You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Alexander Dietrich <al...@dietrich.cx> on 2002/03/05 10:40:00 UTC

Re: general/9977: Digest authentication fails on POST request

The following reply was made to PR general/9977; it has been noted by GNATS.

From: Alexander Dietrich <al...@dietrich.cx>
To: apbugs@apache.org
Cc:  
Subject: Re: general/9977: Digest authentication fails on POST request
Date: Tue, 5 Mar 2002 10:41:22 +0100

 slive@apache.org wrote:
 
 > 1. Try it in IE6 or another browser known to support
 > the most recent digest spec.
 
 Sorry, I don't have IE6. Does Opera for Linux support it ?
 
 > 2. Put a sniffer on the line and see if mozilla is
 > really sending the right thing.
 
 This is what ethereal sniffed, I only include the auth headers:
 (I am not a digest auth expert, so unfortuantely I can't tell
 if there's anything suspicious going on.)
 
 GET /cgi-bin/forum.pl HTTP/1.1
 
 HTTP/1.1 401 Authorization Required
 WWW-Authenticate: Digest realm="private", nonce="EXZ+PA==82751188dcd5a82a6cda69656d8473f8efe2cbce", algorithm=MD5, domain="/cgi-bin/forum.pl", qop="auth"
 
 GET /cgi-bin/forum.pl HTTP/1.1
 Authorization: Digest username="foo", realm="private", nonce="EXZ+PA==82751188dcd5a82a6cda69656d8473f8efe2cbce", uri="/cgi-bin/forum.pl", algorithm=MD5, response="b349ac4f14357acc9e38a6f16895f7b9", qop=auth, nc=00000001, cnonce="c5bbd25b487957ed"
 
 HTTP/1.1 200 OK
 Authentication-Info: rspauth="7327570c586207eca2afae94fc20903d", cnonce="c5bbd25b487957ed", nc=00000001, qop=auth
 
 GET /cgi-bin/forum.pl?submit HTTP/1.1
 Authorization: Digest username="foo", realm="private", nonce="EXZ+PA==82751188dcd5a82a6cda69656d8473f8efe2cbce", uri="/cgi-bin/forum.pl?submit", algorithm=MD5, response="b18ef2508218534c8b23ac5a816dbeeb", qop=auth, nc=00000002, cnonce="9a29032c2611e37c"
 
 HTTP/1.1 200 OK
 Authentication-Info: rspauth="34171bff37b1de3113044ad44af36351", cnonce="9a29032c2611e37c", nc=00000002, qop=auth
 
 POST /cgi-bin/forum.pl?preview HTTP/1.1
 Authorization: Digest username="foo", realm="private", nonce="EXZ+PA==82751188dcd5a82a6cda69656d8473f8efe2cbce", uri="/cgi-bin/forum.pl?preview", algorithm=MD5, response="e19850a9a261cce58820e35b406bfaf0", qop=auth, nc=00000003, cnonce="94977e4b7b6d45cd"
 
 HTTP/1.1 401 Authorization Required
 WWW-Authenticate: Digest realm="private", nonce="HXZ+PA==e7e86a9c01f7d33dfda8ae0dd70a990186b3411a", algorithm=MD5, domain="/cgi-bin/forum.pl", qop="auth"
 
 POST /cgi-bin/forum.pl?preview HTTP/1.1
 Authorization: Digest username="foo", realm="private", nonce="HXZ+PA==e7e86a9c01f7d33dfda8ae0dd70a990186b3411a", uri="/cgi-bin/forum.pl?preview", algorithm=MD5, response="200fbc500ae40f80473ad5f3464058e6", qop=auth, nc=00000001, cnonce="1e7129d500603edc"
 
 HTTP/1.1 200 OK
 Authentication-Info: rspauth="ad4426f5abf89d62a4a24b6b031a9598", cnonce="1e7129d500603edc", nc=00000001, qop=auth
 
 POST /cgi-bin/forum.pl HTTP/1.1
 Authorization: Digest username="foo", realm="private", nonce="HXZ+PA==e7e86a9c01f7d33dfda8ae0dd70a990186b3411a", uri="/cgi-bin/forum.pl", algorithm=MD5, response="fd6058180c27e85961b803a5007b3eff", qop=auth, nc=00000002, cnonce="385b7a706dda4b95"
 
 HTTP/1.1 401 Authorization Required
 WWW-Authenticate: Digest realm="private", nonce="IXZ+PA==94aba433108fb50a6027aac831c6c8aea80e0591", algorithm=MD5, domain="/cgi-bin/forum.pl", qop="auth"
 
 POST /cgi-bin/forum.pl HTTP/1.1
 Authorization: Digest username="foo", realm="private", nonce="IXZ+PA==94aba433108fb50a6027aac831c6c8aea80e0591", uri="/cgi-bin/forum.pl", algorithm=MD5, response="3d0e1afff2f49af0bf4e6b9f5077cda1", qop=auth, nc=00000001, cnonce="a26dc43d5ae89c6d"
 
 HTTP/1.1 200 OK
 Authentication-Info: rspauth="42b4e9ddcc29a6bd9dfa0b19994b1071", cnonce="a26dc43d5ae89c6d", nc=00000001, qop=auth
 
 GET /cgi-bin/forum.pl?msg=7 HTTP/1.1
 Authorization: Digest username="foo", realm="private", nonce="IXZ+PA==94aba433108fb50a6027aac831c6c8aea80e0591", uri="/cgi-bin/forum.pl?msg=7", algorithm=MD5, response="858d4eb819b1f612eb4eebbbb4facbad", qop=auth, nc=00000002, cnonce="5cad73ed2d9694b4"
 
 HTTP/1.1 200 OK
 Authentication-Info: rspauth="4deb794450cd3b31eb22db5ce2682553", cnonce="5cad73ed2d9694b4", nc=00000002, qop=auth
 
 
 Regards,
 Alexander Dietrich
 -- 
 ( Alexander Dietrich <al...@dietrich.cx> )