When a web app contains an error page for code 401 like <error-page> <error-code>401</error-code> <location>/401.html</location> </error-page> The header WWW-Authenticate: Basic realm="Protected Area name" is not sent causing HTTP/1.1 agents not to pop the login box.
Marking as INVALID in order to close this very old and unconfirmed bug. In case this is still a matter of concern, please try on the latest stable Tomcat, and ask your query on the tomcat-user list where you're more likely to receive responses from long time users.