Re: [jetty-users] "the password must be in a recoverable format"

2011-11-06 Thread Guy Hillyer
Hi Jan In DigestAuthenticator.Digest.check, the code seems to be prepared for the credentials to be a pre-calculated MD5 hash. See the comment that begins, "Credentials are already a MD5 digest". Also, in the distributed sample realm.properties, there is an entry for username "digest", with the

Re: [jetty-users] "the password must be in a recoverable format"

2011-11-06 Thread Jan Bartel
Guy, With DIGEST authentication, the server has to calculate a digest using the info supplied in the authentication request, so the stored password has to be recoverable in order to be able to be used in the digest. Jan On 5 November 2011 05:29, Guy Hillyer wrote: > The javadoc for HashLoginSer

[jetty-users] "the password must be in a recoverable format"

2011-11-04 Thread Guy Hillyer
The javadoc for HashLoginService contains this caveat: "If DIGEST Authentication is used, the password must be in a recoverable format, either plain text or OBF." However this doesn't appear to be true, as using an MD5 hash seems to work just fine. The same note appears in javadoc for Pr