Making digest authentication usable for HTTP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



My understanding of SASL digest authentication is that it is intended to be compatible with HTTP digest authentication. However, when experimenting with sasl-sample-server I was unable to find some capabilities which are necessary for this purpose:

• Ability to specify different realms for password file and authentication string. Internet Explorer and Opera try to reuse old credentials, even after multiple authentication failures. The only way to prevent this is to change the realm. • Ability to specify connection method. The default SASL connection method is Authenticate, which is not used by HTTP. • Ability to save nonce for future requests. Retrieving a nonce value and sending an authorization string by HTTP would be two separate requests. • Ability to start with client data. After receiving the nonce value, the client sends an authentication string without waiting for a challenge from the server.

I would prefer to use a standard tool for authentication than to create a custom program. Are these abilities present in the Cyrus SASL library?

[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux