On Sat, 10 Apr 2004, Prash wrote:

> To implement this, I have to write a authenticator either (maybe in perl) ..
> say digest. Basic is easy but password is not encrypted over the wire. I'm
> thinking of storing all the user/passwords in a dbm file and have the
> authenticator read it. Time it every 15 min and keep updating the dbm file.


Sounds good.

> For this I've set the
> auth_param digest credentialsttl 0.25 hours
> auth_param digest program /etc/squid/test/test.pl
> auth_param digest children 5
> auth_param digest realm My External Authenticator
> auth_param digest nonce_garbage_interval 5 minutes
> auth_param digest nonce_max_duration 30 minutes
> auth_param digest nonce_max_count 50
>
> Is there any simple way to achieve the above? Also I've no experience
> writing digest authenticator for squid. Can anyone give me pointers please?


All the Digest authenticators for Squid needs to do is to return the
current HA1 Digest hash value for the user. This is the same has as
generated by the Apache htdigest command and documented in RFC2617, or in
perl speak

use Digest::MD5 qw(md5_hex);
my $HA1 = md5_hex( join(":", $user, $realm, $password) );

The realm must match what you have set in squid.conf auth_param digest
realm.

The exact details on the Digest authenticator helper protocol syntax is
documented in squid.conf..

Regards
Henrik