JMP Protocol
AUTH-DIGEST
The JMP connection requires a login and will respond with a "401 Unauthorized"
error text pending a successful login. The server provides a unique "Nonce"
string as part of this message. This can be used in conjunction with the
username and password to calculate the appropriate Authorization Digest.
This requires a MD5 message digest calculation which generates a 16 byte
digest represented as 32 hexadecimal characters. The calculation proceeds
as follows:
Digest = Username + ":" + MD5(Username + ":" + Nonce + ":" + Password)
Where Username, Password, Nonce and Digest are all strings. The resulting
Digest string is returned in the "Auth-Digest" member. Here is an example
login with the default administrator's account.
TRANSMITTED RECEIVED
{
"Message":""
}
{
"Message":"Error",
"Text":"401 Unauthorized",
"Nonce":"bc581a9683d3e1857218db135e4b"
}
{
"Auth-Digest":"jnior:6b7b418f223e7e0dc600c41c7b6644b3"
}
{
"Message":"Authenticated",
"Administrator":true,
"Control":true
}
NOTES
The login requirement can be disabled. This creates a huge security
vulnerability and is to be highly discouraged. Do not disable login
requirements.
[/flash/manpages/protocol.hlp:1778]