As usual, the second I post to a list I discover my issue. I was using the apache htdigest tool to generate a hash for a sample user in the db for testing. This hash appears different to the hash calculated by using a md5 of the user:realm:pass and then storing the resulting has in the db using php function md5. Will spend more time on this later to figer out the actually where and why.
Anyhow, long and short if it is that yes you can store the password in encrypted form in a db for digest auth. Sorry for the inconvenience. AJ 2009/11/27 AJ McKee <[email protected]> > Hi Everyone, > > I've a requirement to perform digest auth on a simple rest service I'm > playing with (BTW nice work on Zend_Rest). Problem is that the user > information is stored in a mysql db. > > So I've implemented my own resolver to fetch data from a database rather > than a htdigest file. However, digest auth only appears to work if I put the > unencrypted password in the database. I cannot store an md5 of > user:realm:password as the pass (Unless the end user can remember that hash) > and return that hash as i think Zend_Auth_Adapter_Digest maybe doing what I > am doing in my resolver too. > > public function resolve($username, $realm) { > try { > $User = My_User_Class::getInstance($username); > // This works but password is unencrypted in db > $password = md5($username . ':' . $realm . ':' . > $User->getInsecurePass()); > > // What I'd like is just to return which is an md5 of the username, > realm and pass > // $password = $User->getSecuredPass(); > return $password > } > catch (Exception $e) { > // Log some stuff > return false; > } > } > > > Where in this have I gone astray and I presume I'm gonna have > to implement my own stuff elsewhere, so if anyone has advice to aid me on my > way, would be much appreciated. > > TIA > AJ > -- AJ McKee phone: +353 (0)86 380 50 70 profile: http://linkedin.com/in/ajmkee jid: [email protected] blog: http://aj.mc-kee.com/ twitter: @ajmckee
