[4563] in WWW Security List Archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

RE: Basic Authentication

daemon@ATHENA.MIT.EDU (Phillip M. Hallam-Baker)
Fri Feb 21 16:36:48 1997

From: "Phillip M. Hallam-Baker" <hallam@ai.mit.edu>
To: "'Douglas Song'" <dugsong@umich.edu>,
        "Www-Security (E-mail)"
	 <www-security@ns2.rutgers.edu>
Date: Fri, 21 Feb 1997 12:34:54 -0500
Errors-To: owner-www-security@ns2.rutgers.edu

There aren't any currently, and Netscape at least ALWAYS interprets the
'WWW-Authenticate' header as having a value of 'Basic' (so you get
prompted for a username and password) even if something else is specified! 
This has to change if they want to support the new HTTP 1.1 digest
authentication scheme (RFC 2069), and any future authentication methods
(such as Kerberos, which we're looking at implementing now as an extension
of the digest auth scheme). 

[Phillip M. Hallam-Baker]  
Spyglass have a browser that offers the Digest scheme and have done
so for a good three years. 

		Phill


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[4563] in WWW Security List Archive

RE: Basic Authentication

daemon@ATHENA.MIT.EDU (Phillip M. Hallam-Baker)Fri Feb 21 16:36:48 1997

daemon@ATHENA.MIT.EDU (Phillip M. Hallam-Baker)
Fri Feb 21 16:36:48 1997