==============================================================================
        Digest Authentication Plugin for iPlanet Directory Server 5.0
==============================================================================

Digest Authentication, as defined in RFC 2617, is an authentication mechanism 
that provides a way for a browser to authenticate without sending the user's
password as cleartext. This is accomplished by using the MD5 algorithm to
create a hash using the user's password and some information provided by
the Web Server. This hash is then re-computed using the Digest Auth plugin
and compared against the hash provided by the client.

In order for this to work, the Directory server needs access to the user's 
password in cleartext. iDS 5.0 includes a reversable password plugin. This 
uses a symmetric key algorithm (such as DES) to store data in an encrypted form
that the iDS can later decrypt to its original form. Only the iDS holds the
key to the data.

==============================================================================
                                Installation
==============================================================================

The plugin consists of a shared library. This shared library/dll
libdigest-plugin.[so|sl|dll] and LDIF libdigest-plugin.ldif needs to reside
on the same server machine that the iDS is installed on.

To work with Solaris 64-bit iDS, you need 64-bit libdigest-plugin.so 
for Solaris. Please notice that in the libdigest-plugin.ldif file don't 
prefix 64/ before libdigest-plugin.so but libdigest-plugin.so should 
be placed in 64/ directory.
Please refer http://docs.sun.com/db/doc/816-6702-10 for more detail.

You will also need the Directory Manager password 

It is is installed by using the ldapmodify command found in 
[server-root]/shared/bin/ldapmodify

The first thing you need to do is modify the libdigest-plugin.ldif file and
change all references to /path/to to the location you installed the digest
plugin shared library.

To install the plugin, issue the command:

  % ldapmodify -D "cn=Directory Manager" -w password -a < libdigest-plugin.ldif

You also need to tell iDS to use the DES algorithm to encrypt the attribute
where the digest password is stored. To do this:

   - launch Console
   - open your iDS 5.0 instance
   - select the Configuration tab
   - click on the + sign next to plugins
   - select the DES plugin
   - click Add to add a new attribute
   - enter iplanetReversiblePassword
   - click Save
   - restart your iDS instance

==============================================================================
                               Entry Requirements 
==============================================================================

The server uses the iplanetReversiblePassword attribute which is in the
object class iplanetReversiblePasswordobject. In order to use Digest
Authentication for a user entry they must have both the objectclass and
attribute in their entry.

==============================================================================
                                   Debugging
==============================================================================

Turn on plugin debugging in the Console to obtain fairly verbose information
on what the digest plugin is doing and how the entries are being processed.
