[daisy] HTTP Digest Authentication

[Lou Parisi]

By default, daisy seems to use HTTP BASIC authentication when logging in to
the wiki front-end.  We are using active directory authentication with
DIGEST-MD5 to authenticate against active directory.  But when the user logs
in to the wiki front-end, the plain text password is still sent from the
browser to the servlet prior to authentication to active directory.  

Is there any way to configure the wiki login screen to use HTTP Digest
authentication so the password is passed back to the daisy servlet
encrypted?  I looked through the config files for a way to configure this
but did not find one.

I have set up the repository authenticator to authenticate against active
directory as shown below but did not find a way to set HTTP authentication
method as digest:

      <scheme name="AD" description="Active Directory">
        <environment>
          <property name="java.naming.factory.initial"
value="com.sun.jndi.ldap.LdapCtxFactory"/>
          <property name="java.naming.provider.url"
value="ldap://my.domaincontroller.com:3268"/>
          <property name="java.naming.security.authentication"
value="DIGEST-MD5"/>
          <property name="java.naming.security.principal"
value="$daisyLogin"/>
          <property name="java.naming.security.sasl.realm"
value="my.realm.com"/>
        </environment>
        <cache enabled="true" maxCacheSize="3000"
maxCacheDuration="1800000"/>
        <autoCreateUser>
          <roles>
            <role>User</role>
          </roles>
          <defaultRole>User</defaultRole>
          <updateableByUser>true</updateableByUser>
        </autoCreateUser>
      </scheme>

-- 
View this message in context: http://www.nabble.com/HTTP-Digest-Authentication-tp16627834p16627834.html
Sent from the Daisy - General mailing list archive at Nabble.com.