hi Chris, thank you very much.
I was confused because in the HTTP message exchanges between the browser and tomcat i saw that tomcat sent back to the browser the realm value. for that i thought was involved some kind of digest. Antonio Christopher Schultz-2 wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Antonio, > > On 2/12/2010 6:12 AM, banto wrote: >> my tomcat conf has basic auth and i have a the following in web.xml >> >> <login-config> >> <auth-method>BASIC</auth-method> >> <realm-name>The HTML Application</realm-name> >> </login-config > > That is HTTP BASIC AUTH. > >> now i´m seeing that the password during the auth is digested and has >> value. >> >> Authorization: Basic YW50b25pbzpwYXNzd29yZA== >> >> My problem is that i cannot understand where it comes from... > > That's base64(username + ':' + password). Your username is 'antonio' and > your password is 'password' in this case. > >> I´m trying all the combination, i mean i´m digesting >> >> user:realm:password with all of the algorithms but i cannot get that >> value. > > You are confusing the above with HTTP DIGEST AUTH, which requires > md5(user + ':' + realm + ':' + password) > > Along with Konstantin's reference, you should also read this one: > http://en.wikipedia.org/wiki/Http_digest_authentication > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkt1pxoACgkQ9CaO5/Lv0PCo1gCgoHNO/WVMn7BlX48B1VlavGte > MfYAn3AjZY6XyRHFIg2xBCFL7JEn+k5k > =w9Gu > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://old.nabble.com/digest-algorithm-in-BASIC-auth-tp27562000p27573009.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
