[thirdparty/squid.git] / src / auth / digest / file / digest_file_auth.8

.if !'po4a'hide' .TH digest_file_auth 8
.
.SH NAME
digest_file_auth \- File based digest authentication helper for Squid.
.PP
Version 1.1
.
.SH SYNOPSIS
.if !'po4a'hide' .B digest_file_auth
.if !'po4a'hide' .B [\-c]
file
.
.SH DESCRIPTION
.B digest_file_auth
is an installed binary authentication program for Squid. It handles digest 
authentication protocol and authenticates against a text file backend.
.
This program will automatically detect the existence of a concurrency channel-ID and adjust appropriately.
It may be used with any value 0 or above for the auth_param children concurrency= parameter.
.
.SH OPTIONS
.if !'po4a'hide' .TP 12
.if !'po4a'hide' .B \-c
Accept digest hashed passwords rather than plaintext in the password file
.
.SH CONFIGURATION
.PP
Username database file format:
.TP 6
- comment lines are possible and should start with a '#';
.
.TP
- empty or blank lines are possible;
.
.TP
- plaintext entry format is username:password
.
.TP
- HA1 entry format is username:realm:HA1
.
.PP
To build a directory integrated backend, you need to be able to
calculate the HA1 returned to squid. To avoid storing a plaintext
password you can calculate 
.B MD5(username:realm:password) 
when the user changes their password, and store the tuple 
.B username:realm:HA1.
then find the matching 
.B username:realm 
when squid asks for the HA1.
.PP
This implementation could be improved by using such a triple for
the file format.  However storing such a triple does little to
improve security: If compromised the
.B username:realm:HA1 
combination is "plaintext equivalent" - for the purposes of digest authentication
they allow the user access. Password synchronization is not tackled
by digest - just preventing on the wire compromise.
.
.SH AUTHOR
This program was written by
.if !'po4a'hide' .I Robert Collins <robertc@squid-cache.org>
.PP
Based on prior work by
.if !'po4a'hide' .I Arjan de Vet <Arjan.deVet@adv.iae.nl>
.if !'po4a.hide' .I Jon Thackray <jrmt@uk.gdscorp.com>
.PP
This manual was written by
.if !'po4a'hide' .I Robert Collins <robertc@squid-cache.org>
.if !'po4a'hide' .I Amos Jeffries <amosjeffries@squid-cache.org>
.
.SH COPYRIGHT
.PP
 * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
.PP
This program and documentation is copyright to the authors named above.
.PP
Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
.
.SH QUESTIONS
Questions on the usage of this program can be sent to the
.I Squid Users mailing list
.if !'po4a'hide' <squid-users@lists.squid-cache.org>
.
.SH REPORTING BUGS
Bug reports need to be made in English.
See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
.PP
Report bugs or bug fixes using http://bugs.squid-cache.org/
.PP
Report serious security bugs to
.I Squid Bugs <squid-bugs@lists.squid-cache.org>
.PP
Report ideas for new improvements to the
.I Squid Developers mailing list
.if !'po4a'hide' <squid-dev@lists.squid-cache.org>
.
.SH SEE ALSO
.if !'po4a'hide' .BR squid "(8), "
.if !'po4a'hide' .BR GPL "(7), "
.br
The Squid FAQ wiki
.if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq
.br
The Squid Configuration Manual
.if !'po4a'hide' http://www.squid-cache.org/Doc/config/
Commit	Line	Data
54e8823b AJ	1	.if !'po4a'hide' .TH digest_file_auth 8
54e8823b AJ	2	.
2cd86812	3	.SH NAME
d632afde	4	digest_file_auth \- File based digest authentication helper for Squid.
2cd86812	5	.PP
6cb2818d	6	Version 1.1
54e8823b AJ	7	.
	8	.SH SYNOPSIS
	9	.if !'po4a'hide' .B digest_file_auth
	10	.if !'po4a'hide' .B [\-c]
	11	file
	12	.
	13	.SH DESCRIPTION
	14	.B digest_file_auth
	15	is an installed binary authentication program for Squid. It handles digest
	16	authentication protocol and authenticates against a text file backend.
	17	.
2b61af8e	18	This program will automatically detect the existence of a concurrency channel-ID and adjust appropriately.
6cb2818d AJ	19	It may be used with any value 0 or above for the auth_param children concurrency= parameter.
6cb2818d AJ	20	.
54e8823b AJ	21	.SH OPTIONS
	22	.if !'po4a'hide' .TP 12
	23	.if !'po4a'hide' .B \-c
	24	Accept digest hashed passwords rather than plaintext in the password file
	25	.
	26	.SH CONFIGURATION
	27	.PP
	28	Username database file format:
	29	.TP 6
	30	- comment lines are possible and should start with a '#';
	31	.
	32	.TP
	33	- empty or blank lines are possible;
	34	.
	35	.TP
	36	- plaintext entry format is username:password
	37	.
	38	.TP
	39	- HA1 entry format is username:realm:HA1
	40	.
	41	.PP
	42	To build a directory integrated backend, you need to be able to
	43	calculate the HA1 returned to squid. To avoid storing a plaintext
	44	password you can calculate
	45	.B MD5(username:realm:password)
	46	when the user changes their password, and store the tuple
	47	.B username:realm:HA1.
	48	then find the matching
	49	.B username:realm
	50	when squid asks for the HA1.
	51	.PP
	52	This implementation could be improved by using such a triple for
	53	the file format. However storing such a triple does little to
	54	improve security: If compromised the
	55	.B username:realm:HA1
	56	combination is "plaintext equivalent" - for the purposes of digest authentication
2b61af8e	57	they allow the user access. Password synchronization is not tackled
54e8823b AJ	58	by digest - just preventing on the wire compromise.
	59	.
	60	.SH AUTHOR
	61	This program was written by
	62	.if !'po4a'hide' .I Robert Collins <robertc@squid-cache.org>
	63	.PP
	64	Based on prior work by
	65	.if !'po4a'hide' .I Arjan de Vet <Arjan.deVet@adv.iae.nl>
	66	.if !'po4a.hide' .I Jon Thackray <jrmt@uk.gdscorp.com>
	67	.PP
	68	This manual was written by
	69	.if !'po4a'hide' .I Robert Collins <robertc@squid-cache.org>
2da9607e	70	.if !'po4a'hide' .I Amos Jeffries <amosjeffries@squid-cache.org>
54e8823b AJ	71	.
54e8823b AJ	72	.SH COPYRIGHT
ca02e0ec	73	.PP
77b1029d	74	* Copyright (C) 1996-2020 The Squid Software Foundation and contributors
ca02e0ec AJ	75	*
	76	* Squid software is distributed under GPLv2+ license and includes
	77	* contributions from numerous individuals and organizations.
	78	* Please see the COPYING and CONTRIBUTORS files for details.
	79	.PP
54e8823b AJ	80	This program and documentation is copyright to the authors named above.
	81	.PP
	82	Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
	83	.
	84	.SH QUESTIONS
	85	Questions on the usage of this program can be sent to the
	86	.I Squid Users mailing list
8311b837	87	.if !'po4a'hide' <squid-users@lists.squid-cache.org>
54e8823b AJ	88	.
	89	.SH REPORTING BUGS
	90	Bug reports need to be made in English.
	91	See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
	92	.PP
	93	Report bugs or bug fixes using http://bugs.squid-cache.org/
	94	.PP
	95	Report serious security bugs to
8311b837	96	.I Squid Bugs <squid-bugs@lists.squid-cache.org>
54e8823b AJ	97	.PP
	98	Report ideas for new improvements to the
	99	.I Squid Developers mailing list
8311b837	100	.if !'po4a'hide' <squid-dev@lists.squid-cache.org>
54e8823b AJ	101	.
54e8823b AJ	102	.SH SEE ALSO
6d5cbee6 AJ	103	.if !'po4a'hide' .BR squid "(8), "
6d5cbee6 AJ	104	.if !'po4a'hide' .BR GPL "(7), "
54e8823b AJ	105	.br
	106	The Squid FAQ wiki
	107	.if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq
	108	.br
	109	The Squid Configuration Manual
	110	.if !'po4a'hide' http://www.squid-cache.org/Doc/config/