Loading ...
Sorry, an error occurred while loading the content.

Re: [soaplite] Digest authentication

Expand Messages
  • Byrne Reese
    I found a good article discussing Digest Authentication: http://www.webreference.com/internet/apache/chap5/3/ Here is an excerpt: Digest authentication works
    Message 1 of 2 , Oct 8, 2004
    • 0 Attachment
      I found a good article discussing Digest Authentication:

      http://www.webreference.com/internet/apache/chap5/3/

      Here is an excerpt:

      Digest authentication works this way:

      1.

      The client requests a URL.

      2.

      Because that URL is protected, the server replies with error
      401, "Authentication required," and among the headers, it
      sends a nonce.

      3.

      The client combines the user's password, the nonce, the
      method, and the URL, as described previously, then sends the
      result back to the server. The server does the same thing with
      the hash of the user's password retrieved from the password
      file and checks that its result matches.

      A different nonce is sent the next time, so that the Bad Guy can't
      use the captured digest to gain access.

      Here is an excerpt from Oreilly's Web Client Programming in Perl:

      In addition to HTTP 1.0's authentication mechanism, HTTP 1.1
      includes digest authentication. Instead of sending the username and
      password in the clear, the client computes a checksum of the
      username, password, document location, and a unique number given by
      the server. If a checksum is sent, the username and password are not
      communicated between the client and server. Since each transaction
      is given a unique number, the checksum varies from transaction to
      transaction, and is less likely to be compromised by "playing back"
      authorization information captured from a previous transaction.

      In any event, Apache has implemented Digest authentication allowing the
      server side to require and enforce Digest authentication. See
      |mod_auth_digest.
      |
      That leaves the client side of things to pass Digest credentials to the
      server.

      Unfortunately there is very little documentation out there for Digest
      Authentication over HTTP using Perl. The Authen::DigestMD5 module may help:

      http://search.cpan.org/~salva/Authen-DigestMD5-0.04/DigestMD5.pm

      But so may the LWP::Authen::Digest.pm module that has no documentation.

      Given that Digest authentication is not entirely predictable - in
      otherwords, both parties have to be using the same digest algorithm,
      then what does the community think is the best way to facilitate this
      type of functionality? Would you prefer using a callback method of
      somekind that takes as a single argument the nonce sent by the server
      being authenticated to?

      Any ideas?

      Byrne




      NOVAK Judit wrote:

      > Dear all,
      >
      >
      > I want to use Digest authentication method accessing the server
      > class. The solutions I found mentioned together with Basic
      > authentication (overriding
      > SOAP::Transport::HTTP::Client::get_basic_credentials to return
      > 'username' => 'password' or using
      > $soapobj->transport->credentials('port', 'realm', 'user' =>
      > 'password')), did not work for me. I still get the error message:
      >
      > client used wrong authentication scheme: Basic for <myscriptlocation>
      >
      > Though searching the web quite some time now, I couldn't find
      > anything, that could help me :(
      >
      > Does anyone have some suggestion/experiance?
      > I'm not so expert in SOAP and web authentication...
      >
      >
      > Thanks a lot!
      > Judit
      >
      >
      > ------------------------------------------------------------------------
      > *Yahoo! Groups Links*
      >
      > * To visit your group on the web, go to:
      > http://groups.yahoo.com/group/soaplite/
      >
      > * To unsubscribe from this group, send an email to:
      > soaplite-unsubscribe@yahoogroups.com
      > <mailto:soaplite-unsubscribe@yahoogroups.com?subject=Unsubscribe>
      >
      > * Your use of Yahoo! Groups is subject to the Yahoo! Terms of
      > Service <http://docs.yahoo.com/info/terms/>.
      >
      >
    Your message has been successfully submitted and would be delivered to recipients shortly.