1digest_file_auth(8)         System Manager's Manual        digest_file_auth(8)
2
3
4

NAME

6       digest_file_auth - File based digest authentication helper for Squid.
7
8       Version 1.1
9

SYNOPSIS

11       digest_file_auth [-c] file
12

DESCRIPTION

14       digest_file_auth  is  an  installed  binary  authentication program for
15       Squid. It handles  digest  authentication  protocol  and  authenticates
16       against  a  text  file backend.  This program will automatically detect
17       the existence of a concurrency channel-ID and adjust appropriately.  It
18       may  be used with any value 0 or above for the auth_param children con‐
19       currency= parameter.
20

OPTIONS

22       -c          Accept digest hashed passwords rather than plaintext in the
23                   password file
24

CONFIGURATION

26       Username database file format:
27
28       - comment lines are possible and should start with a '#';
29
30       - empty or blank lines are possible;
31
32       - plaintext entry format is username:password
33
34       - HA1 entry format is username:realm:HA1
35
36       To  build a directory integrated backend, you need to be able to calcu‐
37       late the HA1 returned to squid. To avoid storing a  plaintext  password
38       you  can  calculate  MD5(username:realm:password) when the user changes
39       their password, and store the tuple username:realm:HA1.  then find  the
40       matching username:realm when squid asks for the HA1.
41
42       This  implementation  could  be improved by using such a triple for the
43       file format.  However storing such a triple does little to improve  se‐
44       curity: If compromised the username:realm:HA1 combination is "plaintext
45       equivalent" - for the purposes of digest authentication they allow  the
46       user  access.  Password synchronization is not tackled by digest - just
47       preventing on the wire compromise.
48

AUTHOR

50       This program was written by Robert Collins <robertc@squid-cache.org>
51
52       Based on prior work by Arjan de Vet <Arjan.deVet@adv.iae.nl>
53
54       This manual was written  by  Robert  Collins  <robertc@squid-cache.org>
55       Amos Jeffries <amosjeffries@squid-cache.org>
56

COPYRIGHT

58        *  Copyright (C) 1996-2023 The Squid Software Foundation and contribu‐
59       tors
60        *
61        * Squid software is distributed under GPLv2+ license and includes
62        * contributions from numerous individuals and organizations.
63        * Please see the COPYING and CONTRIBUTORS files for details.
64
65       This program and documentation is copyright to the authors named above.
66
67       Distributed under the GNU General Public License (GNU GPL) version 2 or
68       later (GPLv2+).
69

QUESTIONS

71       Questions  on  the usage of this program can be sent to the Squid Users
72       mailing list <squid-users@lists.squid-cache.org>
73

REPORTING BUGS

75       Bug reports need  to  be  made  in  English.   See  https://wiki.squid-
76       cache.org/SquidFaq/BugReporting for details of what you need to include
77       with your bug report.
78
79       Report bugs or bug fixes using https://bugs.squid-cache.org/
80
81       Report serious security bugs  to  Squid  Bugs  <squid-bugs@lists.squid-
82       cache.org>
83
84       Report  ideas for new improvements to the Squid Developers mailing list
85       <squid-dev@lists.squid-cache.org>
86

SEE ALSO

88       squid(8), GPL(7),
89       The Squid FAQ wiki https://wiki.squid-cache.org/SquidFaq
90       The Squid Configuration Manual http://www.squid-cache.org/Doc/config/
91
92
93
94                                                           digest_file_auth(8)