Khaled Blah wrote:
> Sorry for my late reply, Henrik. I want to be able to use an empty
> realm because we use Digest Auth in conjunction with an LDAP backend.
> In this LDAP backend the admin can specifiy combinations of
> <realm>:<password> or <realm>:<H(A1)>. The empty realm would thus lead
> to either <password> or <H(A1)> standing by themselves. We want to
> support this latter case as well and the empty realm would make that a
> lot easier.
>
> Regards,
> Khaled
Unless I'm confused and mixing up my protocols ... the realm is used as
salting value and HA(1) is compared to a hash sent by the user combining
realm+user+password. Very hard for the user to generate a secure hash
correctly when the realm salt is empty.
Amos
>
> 2010/6/22 Henrik Nordström <henrik_at_henriknordstrom.net>:
>> tis 2010-06-22 klockan 00:22 +0200 skrev Khaled Blah:
>>> That's not completely true. RFC 2617 states that the realm of either
>>> digest/basic auth is a quoted string but it doesn't say that this
>>> string has to be a minimum number of characters.
>> True, but is clearly not the intention that this should be empty.
>>
>> I asked why you want to use an empty realm.
>>
>> Regards
>> Henrik
>>
>>
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.4Received on Thu Jul 01 2010 - 13:31:41 MDT
This archive was generated by hypermail 2.2.0 : Thu Jul 01 2010 - 12:00:05 MDT