W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 1999

RE: Authentication in existing WebDAV servers

From: Greg Stein <gstein@lyra.org>
Date: Mon, 1 Nov 1999 23:46:35 -0800 (PST)
To: "Yaron Goland (Exchange)" <yarong@Exchange.Microsoft.com>
cc: "Richard C." <zhengc@ea.oac.uci.edu>, "'WebDAV'" <w3c-dist-auth@w3.org>
Message-ID: <Pine.LNX.4.10.9911012344050.31387-100000@nebula.lyra.org>
All right... true... the spec is a bit different than I implied. Section
17.1 spells it out. Yes, it must be supported (as opposed to always
required), and yes, you can use anything you want... *IF* you use a secure
channel.

Over plain old HTTP, the spec does state that Basic must not be used.

Yes, I'm being picky here, but you were first :-)

Cheers,
-g

On Mon, 1 Nov 1999, Yaron Goland (Exchange) wrote:
> The spec says that digest MUST be supported. You can use anything you want,
> including nothing.
> 
> > -----Original Message-----
> > From: Greg Stein [mailto:gstein@lyra.org]
>...
> > The WebDAV spec states that Digest authentication must be used.
> > 
> > However, all clients and servers, that I'm aware of, are 
> > flexible in this
> > regard. For example, Apache and mod_dav will allow the use of Basic
> > authentication.

--
Greg Stein, http://www.lyra.org/
Received on Tuesday, 2 November 1999 02:45:13 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:52 GMT