NAME¶
digest_file_auth - File based digest authentication helper for Squid.
Version 1.0
SYNOPSIS¶
digest_file_auth [-c] file
DESCRIPTION¶
digest_file_auth is an installed binary authentication program for Squid.
It handles digest authentication protocol and authenticates against a text
file backend.
OPTIONS¶
- -c
- Accept digest hashed passwords rather than plaintext in the
password file
CONFIGURATION¶
Username database file format:
- - comment lines are possible and should start with a
'#';
- - empty or blank lines are possible;
- - plaintext entry format is username:password
- - HA1 entry format is username:realm:HA1
To build a directory integrated backend, you need to be able to calculate the
HA1 returned to squid. To avoid storing a plaintext password you can calculate
MD5(username:realm:password) when the user changes their password, and
store the tuple
username:realm:HA1. then find the matching
username:realm when squid asks for the HA1.
This implementation could be improved by using such a triple for the file
format. However storing such a triple does little to improve security: If
compromised the
username:realm:HA1 combination is "plaintext
equivalent" - for the purposes of digest authentication they allow the
user access. Password syncronisation is not tackled by digest - just
preventing on the wire compromise.
AUTHOR¶
This program was written by
Robert Collins
<robertc@squid-cache.org>
Based on prior work by
Arjan de Vet <Arjan.deVet@adv.iae.nl>
This manual was written by
Robert Collins <robertc@squid-cache.org>
Amos Jeffries <amosjeffries@squid-cache.org>
COPYRIGHT¶
This program and documentation is copyright to the authors named above.
Distributed under the GNU General Public License (GNU GPL) version 2 or later
(GPLv2+).
QUESTIONS¶
Questions on the usage of this program can be sent to the
Squid Users mailing
list <squid-users@squid-cache.org>
REPORTING BUGS¶
Bug reports need to be made in English. See
http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need
to include with your bug report.
Report bugs or bug fixes using
http://bugs.squid-cache.org/
Report serious security bugs to
Squid Bugs
<squid-bugs@squid-cache.org>
Report ideas for new improvements to the
Squid Developers mailing list
<squid-dev@squid-cache.org>
SEE ALSO¶
squid(8),
GPL(7),
The Squid FAQ wiki
http://wiki.squid-cache.org/SquidFaq
The Squid Configuration Manual
http://www.squid-cache.org/Doc/config/