> -----Original Message----- > From: Sam Ewing [mailto:[EMAIL PROTECTED]] > > > On the same issue... does using DIGEST Authentication > work when the password itself is stored in digest > form?
No, it doesn't. I tried with MD5 digested passwords ( set "digest" attribute of Realm element to "MD5" and changed tomcat-users.xml password with the one generated by "java org.apache.catalina.realm.RealmBase -s MD5 <password>"). Works for BASIC authentication, but not for DIGEST. Ans yes, you are absolutely right that digested passwords are not the same thing as DIGEST authentication. The former helps in not having cleartext password stored in a file, whereas the later helps in not transmitting cleartext password over the network. ANd the internal mechanisms are very different. Look at RFC2617 for details of DIGEST authentication. Either there is some setup that I am missing or it hasn't been tested at all(unlikely) or got broken in 4.1.18 or earlier. > > I wasnt able to get it to work... That makes it two of us. /Pankaj. > > /s > > --- Sam Ewing <[EMAIL PROTECTED]> wrote: > > I might be wrong.. but there is a difference between > > using Digest for authentication and storing the > > passwords as digest version in the user > > tomcat-users.xml file. > > > > The former is what Pankaj is tying to do.. this > > causes > > the passwords to be transmitted as digests version > > of > > themselves from the users browser to Tomcat. Tomcat > > then un-digests them and calls the Realm call to do > > it > > work. > > > > In the latter, we set the digest attribute to sha or > > md5 in the Realm directive in server.xml. This does > > not affect how the passwords are transmitted from > > the > > users browser to Tomcat. The Realm implementation > > computes the digest of the password and compares it > > with the digested version.. > > > > Am I on the right track here? > > > > /s > > --- "PELOQUIN,JEFFREY (HP-Boise,ex1)" > > <[EMAIL PROTECTED]> wrote: > > > When you switched to Digest mode did you convert > > the > > > original clear text > > > passwords to the digest format you wish to use? > > > > > > -----Original Message----- > > > From: KUMAR,PANKAJ (HP-Cupertino,ex1) > > > [mailto:[EMAIL PROTECTED]] > > > Sent: Monday, January 06, 2003 11:13 AM > > > To: '[EMAIL PROTECTED]' > > > Subject: REPOST: Tomcat 4.1.18: Digest > > > authentication not working? > > > > > > > > > Hi, > > > > > > I am resposting this message as I did not get any > > > answer/comment/advice. > > > > > > Has anyone ever got Digest authentication working > > > with Tomcat? > > > -----Original Message----- > > > From: KUMAR,PANKAJ (HP-Cupertino,ex1) > > > [mailto:[EMAIL PROTECTED]] > > > Subject: Tomcat 4.1.18: Digest authentication not > > > working? > > > > > > > > > Hi, > > > > > > I am a relative newbiw to Tomcat. > > > > > > The manager application works with BASIC > > > authentication (default > > > configuration), after making appropriate user and > > > role entries in > > > conf/tomcat-users.xml file. > > > > > > However, when I change BASIC to DIGEST as shown > > > below: > > > Default web.xml for "manager": > > > ... > > > <login-config> > > > <auth-method>BASIC</auth-method> > > > <realm-name>Tomcat Manager > > > Application</realm-name> > > > </login-config> > > > ... > > > Modified web.xml for "manager": > > > ... > > > <login-config> > > > <auth-method>DIGEST</auth-method> > > > <realm-name>Tomcat Manager > > > Application</realm-name> > > > </login-config> > > > ... > > > > > > It doesn't work. I get the login prompt in my > > > browser ( I tried both IE6.0 > > > and Netscape 7.0 ) with the right realm string, > > but > > > after entering the user > > > name and the password, the prompt appers again. > > > > > > I am appending the HTTP dump (captured using a > > home > > > grown interceptor tool > > > ): > > > ================================================= > > > [HTTP] C --> S (370 bytes) > > > GET /manager/html HTTP/1.1 > > > Accept: image/gif, image/x-xbitmap, image/jpeg, > > > image/pjpeg, > > > application/vnd.ms- > > > powerpoint, application/vnd.ms-excel, > > > application/msword, > > > application/x-shockwav > > > e-flash, */* > > > Accept-Language: en-us > > > Accept-Encoding: gzip, deflate > > > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; > > > Windows NT 5.0) > > > Host: localhost:8079 > > > Connection: Keep-Alive > > > > > > [HTTP] C <-- S (412 bytes) > > > HTTP/1.1 401 Unauthorized > > > Pragma: No-cache > > > Cache-Control: no-cache > > > Expires: Thu, 01 Jan 1970 00:00:00 GMT > > > WWW-Authenticate: Digest realm="Tomcat Manager > > > Application", qop="auth", > > > nonce=" > > > bf3c8fa05f1260f6a9d4299d3b882339", > > > opaque="03758823e3b14892bb4dc34ef834fa13" > > > Content-Type: text/html > > > Content-Language: en-US > > > Transfer-Encoding: chunked > > > Date: Sun, 05 Jan 2003 08:49:24 GMT > > > Server: Apache Coyote/1.0 > > > > > > [HTTP] C <-- S (5 bytes) > > > 2ad > > > [HTTP] C <-- S (685 bytes) > > > <html><head><title>Apache Tomcat/4.1.18-LE-jdk14 - > > > Error > > > report</title><STYLE><! > > > --H1{font-family : sans-serif,Arial,Tahoma;color : > > > white;background-color : > > > #008 > > > 6b2;} H3{font-family : > > sans-serif,Arial,Tahoma;color > > > : > > > white;background-color : > > > #0086b2;} BODY{font-family : > > > sans-serif,Arial,Tahoma;color : > > > black;background-co > > > lor : white;} B{color : white;background-color : > > > #0086b2;} HR{color : > > > #0086b2;} > > > --></STYLE> </head><body><h1>HTTP Status 401 - > > > </h1><HR size="1" > > > noshade><p><b>t > > > ype</b> Status report</p><p><b>message</b> > > > <u></u></p><p><b>description</b> > > > <u>T > > > his request requires HTTP authentication > > > ().</u></p><HR size="1" > > > noshade><h3>Apa > > > che Tomcat/4.1.18-LE-jdk14</h3></body></html> > > > [HTTP] C <-- S (2 bytes) > > > > > > [HTTP] C <-- S (5 bytes) > > > 0 > > > > > > [HTTP] C --> S (683 bytes) > > > GET /manager/html HTTP/1.1 > > > Accept: image/gif, image/x-xbitmap, image/jpeg, > > > image/pjpeg, > > > application/vnd.ms- > > > powerpoint, application/vnd.ms-excel, > > > application/msword, > > > application/x-shockwav > > > e-flash, */* > > > Accept-Language: en-us > > > Accept-Encoding: gzip, deflate > > > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; > > > Windows NT 5.0) > > > Host: localhost:8079 > > > Connection: Keep-Alive > > > Authorization: Digest username="pankaj", > > > realm="Tomcat Manager Application", > > > qop > > > ="auth", algorithm="MD5", uri="/manager/html", > > > nonce="bf3c8fa05f1260f6a9d4299d3b > > > 882339", nc=00000001, > > > cnonce="f7710dc1f6683517f0dd8dfd957a50bc", > > > opaque="0375882 > > > 3e3b14892bb4dc34ef834fa13", > > > response="8d3c122778ae3d95564f61a2238c8f51" > > > > > > [HTTP] C <-- S (412 bytes) > > > HTTP/1.1 401 Unauthorized > > > Pragma: No-cache > > > Cache-Control: no-cache > > > Expires: Thu, 01 Jan 1970 00:00:00 GMT > > > WWW-Authenticate: Digest realm="Tomcat Manager > > > Application", qop="auth", > > > nonce=" > > > d13c9c9d094919b14030f3bff72edc6b", > > > opaque="bd29cf774ee39e6a3cc1c396293be208" > > > Content-Type: text/html > > > Content-Language: en-US > > > Transfer-Encoding: chunked > > > === message truncated === > > > __________________________________________________ > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > http://mailplus.yahoo.com > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
