You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by digby <li...@digby.net> on 2006/05/03 16:34:40 UTC

Re: auth-mode=DIGEST and MD5 digested passwords

Great- thanks a lot for that. I'll have a read up, but it's obviously 
going to be hard recoding the digested passwords when i don't know the 
original.

Mark Thomas wrote:
> digby wrote:
>> Is there anything to be aware of when (confusingly) you're doing DIGEST
>> authentication with a standard JDBC realm using MD5 digested passwords?
>>
>> I've just tried changing an existing app with BASIC authentication to
>> DIGEST and it stopped authenticating me. I tried all sorts of web.xml
>> combinations but nothing worked until I put it back to BASIC.
> 
> If you switch from BASIC auth + MD5 digested password in realm to DIGEST
> auth + MD5 digested password in realm then you will need to regenerate
> the digests.
> 
> In the BASIC auth + digested passwords case you digest:
> password
> 
> In the DIGEST auth + digested passwords case you digest:
> username:realm:cleartext-password
> 
> The realm is as specified in web.xml or, if not specifed, host:port
> 
> http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#Digested%20Passwords
> explains this fully.
> 
> HTH,
> 
> Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org