x-f (fxool) wrote in lj_dev,

"Digest Auth" (yes, again)

Hi! I'm still messing with the "Digest Auth". I read the RFC for "Digest Auth" (RFC2617) and found out that header from LJ-powered server differs from RFC. However, when I try to connect to some page appending "?auth=digest", browser understands that correct. So obviously there is something that I don't understand. Can somebody please explain me, where should I look for "opaque"?

Sample header from RFC
HTTP/1.1 401 Unauthorized
         WWW-Authenticate: Digest
(.. all the rest of header)
Digest Auth header from LJ
HTTP/1.0 401 Authentication required
Date: Tue, 12 Apr 2005 13:41:19 GMT
Server: Apache
Set-Cookie: ljuniq=Uy0wAsQozZQTqTv:1113313279; expires=Saturday, 11-Jun-2005 13:41:19 GMT; domain=.livejournal.com; path=/
WWW-Authenticate: Digest realm="lj", nonce="c0:1113310800:2479:180:EBUyeZRYSpV6g0vDsk5A:4bb0828f68a63616d53fd0c5978de840", algorithm=MD5, qop="auth"
Connection: close
Content-Type: text/html
Digest Auth header from our Latvian LJ-powered server
HTTP/1.1 401 Authentication required
Date: Wed, 13 Apr 2005 05:54:44 GMT
Server: Apache-AdvancedExtranetServer/1.3.28
WWW-Authenticate: Digest realm="lj", nonce="c0:1113368400:3250:180:k4ytdzqZbOz3SAOE4kDY:4c079653aa5445e45225c56644dad5c5", algorithm=MD5, qop="auth"
Content-Type: text/html; charset=iso-8859-1
Via: 1.1 journal.bad.lv
X-Cache: MISS from journal.bad.lv
Connection: close
Transfer-Encoding: chunked

[14.01.2005 8:48 GMT + 0300] I apologize to everyone whose friends page I broke with this entry. I didn't thought of that.
Besides, my Gmail stuck and I got all these replies only early this morning.
I'm sorry.


  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded