On Wed, 2002-11-06 at 11:40, Henrik Nordstrom wrote:
> On Wednesday 06 November 2002 00.00, Robert Collins wrote:
>
> > The digest standard allows for third party authentication, where an
> > external program does not disclose the HA1 directly, but as yet,
> > I've not implemented this.
>
> Right. Implementing MD5-sess is a bit pointless without a serious
> context where it makes sense, but a first step would be to supply
> server and client nounces in the HA1 helper request.
I need to recheck the details, but IIRC I was going to run a separate
helper format when doing 3rd party auth. An LDAP server module should be
able to implement 3rd part auth quite well.
> Hmm.. what is the helper request format for Digest? The "password"
> helper makes me somewhat confused with it's use of strtok and
> quotes..
Ermm, from auth_digest.cc
snprintf(buf, 8192, "\"%s\":\"%s\"\n", digest_user->username,
digest_request->realm);
that is
"user foo":"realm bar"
It returns the hex encoded HA1.
Rob
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:18:38 MST