You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Victor Jesus Angus <vj...@ntsp.nec.co.jp> on 2003/01/06 03:08:13 UTC

RealmBase authenticate serverDigest value always different w/ clientDigest

I enabled the debug lines of RealmBase.authenticate class
(org.apache.catalina.realm.RealmBase.java) 
from tomcat 4.1.18 on redhat 7.3 with mozilla 1.2.1
as my client browser and the Realm used is MemoryRealm.

The value of qop is always 'ut' instead of 'auth' 
which always results to a wrong serverDigest and authenticate method
always returns null.

Digest : a852b77dccce0bb62c8153a76b172503
************ Digest info
Username:vjangus
ClientSigest:a852b77dccce0bb62c8153a76b172503
nOnce:0a2685c59020bbd7ca83587b6a8e4ccc
nc:00000001
cnonce:c5bbd25b487957ed
qop:ut
realm:myrealm
md5a2:cda7e191666d50da04e65e951582a898
Server digest : 5e4ae83c6e6106b4c5131c16ae6b557b
password:vjangus --> getPassword(username)
md5a1:b11e0c1095a37e4768272c3df45575b2 

I think also the calculation of H(A1) 
or MD5(username:nonce:password) is not necessary to be
in RealmBase.authenticate(...) rather H(A1) should
be stored already in the realm db (as per implementation of
digest authentication in apache 1.3)

Hoping for anybodys comments =)
Happy New Year!

vj


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>