You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/08/19 19:41:01 UTC

DO NOT REPLY [Bug 22563] New: - Digest authentication failure due to bug in org.apache.catalina.authenticator.DigestAuthenticator

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22563>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22563

Digest authentication failure due to bug in org.apache.catalina.authenticator.DigestAuthenticator

           Summary: Digest authentication failure due to bug in
                    org.apache.catalina.authenticator.DigestAuthenticator
           Product: Tomcat 4
           Version: 4.1.27
          Platform: Macintosh
        OS/Version: MacOS X
            Status: NEW
          Severity: Major
          Priority: Other
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: csharp@mac.com


RFC2617 defines the "nc-value" in the BNF as "8LHEX" which should be used 
unquoted in the digest computation.

Clients are allowed to quote any token. Server must be able to strip quotes
appropriately.

The findPrincipal() method of the DigestAuthentictor class does not correctly 
strip quotes off of the nc-value token.

References:
http://www.ietf.org/rfc/rfc2617.txt
http://lists.w3.org/Archives/Public/ietf-http-wg/2003AprJun/0017.html

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org