I dont question that the rfc allows for an empty realm even if not the intention by the rfc authors. What i ask is why you want to use an empty realm. The realm is there for both usability and security reasons, and i do not see what benefit there would be in using an empty realm compared to something meaningful that the user understands. ----- Ursprungsmeddelande ----- > Hi Henrik, > > I am not sure what your point is so I'll be trying to make my point > again. First of all, the RFC specifies the realm to be a quoted-string > as you can see here: > > realm = "realm" "=" realm-value > realm-value = quoted-string > > In the whole RFC there is no statement that says the realm has to have > a certain length. So it can also have the length 0 which translates to > the empty string. I have written an auth helper which is able to cope > with the empty string as a realm but Squid cannot cope with it. This > is the reason for my email in the first place. > > The empy realm leads to an H(A1) like this: H(A1) == HEX(MD5(login > "::" password)) > This computes to a perfectly valid MD5 hash with which IE and Firefox > have no problem. > > I hope I have made my intentions more clear now. > > Regards, > Khaled > > > 2010/7/1 Henrik Nordström <henrik@xxxxxxxxxxxxxxxxxxx>: > > The normal digest ldap helper in plain text passord mode expects just > > the plain text password in ldap, without realm. > > > > If you store H(A1) value then it`s always realm specific. And to my > > knowledge there is no basic auth helper capable of verifying to a > > H(A1) value but technically it can be done regardless of what realm > > were used in the H(A1). > > > > If you use some other helper which expects realm:password or > > realm:H(A1) then it would most likely expect :H(A1) and not H(A1) if > > realm is empty. > > > > Keep in mind that Digest A1 value is login:realm:password. And H is > > HEX MD5 which makes H(A1) == HEX(MD5(login ":" realm ":" password)) > > > > So i still do not quite umderstand what yo want to accomplish with an > > empty realm. > > > > Regards > > Henrik
