On Sat, 29 Oct 2005, Christoph Haas wrote:
Do you have any pointers? We currently run basic authentication with an LDAP backend. And since we'd rather like something less plaintext but no Microsoft crap (at least at this level) this sounds like a good solution. But I didn't know of anything else than Basic and NTLM yet. I'd be interested.
Digest authentication is a standard HTTP authentication scheme (unlike NTLM) and documented in RFC2617 together with the Basic HTTP authentication scheme.
Digest requires the passwords to be stored either in plain-text (or reversibly encrypted), or hashed specifically for Digest authentication (including the realm used). On the wire relatively secure one-time hashes is exchanged.
Digest authentication is supported in all major browsers, even if the MSIE support seems rather poor (but it is at least functional to the minimum required level).
Regards Henrik