src/auth/digest/file/digest_file_auth.8

   1 .if !'po4a'hide' .TH digest_file_auth 8
   2 .
   3 .SH NAME
   4 digest_file_auth \- File based digest authentication helper for Squid.
   5 .PP
   6 Version 1.1
   7 .
   8 .SH SYNOPSIS
   9 .if !'po4a'hide' .B digest_file_auth
  10 .if !'po4a'hide' .B [\-c]
  11 file
  12 .
  13 .SH DESCRIPTION
  14 .B digest_file_auth
  15 is an installed binary authentication program for Squid. It handles digest
  16 authentication protocol and authenticates against a text file backend.
  17 .
  18 This program will automatically detect the existence of a concurrency channel-ID and adjust appropriately.
  19 It may be used with any value 0 or above for the auth_param children concurrency= parameter.
  20 .
  21 .SH OPTIONS
  22 .if !'po4a'hide' .TP 12
  23 .if !'po4a'hide' .B \-c
  24 Accept digest hashed passwords rather than plaintext in the password file
  25 .
  26 .SH CONFIGURATION
  27 .PP
  28 Username database file format:
  29 .TP 6
  30 - comment lines are possible and should start with a '#';
  31 .
  32 .TP
  33 - empty or blank lines are possible;
  34 .
  35 .TP
  36 - plaintext entry format is username:password
  37 .
  38 .TP
  39 - HA1 entry format is username:realm:HA1
  40 .
  41 .PP
  42 To build a directory integrated backend, you need to be able to
  43 calculate the HA1 returned to squid. To avoid storing a plaintext
  44 password you can calculate
  45 .B MD5(username:realm:password)
  46 when the user changes their password, and store the tuple
  47 .B username:realm:HA1.
  48 then find the matching
  49 .B username:realm
  50 when squid asks for the HA1.
  51 .PP
  52 This implementation could be improved by using such a triple for
  53 the file format.  However storing such a triple does little to
  54 improve security: If compromised the
  55 .B username:realm:HA1
  56 combination is "plaintext equivalent" - for the purposes of digest authentication
  57 they allow the user access. Password synchronization is not tackled
  58 by digest - just preventing on the wire compromise.
  59 .
  60 .SH AUTHOR
  61 This program was written by
  62 .if !'po4a'hide' .I Robert Collins <robertc@squid-cache.org>
  63 .PP
  64 Based on prior work by
  65 .if !'po4a'hide' .I Arjan de Vet <Arjan.deVet@adv.iae.nl>
  66 .if !'po4a.hide' .I Jon Thackray <jrmt@uk.gdscorp.com>
  67 .PP
  68 This manual was written by
  69 .if !'po4a'hide' .I Robert Collins <robertc@squid-cache.org>
  70 .if !'po4a'hide' .I Amos Jeffries <amosjeffries@squid-cache.org>
  71 .
  72 .SH COPYRIGHT
  73 .PP
  74  * Copyright (C) 1996-2018 The Squid Software Foundation and contributors
  75  *
  76  * Squid software is distributed under GPLv2+ license and includes
  77  * contributions from numerous individuals and organizations.
  78  * Please see the COPYING and CONTRIBUTORS files for details.
  79 .PP
  80 This program and documentation is copyright to the authors named above.
  81 .PP
  82 Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
  83 .
  84 .SH QUESTIONS
  85 Questions on the usage of this program can be sent to the
  86 .I Squid Users mailing list
  87 .if !'po4a'hide' <squid-users@lists.squid-cache.org>
  88 .
  89 .SH REPORTING BUGS
  90 Bug reports need to be made in English.
  91 See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
  92 .PP
  93 Report bugs or bug fixes using http://bugs.squid-cache.org/
  94 .PP
  95 Report serious security bugs to
  96 .I Squid Bugs <squid-bugs@lists.squid-cache.org>
  97 .PP
  98 Report ideas for new improvements to the
  99 .I Squid Developers mailing list
 100 .if !'po4a'hide' <squid-dev@lists.squid-cache.org>
 101 .
 102 .SH SEE ALSO
 103 .if !'po4a'hide' .BR squid "(8), "
 104 .if !'po4a'hide' .BR GPL "(7), "
 105 .br
 106 The Squid FAQ wiki
 107 .if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq
 108 .br
 109 The Squid Configuration Manual
 110 .if !'po4a'hide' http://www.squid-cache.org/Doc/config/