test

Sun Java System Web Server 6.1 SP9 Administrator's Guide

Installing the Digest Authentication Plug-in

For digest authentication using an LDAP-based directory service, you need to install the digest authentication plug-in. This plug-in computes a digest value on the server side, and compares this against the digest value provided by the client. If the digest values match, the user is authenticated.

If you’re using a file-based authentication database, you don’t need to install the digest authentication plug-in.

Installing the Digest Authentication Plug-in on UNIX

The Digest Authentication plug-in consists of a shared library found in the following files:

ProcedureTo install the Digest Authentication plug-in on UNIX

  1. Make sure this shared library resides on the same server machine that the Sun Java System Directory Server is installed on.

  2. Make sure you know the Directory Manager password.

  3. Modify the libdigest-plugin.ldif file changing all references to the /path/to to the location where you installed the digest plug-in shared library.

    Note –

    libdigest-plugin.ldif is available at server-root/plugins/digest/libdigest-plugin.ldif.

  4. To install the plug-in, enter the following command:

    % ldapmodify -D "cn=Directory Manager" -w password -a < libdigest-plugin.ldif

Installing the Digest Authentication Plug-in on Windows

You need to copy several .dll files from the Sun Java System Web Server installation to your Sun Java System Directory Server server machine in order for Sun Java System Directory Server to start properly with the Digest plug-in.

ProcedureTo install the Digest Authentication plug-in on Windows

  1. Access the shared libraries on the Sun Java System Web Server installation in:

    [server_root]\bin\https\bin

  2. Copy the following files:

    • The nsldap32v50.dll file

      • The libspnr4.dll file

      • The libplds4.dll file

  3. Paste them into either:

    • \Winnt\system32

      • Sun Java System Directory Server install directory: [server_root]\bin\sldap\server

Setting the Sun Java System Directory Server to Use the DES Algorithm

The DES algorithm is needed to encrypt the attribute that stores the digest password.

ProcedureTo configure the Sun Java System Directory Server to use the DES algorithm

  1. Launch the Sun Java System Directory Server Console.

  2. Open your iDS 5.0 instance.

  3. Select the Configuration tab.

  4. Click on the + sign next to plug-ins.

  5. Select the DES plug-in.

  6. Choose Add to add a new attribute.

  7. Enter iplanetReversiblePassword.

  8. Click Save.

  9. Restart your Sun Java System Directory Server instance.

    Note –

    The iplanetReversiblePasswordobject attribute stores the password for digest authentication. To set a digest authentication password in the iplanetReversiblePassword attribute for a user, your entry must include the iplanetReversiblePasswordobject object.