You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by digby <li...@digby.net> on 2006/05/03 16:34:40 UTC
Re: auth-mode=DIGEST and MD5 digested passwords
Great- thanks a lot for that. I'll have a read up, but it's obviously
going to be hard recoding the digested passwords when i don't know the
original.
Mark Thomas wrote:
> digby wrote:
>> Is there anything to be aware of when (confusingly) you're doing DIGEST
>> authentication with a standard JDBC realm using MD5 digested passwords?
>>
>> I've just tried changing an existing app with BASIC authentication to
>> DIGEST and it stopped authenticating me. I tried all sorts of web.xml
>> combinations but nothing worked until I put it back to BASIC.
>
> If you switch from BASIC auth + MD5 digested password in realm to DIGEST
> auth + MD5 digested password in realm then you will need to regenerate
> the digests.
>
> In the BASIC auth + digested passwords case you digest:
> password
>
> In the DIGEST auth + digested passwords case you digest:
> username:realm:cleartext-password
>
> The realm is as specified in web.xml or, if not specifed, host:port
>
> http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#Digested%20Passwords
> explains this fully.
>
> HTH,
>
> Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org