Re: browser authentication (was Re: Intruducing myself)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 6 Nov 2002 00:06:01 +0100

On Tuesday 05 November 2002 23.46, Josef.Irnberger wrote:

> The digest HTTP authentication seems appropriate to me. As it is
> part of the HTML/1.1 standard, I guess most browsers will support
> it.

Some do.. Robert Collins probably knows more on this.

> Have there been any attempts to implement the digest authentication
> in squid, and if not, why not? Should I try to write an
> experimental implementation for this?

Yes.

Basic support for HTTP Digest authentication was added in Squid-2.5
and is included in the Squid version you have. See "configure --help"
(--enable-auth=... and --enable-digest-auth-helpers=... options) and
helpers/digest_auth/. Currenty there is only one Digest auth helper
to Squid, using plain text password files.

The HTTP Digest implementation is still a bit rought around the edges
however..

As said in my previous message you could probably utilize LDAP to
store the password hashes required for HTTP Digest authentication if
you like but this will most likely be separate from the normal
userPassword LDAP attribute, and require special attention when the
user changes his password to keep the two in synch.

See helpers/digest_auth/password/digest_pw_auth.c for more info.

Regards
Henrik
Received on Tue Nov 05 2002 - 16:06:10 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:18:38 MST