On Fri, 7 Sep 2001, Remy Maucherat wrote:
> Date: Fri, 7 Sep 2001 09:13:29 -0700
> From: Remy Maucherat <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: Re: Digest authentication in Tomcat?
>
> > Just wanted you to know: I've done with implementing Digest authentication
> > in Tomcat 3.2.1 code, will incorporate it into current 3.2.x latest code
> > from CVS. The funny thing is that so-called "mainstream" browsers (IE and
> > NN; tried many versions this afternoon) DO NOT support the Digest
> > authentication scheme... However, Opera does, so I finally have a test
> > environment :-). I think I like that browser more and more.
>
> Tomcat 4.0 already supports DIGEST, but only if the realm can return clear
> text passwords. Designing a cheme to store the limited digest in the
> realmshould be possible, but should be postponed until 4.1.
>
By the way Costin, this support is *not* in the core -- it's in a plug-in
authenticator valve that's only added if you select DIGEST authentication
:-). Same is true for the other login methods, and none of them are added
(i.e. zero overhead) if your app does not use container managed security.
> Also, IE supports DIGEST.
>
> Remy
>
>
Craig
