> > Tomcat 4.0 already supports DIGEST, but only if the realm can return
clear
> > text passwords. Designing a cheme to store the limited digest in the
> > realmshould be possible, but should be postponed until 4.1.
>
> My implementation works with the situation where server only knows
> H(username ":" realm ":" password)
Ok, but that would still require some modifications in the JDBC realm, for
example, because it has the annoying habit to store H(password) ;-)
I was planning to add a mechanism a bit like you describe, but after 4.0.
> > Also, IE supports DIGEST.
>
> My IE 5.5 fails with DIGEST. I've checked by an experimental installation
of
> Apache 1.3.7. IE 5.5, NN 6 and NN 4.72 failed to process the
authentication
> request (NN 4.72 returned Basic authentication :-)) Opera succeeded
cleanly.
NN doesn't support DIGEST, that's for sure.
IE 5.0 did, and I was able to use it with TC 4.0 implementation of DIGEST.
Of course, that was some time ago, and I never tried with 6.0.
Remy
