Posted by naquah on November 14, 2006 at 11:38pm
Jump to:
| Project: | HTTP authentication |
| Version: | 4.7.x-1.x-dev |
| Component: | Code |
| Category: | task |
| Priority: | normal |
| Assigned: | naquah |
| Status: | closed (won't fix) |
Issue Summary
Solution is probably to use Digest instead of the Basic authentication method.
Comments
#1
...in order to work nicely with multiple authentication realms.
#2
...and in order to solve #97931.
#3
Just reading about Digest authentication and apparently it requires a plain-text password, or a MD5 hash of the password with the username and realm attached, in order to be able to negotiate with the client. Heh, that [verb meaning not very nice]. Stupid me.
One solution is to make users 'enable' digest authentication for their account by specifying their password... bad idea.
Setting this to won't fix until it is absolutely necessary for something.