Netscape ENTREPRISE SERVER 6.1 - 04-2002 ADMINISTRATOR Administrator's Manual page 166

What Is Access Control?
In order for this to work, your directory server needs access to the user's password
in cleartext. Later versions of Directory Server include a reversible password
plug-in using a symmetric encryption algorithm to store data in an encrypted form,
that can later be decrypted to its original form. Only the Directory Server holds the
key to the data.
For digest authentication, you need to enable the reversible password plug-in and
the digestauth-specific plug-in included with Enterprise Server 6.1. To configure
your web server to process digest authentication, set the
the database definition in
The server tries to authenticate against the LDAP database based upon the ACL
method specified, as shown in Table 8-1. If you do not specify an ACL method, the
server will use either digest or basic when authentication is required, or basic if
authentication is not required.
Table 8-1
ACL Method
"default"
none specified
"basic"
"digest"
When processing an ACL with
authenticate by:
• Checking for Authorization request header. If not found, a 401 response is
generated with a Digest challenge, and the process stops.
• Checking for Authorization type. If Authentication type is Digest the server
then:
166 Netscape Enterprise Server Administrator's Guide • April 2002 (Draft)
dbswitch.conf
Digest Authentication Challenge Generation
Digest Authentication Supported
by Authentication Database
digest and basic
basic
digest
Checks nonce. If not valid, fresh nonce generated by this server, generates
401 response, and the process stops. If stale, generates 401 response with
, and process stops.
stale=true
Checks realm. If it does not match, generates 401 response, and process
stops.
Checks existence of user in LDAP directory. If not found, generates 401
response, and process stops.
.
Digest Authentication Not Supported by
Authentication Database
basic
basic
ERROR
, the server attempts to
method = digest
property of
digestauth