In my opinion this does not make sense.

The username value is taken from the username field of (Proxy-)Authorization header and that is the value the UAC used to build the Digest response. If you use a different value, practically the authentication fails. The Digest response has the username hashed inside, the HA1 being MD5(username:realm:password). To have a successful authentication, the same username must be used by server side as well.

If you just need to load the password by matching a different username, then sqlops can be used to do any kind of query. Anyhow pv_www_authenticate() doesn't do any database query.

In case you want to achieve something else, I would suggest to discuss first on sr-users mailing list to properly understand the needs. Again, this one with a custom username contradicts the authentication algorithm specs. I am closing this one for now, it can be reopened if there is a different conclusion after discussions on sr-users mailing list.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.