Re: Intruducing myself

From: Robert Collins <robertc@dont-contact.us>
Date: 06 Nov 2002 11:49:14 +1100

On Wed, 2002-11-06 at 11:40, Henrik Nordstrom wrote:
> On Wednesday 06 November 2002 00.00, Robert Collins wrote:
>
> > The digest standard allows for third party authentication, where an
> > external program does not disclose the HA1 directly, but as yet,
> > I've not implemented this.
>
> Right. Implementing MD5-sess is a bit pointless without a serious
> context where it makes sense, but a first step would be to supply
> server and client nounces in the HA1 helper request.

I need to recheck the details, but IIRC I was going to run a separate
helper format when doing 3rd party auth. An LDAP server module should be
able to implement 3rd part auth quite well.

> Hmm.. what is the helper request format for Digest? The "password"
> helper makes me somewhat confused with it's use of strtok and
> quotes..

Ermm, from auth_digest.cc

snprintf(buf, 8192, "\"%s\":\"%s\"\n", digest_user->username,
digest_request->realm);

that is
"user foo":"realm bar"

It returns the hex encoded HA1.

Rob

Received on Tue Nov 05 2002 - 17:49:37 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:18:38 MST