UCI.EDU> on 1996/10/09 02:38:10 UTC

mod_digest problem

Something to chew on if anyone is bored.

.....Roy

------- Forwarded Message

Date: Tue, 8 Oct 1996 18:51:09 -0400 (EDT)
Message-Id: <19...@postman.osf.org>
To: Gisle Aas <aa...@bergen.sn.no>, libwww-perl@ics.uci.edu
From: Doug MacEachern <do...@osf.org>
Subject: Re: Does Digest Access Authentication work?
X-Mailing-List: <li...@ics.uci.edu> archive/1996-q4/31

At 03:31 PM 10/8/96 +0200, Gisle Aas wrote:
>Is there anybody who use "Digest Access Authentication" that comes
>with libwww-perl?
>
>I tried to set it up against an apache_1.1.1 server without much luck.
>Does anybody know which other user agents support digest authentication?

It works with NCSA httpd 1.5.2, which is what the support was developed
against, before Apache supported the scheme (I think).  I thought it worked
with Apache at one point.  When I try to authenticate NT-Mosaic 2.1beta
against Apache/1.2dev, it prompts me for "MD5 Authentication", I enter my
password, and poof!  Mosaic crashes.  But, Mosaic too, works fine with
NCSA/1.5.2
Netscape is still braindead to the scheme all together.

Initial request from Mosaic, Apache/1.2-dev responds:

HTTP/1.0 401 Unauthorized
Connection: close
Date: Tue, 08 Oct 1996 22:19:46 GMT
Server: Apache/1.2-dev
WWW-Authenticate: Digest realm="OSF", nonce="844813186"
Content-Type: text/html

Mosaic dies before response challenge

Inital request from lwp-request, Apache/1.2 responds:

HTTP/1.0 401 Unauthorized
Connection: close
Date: Tue, 08 Oct 1996 22:31:21 GMT
Server: Apache/1.2-dev
WWW-Authenticate: Digest realm="OSF", nonce="844813881"
Content-Type: text/html

lwp-request responds:
GET /~dougm/test/ HTTP/1.0
Authorization: Digest username="dougm", realm="OSF", nonce="844813881",
uri="/~dougm/test/", response="0d66da78328e994b4c66d5c4e3ce5086", opaque=""
Host: defiant:20033
User-Agent: lwp-request/1.26
Extension: Security/Digest

Apache responds:
HTTP/1.0 403 Forbidden
Connection: close
Date: Tue, 08 Oct 1996 22:32:04 GMT
Server: Apache/1.2-dev
Content-Type: text/html

No error_log messages.

lwp-request to NCSA/1.5.2:
HTTP/1.0 401 Unauthorized
Date: Tue, 08 Oct 1996 22:34:06 GMT
Server: NCSA/1.5.2
WWW-Authenticate: Digest realm="OSF" nonce="844814046"
opaque="aee16bc81b5bedc2eb6f780cfe9dd954"
Content-Type: text/html

lwp-responds:
GET /~dougm/test/ HTTP/1.0
Authorization: Digest username="dougm", realm="OSF", nonce="844814046",
uri="/~dougm/test/", response="0550187b4915e20fd641a7fcb6998167",
opaque="aee16bc81b5bedc2eb6f780cfe9dd954"
Host: www
User-Agent: lwp-request/1.26
Extension: Security/Digest

NCSA responds:
HTTP/1.0 200 Document follows
Date: Tue, 08 Oct 1996 22:34:51 GMT
Server: NCSA/1.5.2
Content-Type: text/html

Hmm, time to re-read
http://hopf.math.nwu.edu/digestauth/draft.rfc
Does anyone who is fresh with the draft see the problem?
I'll send a patch in if I find the problem.

Regards,
- -Doug
  
>
>Regards,
>Gisle
>
>


------- End of Forwarded Message