1digest_file_auth(8)         System Manager's Manual        digest_file_auth(8)
2
3
4

NAME

6       digest_file_auth - File based digest authentication helper for Squid.
7
8       Version 1.0
9

SYNOPSIS

11       digest_file_auth [-c] file
12

DESCRIPTION

14       digest_file_auth  is  an  installed  binary  authentication program for
15       Squid. It handles  digest  authentication  protocol  and  authenticates
16       against a text file backend.
17

OPTIONS

19       -c          Accept digest hashed passwords rather than plaintext in the
20                   password file
21

CONFIGURATION

23       Username database file format:
24
25       - comment lines are possible and should start with a '#';
26
27       - empty or blank lines are possible;
28
29       - plaintext entry format is username:password
30
31       - HA1 entry format is username:realm:HA1
32
33       To build a directory integrated backend, you need to be able to  calcu‐
34       late  the  HA1 returned to squid. To avoid storing a plaintext password
35       you can calculate MD5(username:realm:password) when  the  user  changes
36       their  password, and store the tuple username:realm:HA1.  then find the
37       matching username:realm when squid asks for the HA1.
38
39       This implementation could be improved by using such a  triple  for  the
40       file  format.   However  storing  such  a triple does little to improve
41       security: If compromised the username:realm:HA1 combination is  "plain‐
42       text equivalent" - for the purposes of digest authentication they allow
43       the user access. Password syncronisation is not  tackled  by  digest  -
44       just preventing on the wire compromise.
45

AUTHOR

47       This program was written by Robert Collins <robertc@squid-cache.org>
48
49       Based on prior work by Arjan de Vet <Arjan.deVet@adv.iae.nl>
50
51       This  manual  was  written  by Robert Collins <robertc@squid-cache.org>
52       Amos Jeffries <amosjeffries@squid-cache.org>
53

55       This program and documentation is copyright to the authors named above.
56
57       Distributed under the GNU General Public License (GNU GPL) version 2 or
58       later (GPLv2+).
59

QUESTIONS

61       Questions  on  the usage of this program can be sent to the Squid Users
62       mailing list <squid-users@squid-cache.org>
63

REPORTING BUGS

65       Bug reports  need  to  be  made  in  English.   See  http://wiki.squid-
66       cache.org/SquidFaq/BugReporting for details of what you need to include
67       with your bug report.
68
69       Report bugs or bug fixes using http://bugs.squid-cache.org/
70
71       Report serious security bugs to Squid Bugs <squid-bugs@squid-cache.org>
72
73       Report ideas for new improvements to the Squid Developers mailing  list
74       <squid-dev@squid-cache.org>
75

SEE ALSO

77       squid(8), GPL(7),
78       The Squid FAQ wiki http://wiki.squid-cache.org/SquidFaq
79       The Squid Configuration Manual http://www.squid-cache.org/Doc/config/
80
81
82
83                                                           digest_file_auth(8)
Impressum