Hi Henrik, I am not sure what your point is so I'll be trying to make my point again. First of all, the RFC specifies the realm to be a quoted-string as you can see here: realm = "realm" "=" realm-value realm-value = quoted-string In the whole RFC there is no statement that says the realm has to have a certain length. So it can also have the length 0 which translates to the empty string. I have written an auth helper which is able to cope with the empty string as a realm but Squid cannot cope with it. This is the reason for my email in the first place. The empy realm leads to an H(A1) like this: H(A1) == HEX(MD5(login "::" password)) This computes to a perfectly valid MD5 hash with which IE and Firefox have no problem. I hope I have made my intentions more clear now. Regards, Khaled 2010/7/1 Henrik Nordström <henrik@xxxxxxxxxxxxxxxxxxx>: > The normal digest ldap helper in plain text passord mode expects just the plain text password in ldap, without realm. > > If you store H(A1) value then it`s always realm specific. And to my knowledge there is no basic auth helper capable of verifying to a H(A1) value but technically it can be done regardless of what realm were used in the H(A1). > > If you use some other helper which expects realm:password or realm:H(A1) then it would most likely expect :H(A1) and not H(A1) if realm is empty. > > Keep in mind that Digest A1 value is login:realm:password. And H is HEX MD5 which makes H(A1) == HEX(MD5(login ":" realm ":" password)) > > So i still do not quite umderstand what yo want to accomplish with an empty realm. > > Regards > Henrik
