Ticket #54 (closed Defect: Software changed)
Poor user experience with DIGEST authentication
| Reported by: | cdaboo@… | Owned by: | dreid@… |
|---|---|---|---|
| Priority: | 3: Important | Milestone: | CalendarServer-1.0 |
| Component: | Calendar Server | Severity: | Security |
| Keywords: | Cc: |
Description
When the server is set to digest authentication and a browser is pointed to a resource, the user is prompted for their user/pswd everytime the resource is refreshed. The problem is that the Twisted digest authenticator generates a new 'opaque' parameter for each request, which prevents clients from caching and replaying authentication. Twisted needs to be changed to cache the 'opaque' parameter. A good example to follow is that of apache mod_auth_digest which keeps a per-client 'opaque' parameter in a garbage collected map.
Change History
Note: See
TracTickets for help on using
tickets.