Yes, I am using DIGEST authentication. But what about the www-authenticate HTTP/1.1 header that Tomcat sends over to the browser? Is it ignored by any browser, simply defaulting to MD5?
Cheers, Etienne -----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: 27 January 2011 22:56 To: Tomcat Users List Subject: Re: Valid values for digestEncoding attribute? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Etienne, > Sure enough, when I reversed the saved password back to the MD5 hash, Tomcat > authenticated my login, regardless of the SHA-1 attribute set in my <Realm> > tag's digest attribute. Are you using DIGEST authentication? If so, all current web browsers only implement MD5 as the digest algorithm, since HTTP-AUTH-DIGEST doesn't provide any algorithm negotiation between the client and server. If you have a custom client, you may be able to use a different digest algorithm. > Is this one application for programmatic authenticators as opposed to the > default that ships with Tomcat? Not likely: Tomcat is configurable while most clients are not. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1B6ecACgkQ9CaO5/Lv0PAPkACfctQAY1P7fwdRGjIjhZi6QWwT 08YAoLPRaddCXJfJe/PGpwJ1OUZaNDpg =NKU1 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
