Mark Thomas wrote: > Johnny Kewl wrote: >> I dont think you can do what you want to... >> I dont think you can use web based DIGEST authentication. >> And then hide passwords in a MD5 digest as well. > > Yes you can. > >> I think web based DIGEST authentication, MUST get at the plain text >> password. > > No. > >> That process has to be repeated on the server, and SHA(Password) + plus >> some random stuff NOT EQUAL to browser... >> I think it has to be a plain text password... unless TC does something >> unbelievable... > > Not unbelievable. Just plain cold logic. The use of DIGEST auth and > digested passwords are 100% independent.
Sorry. I mis-spoke. They are not totally independent. If you use DIGEST auth *and* digested passwords then you have to calculate the password to put in your tomcat-users.xml/database/etc differently. See http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#Digested%20Passwords for details. Mark --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
