-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Etienne,
> Sure enough, when I reversed the saved password back to the MD5 hash, Tomcat > authenticated my login, regardless of the SHA-1 attribute set in my <Realm> > tag's digest attribute. Are you using DIGEST authentication? If so, all current web browsers only implement MD5 as the digest algorithm, since HTTP-AUTH-DIGEST doesn't provide any algorithm negotiation between the client and server. If you have a custom client, you may be able to use a different digest algorithm. > Is this one application for programmatic authenticators as opposed to the > default that ships with Tomcat? Not likely: Tomcat is configurable while most clients are not. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1B6ecACgkQ9CaO5/Lv0PAPkACfctQAY1P7fwdRGjIjhZi6QWwT 08YAoLPRaddCXJfJe/PGpwJ1OUZaNDpg =NKU1 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
