On 15/11/2022 17:07, Thorsten Schöning wrote:
Guten Tag Mark Thomas,
am Dienstag, 15. November 2022 um 12:51 schrieben Sie:
In short, the digested value you save as the user credential is one
of the inputs the client uses when calculating the value to use in
the authorization header.[...]
My client is a browser and that asks me for plain-text passwords.
There's no way I could provide a digest generated using
PBKDF2WithHmacSHA512 with the settings mentioned in my former mail.
And even if there was, that digest would be a plain-text password
again.
This works.
Please go and read my email - and the links I provided - again.
If there are things you don't understand, ask specific questions.
You may also find reading RFC 7616 useful.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org