Guy, With DIGEST authentication, the server has to calculate a digest using the info supplied in the authentication request, so the stored password has to be recoverable in order to be able to be used in the digest.
Jan On 5 November 2011 05:29, Guy Hillyer <jetty-us...@foxhillyer.org> wrote: > The javadoc for HashLoginService contains this caveat: > > "If DIGEST Authentication is used, the password must be in a > recoverable format, either plain text or OBF." > > However this doesn't appear to be true, as using an MD5 hash seems to > work just fine. > > The same note appears in javadoc for PropertyUserStore, and again in > a comment in the distributed example realm.properties file. > > I'll file a doc bug report unless someone tells me I'm off in the weeds > (always a possibility). > _______________________________________________ > jetty-users mailing list > jetty-users@eclipse.org > https://dev.eclipse.org/mailman/listinfo/jetty-users > _______________________________________________ jetty-users mailing list jetty-users@eclipse.org https://dev.eclipse.org/mailman/listinfo/jetty-users
