Hi Jan
In DigestAuthenticator.Digest.check, the code seems to be prepared for
the credentials to be a pre-calculated MD5 hash. See the comment that
begins, "Credentials are already a MD5 digest".
Also, in the distributed sample realm.properties, there is an entry for
username "digest", with the
Guy,
With DIGEST authentication, the server has to calculate a digest using the
info supplied in the authentication request, so the stored password has to
be recoverable in order to be able to be used in the digest.
Jan
On 5 November 2011 05:29, Guy Hillyer wrote:
> The javadoc for HashLoginSer
The javadoc for HashLoginService contains this caveat:
"If DIGEST Authentication is used, the password must be in a
recoverable format, either plain text or OBF."
However this doesn't appear to be true, as using an MD5 hash seems to
work just fine.
The same note appears in javadoc for Pr
