DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9851>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9851 Digest Authentication Doesn't Work Properly with Mozilla [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | ------- Additional Comments From [EMAIL PROTECTED] 2003-05-30 16:57 ------- In fact rfc2617 sec. 1.2 allows unquoted parameters: auth-param = token "=" ( token | quoted-string ) and none of the parameters defined in sec. 3.2.2 requires quotes, only in the realm-value (which is defined in sec. 1.2 for all authentication schemes) does: realm = "realm" "=" realm-value realm-value = quoted-string so any client could send any parameter without quotes, here is an example from amaya: Digest username="admin",realm="Test",nonce="1db89a32eb4dbb7e24a62a6d0814c50e",uri="/test",qop=auth,nc=00000001 ,cnonce="012345678",response=863092c9a25115868640b6e016c2329d,opaque=992b892c6f47ff99b9fef0cb4d425c09 The attached patch addresses this problem, the patch is against this rev: * $Header: /home/cvspublic/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/DigestAuthenticator.java,v 1.11 2003/03/24 23:19:19 keith Exp $ * $Revision: 1.11 $ * $Date: 2003/03/24 23:19:19 $ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
