Digest authentication
I”ve been waiting for digest authentication for webservers for ages. It turns out that, surprise, IIS is incompatible with Apache and the RFC.
According to eWeek, IIS and IE work with one another for digest authentication but neither will operate with non-MS servers/clients.
MS’’s response to people’’s complaints about them once again breaking a standard by implementing it incompatibly was to say, “the nature of this particular issue does not put customer data at risk or pose a known security threat, so the fix will be prioritized accordingly”. Which looks to me like not-so-secret code for ah-ha-ha-ha, suckers, that’’s one more idea we didn”t invent that no-one will now ever be able to use. Conspiracy theorist? Me? I mean, come on, does it look to you like it was an accident on their part? Are they leaping to fix it and be standards-compliant? Are they hell. So IE and IIS work together as a pair, and Apache and Mozilla implement the RFC (meaning that any other browser, like, say, Konqueror, or Opera, that implements the digest RFC will work with Apache, but not with IIS). Great. Microsoft on one side of the wall and everyone else on the other. Again.
—–