2010/2/11 Stanley Wong <[email protected]>: > I am using Tomcat 6.0. I try to implement digest authentication. >
You are confusing DIGEST authentication (i.e., transmitting a hash of password over network) with validating plain passwords using digest (i.e, not storing a plain text password). The value used in the DIGEST authentication is hash(random nonce, hash(user name, authentication realm, user password)). The "hash(user name, authentication realm, user password)" part can be precalculated. See "If using digested passwords with DIGEST authentication" in the doc, http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#Digested%20Passwords Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
