You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/08/19 19:41:01 UTC
DO NOT REPLY [Bug 22563] New: -
Digest authentication failure due to bug in org.apache.catalina.authenticator.DigestAuthenticator
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22563>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22563
Digest authentication failure due to bug in org.apache.catalina.authenticator.DigestAuthenticator
Summary: Digest authentication failure due to bug in
org.apache.catalina.authenticator.DigestAuthenticator
Product: Tomcat 4
Version: 4.1.27
Platform: Macintosh
OS/Version: MacOS X
Status: NEW
Severity: Major
Priority: Other
Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: csharp@mac.com
RFC2617 defines the "nc-value" in the BNF as "8LHEX" which should be used
unquoted in the digest computation.
Clients are allowed to quote any token. Server must be able to strip quotes
appropriately.
The findPrincipal() method of the DigestAuthentictor class does not correctly
strip quotes off of the nc-value token.
References:
http://www.ietf.org/rfc/rfc2617.txt
http://lists.w3.org/Archives/Public/ietf-http-wg/2003AprJun/0017.html
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org