Lloyd,
On 12/13/24 2:41 PM, DIGLLOYD wrote:
Agreed, it is probably pointless to support SHA-256, given the hard
requirement of supporting MD5 in older browsers for many years to
come.
OTOH, running any kind of DIGEST over TLS and storing zero sensitive
info on server is completely acceptable
Agreed, it is probably pointless to support SHA-256, given the hard requirement
of supporting MD5 in older browsers for many years to come.
OTOH, running any kind of DIGEST over TLS and storing zero sensitive info on
server is completely acceptable for my own use case.
> On Dec 13, 2024, at
Lloyd,
On 12/13/24 2:32 PM, DIGLLOYD wrote:
Yes, it is returning the digest without modification. That’s not the issue.
There are three options:
(1) require MD5 only
(2) require SHA-256 only
(3) allow either MD5 or SHA-256
#2 is not an option since some browsers (eg Safari) do not yet support
Yes, it is returning the digest without modification. That’s not the issue.
There are three options:
(1) require MD5 only
(2) require SHA-256 only
(3) allow either MD5 or SHA-256
#2 is not an option since some browsers (eg Safari) do not yet support SHA-256.
And SHA-256 will never be supported
Lloyd,
On 12/13/24 11:47 AM, DIGLLOYD wrote:
BTW, I was able to support *both* MD5 and SHA-256 in my subclass of
org.apache.catalina.realm.RealmBase
ISSUE: org.apache.catalina.realm.RealmBas.getPassword(final String username)
affords no means to know *which* algorithm ie which digest to
Thank you Mark.
DIGEST, and in Tomcat 9 (not 11). Not sure if 9 vs 11 matters.
Sure enough, I missed “algorithms” attribute in . Having that config
for ~15 years and then having things start to fail led me down the wrong path
it seem.
I did 3 things wrong:
- just did not see “algorithms
BTW, I was able to support *both* MD5 and SHA-256 in my subclass of
org.apache.catalina.realm.RealmBase
ISSUE: org.apache.catalina.realm.RealmBas.getPassword(final String username)
affords no means to know *which* algorithm ie which digest to return.
I dealt with this by subclassing
On 13/12/2024 00:39, DIGLLOYD wrote:
ISSUE: users cannot login to my site.
CAUSE: Firefox and Chrome are sending SHA-256 DIGEST auth, which is MD5 (Safari
uses MD5 which is working fine)
Details:
- Tomcat 9.0.98
- DIGEST auth using MD5
- has been working for 15+ years just fine.
- have read
Lloyd,
On 13.12.2024 01:39, DIGLLOYD wrote:
ISSUE: users cannot login to my site.
CAUSE: Firefox and Chrome are sending SHA-256 DIGEST auth, which is MD5 (Safari
uses MD5 which is working fine)
Details:
- Tomcat 9.0.98
- DIGEST auth using MD5
- has been working for 15+ years just fine.
What
ISSUE: users cannot login to my site.
CAUSE: Firefox and Chrome are sending SHA-256 DIGEST auth, which is MD5 (Safari
uses MD5 which is working fine)
Details:
- Tomcat 9.0.98
- DIGEST auth using MD5
- has been working for 15+ years just fine.
- have read all available Tomcat docs, searched web
the attached files are not able to read please help further on this part
On Wednesday, September 20, 2023 at 12:29:29 PM PDT,
users-digest-h...@tomcat.apache.org
wrote:
users Digest 20 Sep 2023 19:28:18 - Issue 14664
Topics (messages 277707 through 277710)
Unable to get
Thorsten,
On 11/16/22 02:36, Thorsten Schöning wrote:
Guten Tag Christopher Schultz,
am Mittwoch, 16. November 2022 um 04:17 schrieben Sie:
You should double-check the definition of "compliant to CIS
benchmark spec" because there is no way in hell that HTTP DIGEST is
required.[...]
Guten Tag Christopher Schultz,
am Mittwoch, 16. November 2022 um 04:17 schrieben Sie:
> You should double-check the definition of "compliant to CIS
> benchmark spec" because there is no way in hell that HTTP DIGEST is
> required.[...]
The spec doesn't tell me exactly t
hmark
spec" because there is no way in hell that HTTP DIGEST is required. It's
a 100% broken standard that has been fixed by RFC 7616 but, as Mark
says, that RFC has been completely ignored by the world because TLS+HTTP
BASIC does just fine.
The reason it's broken is becau
on. But at the
same time config examples of that spec use auth-method DIGEST and as
we both seem to agree, that doesn't make too much sense. Other parts
of the spec don't make sense in this special aspect as well and simply
seem outdated and copied over from VERY old Tomcats.
So, my app
Sorry, you are correct. There is no way to use PBKDF2WithHmacSHA512 in a
Realm along with HTTP DIGEST auth.
If you want to use HTTP DIGEST auth and digested passwords on the server
you have to use, quoting the Tomcat docs, "one iteration of the MD5
algorithm with no salt".
RF
Guten Tag Mark Thomas,
am Dienstag, 15. November 2022 um 18:36 schrieben Sie:
> Please go and read my email - and the links I provided - again.
I did, so feel free to tell me how I tell my browser to use my
plain-text password as PBKDF2WithHmacSHA512 digest with 10
iterations, a key len
client is a browser and that asks me for plain-text passwords.
There's no way I could provide a digest generated using
PBKDF2WithHmacSHA512 with the settings mentioned in my former mail.
And even if there was, that digest would be a plain-text password
again.
This works.
Please go and re
ks me for plain-text passwords.
There's no way I could provide a digest generated using
PBKDF2WithHmacSHA512 with the settings mentioned in my former mail.
And even if there was, that digest would be a plain-text password
again.
Mit freundlichen Grüßen
Thorsten Schöning
--
AM-SoFT IT-Serv
On 15/11/2022 10:20, Thorsten Schöning wrote:
So, is it even possible to use SecretKeyCredentialHandler and
auth-method DIGEST together or am I required to use BASIC? If DIGEST
is supported, how does that and credential helper work together
without plain-text password available at the server
2"
> iterations="10"
> keyLength="256"
> saltLength="16"
> />
>
And here's where things become interesting, because the docs of the
CIS benchmark PDF are using a DIGEST auth-method ins
On 9/8/2022 9:45 AM, Berneburg, Cris J. - US wrote:
2. Also, some digest messages are blank for me, but other
folks' replies to them are not. It's often original messages
from specific users. Maybe we can compare what we see.
Not using multiple client apps, I don't know if t
Terence
> I created an issue for the blank digest messages:
> https://issues.apache.org/jira/browse/INFRA-23675
> which appears to be due a missing CRLF sequence following
> the header section. It's currently "WAITING FOR INFRA" so
> I don't think anyone has
users-digest. This may be why you found my e-mail
address listed twice as a subscriber.
What isn't clear is whether a subscription to the list in the non-
digest form is now required to send messages to the list. (I was
previously subscribed to the digest only and had been able to
send messag
> 2. Also, some digest messages are blank for me, but other
> folks' replies to them are not. It's often original messages
> from specific users. Maybe we can compare what we see.
> Not using multiple client apps, I don't know if the blankness
> is due to client a
Hi Terence
I have similar issues.
> First, I was suddenly unable to send e-mail to the list using an
> e-mail address that I have used on the list since at least 2005,
> as mentioned above. I got around this by (re)subscribing to both
> users and users-digest. This may be why you fou
On 9/7/2022 1:35 AM, Mark Thomas wrote:
On 07/09/2022 04:22, Terence M. Bandoian wrote:
It looks like there's something going on with the CRLF sequence that
should separate the header section from the body in digest
attachments. However, it's difficult to tell where it's hap
On 07/09/2022 04:22, Terence M. Bandoian wrote:
It looks like there's something going on with the CRLF sequence that
should separate the header section from the body in digest attachments.
However, it's difficult to tell where it's happening.
From RFC 5322:
A message con
On 9/6/2022 6:00 PM, Terence M. Bandoian wrote:
On 8/23/2022 1:47 AM, Mark Thomas wrote:
On 23/08/2022 02:45, Terence M. Bandoian wrote:
Recently, message attachments that appear blank in my e-mail client
have been included in the Tomcat users mailing list digest. Some
users' message
On 8/23/2022 1:47 AM, Mark Thomas wrote:
On 23/08/2022 02:45, Terence M. Bandoian wrote:
Recently, message attachments that appear blank in my e-mail client
have been included in the Tomcat users mailing list digest. Some
users' messages are normally not blank (e.g. Tomcat committer
On 23/08/2022 02:45, Terence M. Bandoian wrote:
Recently, message attachments that appear blank in my e-mail client have
been included in the Tomcat users mailing list digest. Some users'
messages are normally not blank (e.g. Tomcat committers and others).
Messages from other user
Recently, message attachments that appear blank in my e-mail client have
been included in the Tomcat users mailing list digest. Some users'
messages are normally not blank (e.g. Tomcat committers and others).
Messages from other users are. Replies to "blank" messages by users
Recently, message attachments that appear blank in my e-mail client
have been included in the Tomcat users mailing list digest. Some
users' messages are normally not blank (e.g. Tomcat committers and
others). Messages from other users are. Replies to "blank" messages
by users who
Recently, message attachments that appear blank in my e-mail client have
been included in the Tomcat users mailing list digest. Some users'
messages are normally not blank (e.g. Tomcat committers and others).
Messages from other users are. Replies to "blank" messages by users who
gt; Subject: Re: UserDatabaseRealm and DIGEST
>
> Jon,
>
> On 8/24/21 19:51, jonmcalexan...@wellsfargo.com.INVALID wrote:
> > Chris,
> >
> >> -Original Message-
> >> From: Christopher Schultz
> >> Sent: Tuesday, August 24, 2021 5:52 PM
> >>
Jon,
On 8/24/21 19:51, jonmcalexan...@wellsfargo.com.INVALID wrote:
Chris,
-Original Message-
From: Christopher Schultz
Sent: Tuesday, August 24, 2021 5:52 PM
To: users@tomcat.apache.org
Subject: Re: UserDatabaseRealm and DIGEST
Jon,
On 8/24/21 12:53, jonmcalexan
Chris,
> -Original Message-
> From: Christopher Schultz
> Sent: Tuesday, August 24, 2021 5:52 PM
> To: users@tomcat.apache.org
> Subject: Re: UserDatabaseRealm and DIGEST
>
> Jon,
>
> On 8/24/21 12:53, jonmcalexan...@wellsfargo.com.INVALID wrote:
Jon,
On 8/24/21 12:53, jonmcalexan...@wellsfargo.com.INVALID wrote:
-Original Message-
From: Mark Thomas
Sent: Tuesday, August 24, 2021 11:41 AM
To: users@tomcat.apache.org
Subject: Re: UserDatabaseRealm and DIGEST
On 24/08/2021 17:28, jonmcalexan...@wellsfargo.com.INVALID wrote:
Ok
> -Original Message-
> From: Mark Thomas
> Sent: Tuesday, August 24, 2021 11:41 AM
> To: users@tomcat.apache.org
> Subject: Re: UserDatabaseRealm and DIGEST
>
> On 24/08/2021 17:28, jonmcalexan...@wellsfargo.com.INVALID wrote:
> > Ok, so I've been reading
On 24/08/2021 17:28, jonmcalexan...@wellsfargo.com.INVALID wrote:
Ok, so I've been reading thru the documentation on DIGEST but not entirely sure
I have it right. What is the best practice for DIGEST and what algorithms are
allowed, such as is sha-256 allowed?
First, a questi
Ok, so I've been reading thru the documentation on DIGEST but not entirely sure
I have it right. What is the best practice for DIGEST and what algorithms are
allowed, such as is sha-256 allowed?
Thanks,
Dream * Excel * Explore * Inspire
Jon McAlexander
Infrastructure Engineer
Asst
March 2021.
Currently we are using the BASIC Authentication for the Manager and tomcat
web application.
Can we migrate and use DIGEST Authentication for the same ?
Yes.
What are the
suggested and recommended way to implement and using DIGEST Authentication
with TOMCAT 7 web applications?
Simply
using the BASIC Authentication for the Manager and tomcat
> web application.
> Can we migrate and use DIGEST Authentication for the same ?
Yes.
> What are the
> suggested and recommended way to implement and using DIGEST Authentication
> with TOMCAT 7 web applications?
Simply replac
Hi Tomcat Team,
I am using a Tomcat based webserver container for our web application. All
the deplyoment and other task taken care using TOMCAT 7.10.105.
Currently we are using the BASIC Authentication for the Manager and tomcat
web application.
Can we migrate and use DIGEST Authentication for
_251
> >
> > We are trying to use Tomcat JDBCRealm to access user credentials stored
> in
> > Oracle DB. The user password is hashed with a SALT and stored in a table.
> >
> > *ISSUE:* We can authenticate using the BASIC auth-method while passing
> the
> >
SIC auth-method while passing the
> hashed string of the password but the DIGEST auth-method fails to create
> the matching hash of the user password after configuring the realm-name
> with the SALT and using the CredentialHandler
> MessageDigestCredentialHandler.
>
> The use
Tomcat 9.0.36
JDK 1.8.0_251
We are trying to use Tomcat JDBCRealm to access user credentials stored in
Oracle DB. The user password is hashed with a SALT and stored in a table.
*ISSUE:* We can authenticate using the BASIC auth-method while passing the
hashed string of the password but the DIGEST
Brian & Calder,
On 6/22/2020 3:06 AM,
users-digest-h...@tomcat.apache.org<mailto:users-digest-h...@tomcat.apache.org>
wrote:
On Mon, Jun 22, 2020, 01:04 Brian
<mailto:brian...@emailbb.com> wrote
[ snip ]
- For some reason, the people at Ubuntu/Debian/Linux decided tha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jon,
On 1/15/20 4:55 PM, jonmcalexan...@wellsfargo.com.INVALID wrote:
> -Original Message- From: Mark Thomas
> Sent: Wednesday, January 15, 2020 3:42 PM To:
> users@tomcat.apache.org Subject: Re: Tomcat Digest Algorithm
> ques
-Original Message-
From: Mark Thomas
Sent: Wednesday, January 15, 2020 3:42 PM
To: users@tomcat.apache.org
Subject: Re: Tomcat Digest Algorithm question
On 15/01/2020 21:03, jonmcalexan...@wellsfargo.com.INVALID wrote:
> Is there a list of compliant algorithms supported when us
On 15/01/2020 21:03, jonmcalexan...@wellsfargo.com.INVALID wrote:
> Is there a list of compliant algorithms supported when using Digest for
> passwords in the user database realm?
>
> I know it supports MD5 and SHA, but both of these are weak. Does this support
> SHA-256, SHA
Is there a list of compliant algorithms supported when using Digest for
passwords in the user database realm?
I know it supports MD5 and SHA, but both of these are weak. Does this support
SHA-256, SHA-512, SHA3, etc.?
Thanks,
Dream * Excel * Explore * Inspire
Jon McAlexander
Asst Vice
Chris:
Thank you very much.
That worked as expected .
The following additional lines are printed:
Sep 13, 2019 12:40:46 AM org.apache.coyote.http11.Http11NioProtocol start
INFO: Starting ProtocolHandler ["http-nio-8080"]
The tests under the script tests work as expected against Tomcat this tim
ESMTPSA id 59E274447
for ; Thu, 18 Apr 2019 11:12:24 + (UTC)
Subject: Re: Is there a problem with the digest?
To: users@tomcat.apache.org
References:
From: Mark Thomas
Openpgp: preference=signencrypt
Autocrypt: addr=ma...@apache.org; prefer-encrypt=mut
Mark Thomas wrote:
>> >> Which address did you use to subscribe to the digest list? It wasn't
>> >> this one...
>> > > Ignore that. ezmlm cmd line error on my part. I see your digest
>> > subscription in the logs from this address. Hmmm.
>> >
as wrote:
>> Which address did you use to subscribe to the digest list? It wasn't
>> this one...
>
> Ignore that. ezmlm cmd line error on my part. I see your digest
> subscription in the logs from this address. Hmmm.
>
> Let me go and dig into the mail logs.
On 12/04/2019 16:32, Mark Thomas wrote:
On 12/04/2019 16:29, Mark Thomas wrote:
Which address did you use to subscribe to the digest list? It wasn't
this one...
Ignore that. ezmlm cmd line error on my part. I see your digest
subscription in the logs from this address. Hmmm.
Let me go an
On 12/04/2019 16:29, Mark Thomas wrote:
> Which address did you use to subscribe to the digest list? It wasn't
> this one...
Ignore that. ezmlm cmd line error on my part. I see your digest
subscription in the logs from this address. Hmmm.
Let me go and dig into the mail logs...
Mark
Which address did you use to subscribe to the digest list? It wasn't
this one...
Mark
On 12/04/2019 15:43, Mark Thomas wrote:
> On 12/04/2019 15:27, Richard Huntrods wrote:
>> It's been four days since I've seen a 'users-dig...@tomcat.apache.org'
>> email
Why google? Actually I was continuing to research the problem I'd
posted, and the digest archive showed up as the first two hits. :-)
-R
On 4/12/2019 7:34 AM, Konstantin Kolinko wrote:
пт, 12 апр. 2019 г. в 17:27, Richard Huntrods :
It's been four days since I've se
On 12/04/2019 15:27, Richard Huntrods wrote:
> It's been four days since I've seen a 'users-dig...@tomcat.apache.org'
> email. I posted a question on April 9, and no digest since (I subscribed
> to the digest), yet I found a reply on the digest archive by searching
пт, 12 апр. 2019 г. в 17:27, Richard Huntrods :
>
> It's been four days since I've seen a 'users-dig...@tomcat.apache.org'
> email. I posted a question on April 9, and no digest since (I subscribed
> to the digest), yet I found a reply on the digest archive by sear
It's been four days since I've seen a 'users-dig...@tomcat.apache.org'
email. I posted a question on April 9, and no digest since (I subscribed
to the digest), yet I found a reply on the digest archive by searching
with Google.
So again... is there a problem with digest em
gt; I am getting warning “Setting property 'digest' to 'SHA-256' did
> >> not find a matching property” in tomcat9-stderr.log when I use
> >> attribute "digest" in realms.
> >>
> >> Snip from server.xml that i am using when i get error -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Dheeraj,
On 2/15/19 04:08, dheeraj joshi wrote:
>> I am getting warning “Setting property 'digest' to 'SHA-256' did
>> not find a matching property” in tomcat9-stderr.log when I use
>> attribute "digest&q
Hi,
Am 15.02.2019 10:08, schrieb dheeraj joshi:
Hi Team,
I am getting warning “Setting property 'digest' to 'SHA-256' did not
find
a matching property” in tomcat9-stderr.log when I use attribute
"digest"
in realms.
Snip from server.xml that i am using whe
>
> Hi Team,
>
>
>
> I am getting warning “Setting property 'digest' to 'SHA-256' did not find
> a matching property” in tomcat9-stderr.log when I use attribute "digest"
> in realms.
>
> Snip from server.xml that i am using when i get
ny feedback on this ?
> >> Thanks
> >>
> >> On Sun, Nov 5, 2017 at 9:16 PM, Philippe Mouawad <
> >> p.moua...@ubik-ingenierie.com> wrote:
> >>
> >>> Hello,
> >>> I am having issues making Digest a
t; can do to help you.
> >
> > Mark
> >
> >
> > >
> > > Thanks
> > >
> > > On Wed, Nov 8, 2017 at 10:19 PM, Philippe Mouawad <
> > > p.moua...@ubik-ingenierie.com> wrote:
> > >
> > >> Hello,
> > &g
at 10:19 PM, Philippe Mouawad <
> > p.moua...@ubik-ingenierie.com> wrote:
> >
> >> Hello,
> >> Any feedback on this ?
> >> Thanks
> >>
> >> On Sun, Nov 5, 2017 at 9:16 PM, Philippe Mouawad <
> >> p.moua...@ubik-ingenierie.c
t;
> On Wed, Nov 8, 2017 at 10:19 PM, Philippe Mouawad <
> p.moua...@ubik-ingenierie.com> wrote:
>
>> Hello,
>> Any feedback on this ?
>> Thanks
>>
>> On Sun, Nov 5, 2017 at 9:16 PM, Philippe Mouawad <
>> p.moua...@ubik-ingenierie.com> wr
om> wrote:
>
>> Hello,
>> I am having issues making Digest auth work in Tomcat 8.5.23 for manager
>> application.
>>
>> I have done the following:
>>
>> 1) Edit server.xml and have set MessageDigestCredentialHandler wit
am having issues making Digest auth work in Tomcat
>> 8.5.23 for manager application.
>>
>> I have done the following:
>>
>> 1) Edit server.xml and have set MessageDigestCredentialHandler
>> with SHA-256 > className="org.apache.catalina.realm.Lock
Hello,
Any feedback on this ?
Thanks
On Sun, Nov 5, 2017 at 9:16 PM, Philippe Mouawad <
p.moua...@ubik-ingenierie.com> wrote:
> Hello,
> I am having issues making Digest auth work in Tomcat 8.5.23 for manager
> application.
>
> I have done the following:
>
> 1) E
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Philippe,
On 11/5/17 3:16 PM, Philippe Mouawad wrote:
> Hello, I am having issues making Digest auth work in Tomcat 8.5.23
> for manager application.
I'm curious... why bother with HTTP DIGEST authentication when TLS
just so much better
Hello,
I am having issues making Digest auth work in Tomcat 8.5.23 for manager
application.
I have done the following:
1) Edit server.xml and have set MessageDigestCredentialHandler with SHA-256
2) Generated password using:
./digest.sh -a
On 30.11.2016 23:00, Esmond Pitt wrote:
This is getting out of hand. I am subcribed to what is supposed to be a
daily digest. Today I received *seven.* What is going on?
EJP
Well, for one thing, this is a free user help list, for a free software product, and as
well the people who create
This is getting out of hand. I am subcribed to what is supposed to be a
daily digest. Today I received *seven.* What is going on?
EJP
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e
%20Security%20in%20Apache%20Tomcat.pdf
I'll try to get that onto the Tomcat site.
- -chris
> Le 11/06/2016 20:21, Felix Schumacher a écrit :
>>
>> Am 10. Juni 2016 22:12:02 MESZ, schrieb Hardibo Pierre-Jean
>> :
>>> Hello, it seems realm's digest attribute is
erre-Jean
:
Hello, it seems realm's digest attribute is depreciated in tomcat9, how
can i replace it ? (MD5) thanks
I think you are looking for the nested component CredentialHandler (
http://tomcat.apache.org/tomcat-9.0-doc/config/credentialhandler.html ).
Chris gave a talk about them at t
Am 10. Juni 2016 22:12:02 MESZ, schrieb Hardibo Pierre-Jean
:
>Hello, it seems realm's digest attribute is depreciated in tomcat9, how
>
>can i replace it ? (MD5) thanks
I think you are looking for the nested component CredentialHandler (
http://tomcat.apache.org/tomcat-
Hello, it seems realm's digest attribute is depreciated in tomcat9, how
can i replace it ? (MD5) thanks
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
gt; 9 and I migrated my apps to it. In tomcat 9 cross context is
>>> running smoothly (thank you!)
>>>
>>> To authenticate my config is using JDBCRealm with a mysql
>>> database. The config below ran very well with tomcat 8 but on
>>> tomcat 9 accep
accepted only
>> the password digests (which are stored in the table tomcat_users)
>> directly instead of the usual passwords. It seems that the digest
>> algorithm MD5 be here not executed.
>
> Given that the digest attribute doesn't exist on the Realm in
hank you!)
>
> To authenticate my config is using JDBCRealm with a mysql database. The
> config below ran very well with tomcat 8 but on tomcat 9 accepted only
> the password digests (which are stored in the table tomcat_users)
> directly instead of the usual passwords. It seems t
database. The config
below ran very well with tomcat 8 but on tomcat 9 accepted only the password
digests (which are stored in the table tomcat_users) directly instead of the
usual passwords. It seems that the digest algorithm MD5 be here not executed.
The config in server.xml is
The
Windows env often have 'virus scanners' that make large numbers of HTTP
calls to known vunerable endpoints. Do the access logs show anything OOTO?
On 13 Apr 2016 4:54 am, wrote:
>
> users Digest 12 Apr 2016 18:54:12 - Issue 12577
>
> Topics (messages 257263 through 25
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jian
(Replying to both you and the list)
On 4/28/15 1:52 PM, Jian Wu wrote:
> I don't know how to reply to my question directly because I
> subscribed to the digest mail list.
I'm not sure, either. I suspect that replying to th
DigestAuthenticator class in tomcat6 to split digest authentication header like
it is done in tomcat7, because this is the real cause of the problem - the
regular expression submitted to the split method cannot properly handle
unquoted parameters at the end of the auth header line.
Thank you for your
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Rainer,
On 3/17/15 11:12 AM, Rainer Jung wrote:
> Am 17.03.2015 um 15:40 schrieb Sascha Skorupa:
>> Hi Rainer,
>>
>> currently not (Apache 2.2) but it might be an option to upgrade
>> the OS and the Apache if it leads to a solution.
>
> OK. But th
Am 17.03.2015 um 15:40 schrieb Sascha Skorupa:
Hi Rainer,
currently not (Apache 2.2) but it might be an option to upgrade the OS and the
Apache if it leads to a solution.
OK. But think twice, whether it is better to just compile mod_jk from
sources or do the big update. Updating to 2.4 will
: Re: Migration from Tomcat6-Cluster to Tomcat7-Cluster: Digest
Authentication problem
Hi Sascha,
Am 17.03.2015 um 13:02 schrieb Sascha Skorupa:
> Rainer, thank you for this hint, but unfortunately, this feature is too new
> to be included in any current mod_jk linux package and building i
[mailto:ch...@christopherschultz.net]
Gesendet: Freitag, 13. März 2015 19:24
An: Tomcat Users List
Betreff: Re: Migration from Tomcat6-Cluster to Tomcat7-Cluster: Digest
Authentication problem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Rainer,
On 3/13/15 12:15 PM, Rainer Jung wrote:
Am
interesting. Would it be an option for
future releases of tomcat?
Sascha
-Ursprüngliche Nachricht-
Von: Christopher Schultz [mailto:ch...@christopherschultz.net]
Gesendet: Freitag, 13. März 2015 19:24
An: Tomcat Users List
Betreff: Re: Migration from Tomcat6-Cluster to Tomcat7-Cluster: Digest
:
>>> On 12/03/2015 15:20, Sascha Skorupa wrote:
>>>> Hi,
>>>>
>>>> here:
>>>>
>>>> http://grokbase.com/t/tomcat/users/13bvsbwb8s/multiple-servers-and-digest-authentication
>>>>
>>>>
>>>>
>>&g
Am 13.03.2015 um 16:28 schrieb Christopher Schultz:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 3/12/15 1:13 PM, Mark Thomas wrote:
On 12/03/2015 15:20, Sascha Skorupa wrote:
Hi,
here:
http://grokbase.com/t/tomcat/users/13bvsbwb8s/multiple-servers-and-digest-authentication
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 3/12/15 1:13 PM, Mark Thomas wrote:
> On 12/03/2015 15:20, Sascha Skorupa wrote:
>> Hi,
>>
>> here:
>>
>> http://grokbase.com/t/tomcat/users/13bvsbwb8s/multiple-servers-and-digest-authentication
>&g
> http://grokbase.com/t/tomcat/users/13bvsbwb8s/multiple-servers-and-digest-authentication
>>
>> the same problem is described and the recommended solution is to use sticky
>> load balancing. But, the problem in a tomcat cluster is that the session ID
>> is generated a
On 12/03/2015 15:20, Sascha Skorupa wrote:
> Hi,
>
> here:
>
> http://grokbase.com/t/tomcat/users/13bvsbwb8s/multiple-servers-and-digest-authentication
>
> the same problem is described and the recommended solution is to use sticky
> load balancing. But, the problem in
Hi,
here:
http://grokbase.com/t/tomcat/users/13bvsbwb8s/multiple-servers-and-digest-authentication
the same problem is described and the recommended solution is to use sticky
load balancing. But, the problem in a tomcat cluster is that the session ID is
generated after a successful
1 - 100 of 257 matches
Mail list logo
