x-f (fxool) wrote in lj_dev,
x-f
fxool
lj_dev

"Digest Auth" (yes, again)

Hi! I'm still messing with the "Digest Auth". I read the RFC for "Digest Auth" (RFC2617) and found out that header from LJ-powered server differs from RFC. However, when I try to connect to some page appending "?auth=digest", browser understands that correct. So obviously there is something that I don't understand. Can somebody please explain me, where should I look for "opaque"?

Sample header from RFC
HTTP/1.1 401 Unauthorized
         WWW-Authenticate: Digest
                 realm="testrealm@host.com",
                 qop="auth,auth-int",
                 nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
                 opaque="5ccc069c403ebaf9f0171e9517f40e41"
(.. all the rest of header)
Digest Auth header from LJ
HTTP/1.0 401 Authentication required
Date: Tue, 12 Apr 2005 13:41:19 GMT
Server: Apache
Set-Cookie: ljuniq=Uy0wAsQozZQTqTv:1113313279; expires=Saturday, 11-Jun-2005 13:41:19 GMT; domain=.livejournal.com; path=/
WWW-Authenticate: Digest realm="lj", nonce="c0:1113310800:2479:180:EBUyeZRYSpV6g0vDsk5A:4bb0828f68a63616d53fd0c5978de840", algorithm=MD5, qop="auth"
Connection: close
Content-Type: text/html
Digest Auth header from our Latvian LJ-powered server
HTTP/1.1 401 Authentication required
Date: Wed, 13 Apr 2005 05:54:44 GMT
Server: Apache-AdvancedExtranetServer/1.3.28
WWW-Authenticate: Digest realm="lj", nonce="c0:1113368400:3250:180:k4ytdzqZbOz3SAOE4kDY:4c079653aa5445e45225c56644dad5c5", algorithm=MD5, qop="auth"
Content-Type: text/html; charset=iso-8859-1
Via: 1.1 journal.bad.lv
X-Cache: MISS from journal.bad.lv
Connection: close
Transfer-Encoding: chunked

[14.01.2005 8:48 GMT + 0300] I apologize to everyone whose friends page I broke with this entry. I didn't thought of that.
Besides, my Gmail stuck and I got all these replies only early this morning.
I'm sorry.

Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 25 comments