2010/2/11 Stanley Wong <w...@pcigeomatics.com>: > I am using Tomcat 6.0. I try to implement digest authentication. >
You are confusing DIGEST authentication (i.e., transmitting a hash of password over network) with validating plain passwords using digest (i.e, not storing a plain text password). The value used in the DIGEST authentication is hash(random nonce, hash(user name, authentication realm, user password)). The "hash(user name, authentication realm, user password)" part can be precalculated. See "If using digested passwords with DIGEST authentication" in the doc, http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#Digested%20Passwords Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
