digest (rfc 2617) authentication

From: Robert Collins <robert.collins@dont-contact.us>
Date: Mon, 18 Dec 2000 23:01:40 +1300

If anyone wants to play with digest authentication in squid, the auth_digest
branch on sourceforge now has working code.

It's still primitive and feature incomplete. Here are some notes:
configure
with --enable-auth=basic,digest --enable-digest-auth-modules=password
* the nonce is currently static.
* the helper I have written 'password' stores the plaintext password. This
is not needed if the realm is known when the user changes their password.
However that gets into integration with backend directories and the like...
too hard bin for now.

The helper protocol is
squid-helper "username":"realm"
helper->squid ERR | H(username,realm,password)

so a more secure helper would have username,realm,H() triples stored. The
one I've written has user,password couples stored, and creates
H(username,realm,password) on the fly.

Rob
Received on Mon Dec 18 2000 - 03:08:01 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:13:05 MST