table of contents
- buster 4.6-1+deb10u6
- buster-backports 4.11-2~bpo10+1
- testing 4.13-10
- unstable 4.13-10
| digest_file_auth(8) | System Manager's Manual | digest_file_auth(8) |
NAME¶
digest_file_auth - File based digest authentication helper for Squid.Version 1.1
SYNOPSIS¶
digest_file_auth [-c] fileDESCRIPTION¶
digest_file_auth is an installed binary authentication program for Squid. It handles digest authentication protocol and authenticates against a text file backend. This program will automatically detect the existence of a concurrency channel-ID and adjust appropriately. It may be used with any value 0 or above for the auth_param children concurrency= parameter.OPTIONS¶
- -c
- Accept digest hashed passwords rather than plaintext in the password file
CONFIGURATION¶
Username database file format:- - comment lines are possible and should start with a '#';
- - empty or blank lines are possible;
- - plaintext entry format is username:password
- - HA1 entry format is username:realm:HA1
To build a directory integrated backend, you need to be able to calculate the HA1 returned to squid. To avoid storing a plaintext password you can calculate MD5(username:realm:password) when the user changes their password, and store the tuple username:realm:HA1. then find the matching username:realm when squid asks for the HA1.
This implementation could be improved by using such a triple for the file format. However storing such a triple does little to improve security: If compromised the username:realm:HA1 combination is "plaintext equivalent" - for the purposes of digest authentication they allow the user access. Password synchronization is not tackled by digest - just preventing on the wire compromise.
AUTHOR¶
This program was written by Robert Collins <robertc@squid-cache.org>Based on prior work by Arjan de Vet <Arjan.deVet@adv.iae.nl>
This manual was written by Robert Collins <robertc@squid-cache.org> Amos Jeffries <amosjeffries@squid-cache.org>
COPYRIGHT¶
* Copyright (C) 1996-2019 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details.This program and documentation is copyright to the authors named above.
Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
QUESTIONS¶
Questions on the usage of this program can be sent to the Squid Users mailing list <squid-users@lists.squid-cache.org>REPORTING BUGS¶
Bug reports need to be made in English. See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.Report bugs or bug fixes using http://bugs.squid-cache.org/
Report serious security bugs to Squid Bugs <squid-bugs@lists.squid-cache.org>
Report ideas for new improvements to the Squid Developers mailing list <squid-dev@lists.squid-cache.org>
SEE ALSO¶
squid(8), GPL(7),The Squid FAQ wiki http://wiki.squid-cache.org/SquidFaq
The Squid Configuration Manual http://www.squid-cache.org/Doc/config/