This is a discussion on RE: [squid-users] External Authenticator help! - squid ; Thanks for your reply, Henrik. I've written the authenticator. But the funny thing is my value does not match the htdigest value?? I've used the md5_hex exactly as you've shown below. Am I doing something wrong? I've tried md5_base64 as ...
Thanks for your reply, Henrik.
I've written the authenticator. But the funny thing is my value does not
match the htdigest value?? I've used the md5_hex exactly as you've shown
below. Am I doing something wrong? I've tried md5_base64 as well.
perl -e 'use Digest::MD5 qw(md5_hex); my $value = md5_hex(join(":",
"78069102","Cyber","h6VOPgOfY1")); print "$value\n";'
$htdigest -c ./me.passwd 78069102 Cyber
Adding password for Cyber in realm 78069102.
Re-type new password:
[root@hand1 kiosk]# cat me.passwd
From: Henrik Nordstrom [mailto:email@example.com]
Sent: 10 April 2004 12:48
Subject: Re: [squid-users] External Authenticator help!
On Sat, 10 Apr 2004, Prash wrote:
> To implement this, I have to write a authenticator either (maybe in perl)
> say digest. Basic is easy but password is not encrypted over the wire. I'm
> thinking of storing all the user/passwords in a dbm file and have the
> authenticator read it. Time it every 15 min and keep updating the dbm
> For this I've set the
> auth_param digest credentialsttl 0.25 hours
> auth_param digest program /etc/squid/test/test.pl
> auth_param digest children 5
> auth_param digest realm My External Authenticator
> auth_param digest nonce_garbage_interval 5 minutes
> auth_param digest nonce_max_duration 30 minutes
> auth_param digest nonce_max_count 50
> Is there any simple way to achieve the above? Also I've no experience
> writing digest authenticator for squid. Can anyone give me pointers
All the Digest authenticators for Squid needs to do is to return the
current HA1 Digest hash value for the user. This is the same has as
generated by the Apache htdigest command and documented in RFC2617, or in
use Digest::MD5 qw(md5_hex);
my $HA1 = md5_hex( join(":", $user, $realm, $password) );
The realm must match what you have set in squid.conf auth_param digest
The exact details on the Digest authenticator helper protocol syntax is
documented in squid.conf..