On 13/01/2021 09:36, Ravi Kumar wrote: > Hi Tomcat Team, > > I am using a Tomcat based webserver container for our web application. All > the deplyoment and other task taken care using TOMCAT 7.10.105.
Tomcat 7.0.x will reach end of life on 31 March 2021. > Currently we are using the BASIC Authentication for the Manager and tomcat > web application. > Can we migrate and use DIGEST Authentication for the same ? Yes. > What are the > suggested and recommended way to implement and using DIGEST Authentication > with TOMCAT 7 web applications? Simply replace "<auth-method>BASIC</auth-method>" in the application's web.xml file with "<auth-method>DIGEST</auth-method>" > Your valuable assistance is much appreciated. If you are storing passwords in digest form note the following: http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#Digested_Passwords Generally, you are better off switching from BASIC+http to BASIC+https rather than DIGEST+http. If you are already using BASIC+https then switching to DIGEST+https is unlikely to gain you anything. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
