The normal digest ldap helper in plain text passord mode expects just the plain text password in ldap, without realm. If you store H(A1) value then it`s always realm specific. And to my knowledge there is no basic auth helper capable of verifying to a H(A1) value but technically it can be done regardless of what realm were used in the H(A1). If you use some other helper which expects realm:password or realm:H(A1) then it would most likely expect :H(A1) and not H(A1) if realm is empty. Keep in mind that Digest A1 value is login:realm:password. And H is HEX MD5 which makes H(A1) == HEX(MD5(login ":" realm ":" password)) So i still do not quite umderstand what yo want to accomplish with an empty realm. Regards Henrik ----- Ursprungsmeddelande ----- > Sorry for my late reply, Henrik. I want to be able to use an empty > realm because we use Digest Auth in conjunction with an LDAP backend. > In this LDAP backend the admin can specifiy combinations of > <realm>:<password> or <realm>:<H(A1)>. The empty realm would thus lead > to either <password> or <H(A1)> standing by themselves. We want to > support this latter case as well and the empty realm would make that a > lot easier. > > Regards, > Khaled > > 2010/6/22 Henrik Nordström <henrik@xxxxxxxxxxxxxxxxxxx>: > > tis 2010-06-22 klockan 00:22 +0200 skrev Khaled Blah: > > > That's not completely true. RFC 2617 states that the realm of either > > > digest/basic auth is a quoted string but it doesn't say that this > > > string has to be a minimum number of characters. > > > > True, but is clearly not the intention that this should be empty. > > > > I asked why you want to use an empty realm. > > > > Regards > > Henrik > > > >
