Summary: | Digest auth specifically requires digested passwords to hashed with MD5 | ||
---|---|---|---|
Product: | Tomcat 7 | Reporter: | David Powell <djpowell> |
Component: | Documentation | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | Windows XP |
Description
David Powell
2012-01-24 11:27:38 UTC
Suggest changing the first sentence to something like: If using digested passwords with DIGEST authentication, the MD5 algorithm must be used for the message digest; additionally, the cleartext used to generate the digest is different. -- Dave Fixed in trunk and 7.0.x and will be included in 7.0.26 onwards. I used slightly different wording since the important part - in my view - is that the plain text is different. Clarification added to 6.0 docs as well, will be in 6.0.36. |