Re: [squid-users] Squid3 Authentication digest ldap problema from Henrik Nordstrom on 2008-06-19 (squid-users)

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Thu, 19 Jun 2008 23:42:26 +0200

On tor, 2008-06-19 at 15:49 -0430, Edward Ortega wrote:
> Hi!
>
> I've a problem with authentication ldap on squid3 using digest, i'm
> using Squid Cache: Version 3.0.PRE5 on Debian ia64 :
>
> # /usr/lib/squid3/digest_ldap_auth -v 3 -b 'dc=something,dc=com' -F
> '(&(objectclass=posixAccount)(uid=%s))' -H 'ldap://ldap' -A
> 'userPassword' -l -e -d
> someuser somepassword
> ERR
>
> Any help would be appreciated, thanks!

Digest helpers expect a different input.

"username":"realm"<enter>
(with the quotes)

Additionally userPassword is usually write-only in most LDAP trees for
security reasons, and practically never contains a Digest H(A1) hash (-e
option).

The job of a digest helper is to return the Digest H(A1) hash for a
given username + realm combination. This can be based on either
plaintext passwords or precalculated digest H(A1) hashes stored in the
backend..

H(A1) is MD5(username + ":" + realm + ":" + password)

Regards
Henrik

application/pgp-signature attachment: This is a digitally signed message part

Received on Thu Jun 19 2008 - 21:42:33 MDT

This archive was generated by hypermail 2.2.0 : Fri Jun 20 2008 - 12:00:04 MDT