Jay Burgess wrote: > Given that I've got BASIC authentication working for my webapp using cleartext > passwords, shouldn't I simply be able to change my <auth-method> from "BASIC" > to > "DIGEST" in <login-config> and it should start working using digest > authentication? > > It's not, obviously, but I've seen previous posts in this group that say > things > like "clear text + DIGEST -> works!", so I think it's doable. I'm using TC > 5.0.19 by the way.
Yes, it should just work. However, there have been a bunch of fixes in this area. You may hit any of the following bugs/missing features: http://issues.apache.org/bugzilla/show_bug.cgi?id=9851 http://issues.apache.org/bugzilla/show_bug.cgi?id=37132 http://issues.apache.org/bugzilla/show_bug.cgi?id=31198 5.5.5 Add DIGEST authentication support to the JDBC and DataSource realms. Supports both digested and cleartext passwords. (markt) http://issues.apache.org/bugzilla/show_bug.cgi?id=32137 http://issues.apache.org/bugzilla/show_bug.cgi?id=31592 If you want to digest the passwords in tomcat-users.xml (or wherever you store them) then a little more work is required and you may hit more problems. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
