]> git.ipfire.org Git - thirdparty/squid.git/blame - helpers/digest_auth/file/digest_file_auth.8
projects / thirdparty / squid.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Maintenance: bit more debug on snapshots
[thirdparty/squid.git] / helpers / digest_auth / file / digest_file_auth.8
CommitLineData
54e8823b
AJ		 1.if !'po4a'hide' .TH digest_file_auth 8
2.
2cd86812 3.SH NAME
54e8823b
AJ		 4.if !'po4a'hide' .B digest_file_auth
5.if !'po4a'hide' \-
6File based digest authentication helper for Squid.
2cd86812 7.PP
54e8823b
AJ		 8Version 1.0
9.
10.SH SYNOPSIS
11.if !'po4a'hide' .B digest_file_auth
12.if !'po4a'hide' .B [\-c]
13file
14.
15.SH DESCRIPTION
16.B digest_file_auth
17is an installed binary authentication program for Squid. It handles digest
18authentication protocol and authenticates against a text file backend.
19.
20.SH OPTIONS
21.if !'po4a'hide' .TP 12
22.if !'po4a'hide' .B \-c
23Accept digest hashed passwords rather than plaintext in the password file
24.
25.SH CONFIGURATION
26.PP
27Username database file format:
28.TP 6
29- comment lines are possible and should start with a '#';
30.
31.TP
32- empty or blank lines are possible;
33.
34.TP
35- plaintext entry format is username:password
36.
37.TP
38- HA1 entry format is username:realm:HA1
39.
40.PP
41To build a directory integrated backend, you need to be able to
42calculate the HA1 returned to squid. To avoid storing a plaintext
43password you can calculate
44.B MD5(username:realm:password)
45when the user changes their password, and store the tuple
46.B username:realm:HA1.
47then find the matching
48.B username:realm
49when squid asks for the HA1.
50.PP
51This implementation could be improved by using such a triple for
52the file format. However storing such a triple does little to
53improve security: If compromised the
54.B username:realm:HA1
55combination is "plaintext equivalent" - for the purposes of digest authentication
56they allow the user access. Password syncronisation is not tackled
57by digest - just preventing on the wire compromise.
58.
59.SH AUTHOR
60This program was written by
61.if !'po4a'hide' .I Robert Collins <robertc@squid-cache.org>
62.PP
63Based on prior work by
64.if !'po4a'hide' .I Arjan de Vet <Arjan.deVet@adv.iae.nl>
65.if !'po4a.hide' .I Jon Thackray <jrmt@uk.gdscorp.com>
66.PP
67This manual was written by
68.if !'po4a'hide' .I Robert Collins <robertc@squid-cache.org>
69.if !'po4a'hide' .I Amos Jeffries <squid3@treenet.co.nz>
70.
71.SH COPYRIGHT
72This program and documentation is copyright to the authors named above.
73.PP
74Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
75.
76.SH QUESTIONS
77Questions on the usage of this program can be sent to the
78.I Squid Users mailing list
79.if !'po4a'hide' <squid-users@squid-cache.org>
80.
81.SH REPORTING BUGS
82Bug reports need to be made in English.
83See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
84.PP
85Report bugs or bug fixes using http://bugs.squid-cache.org/
86.PP
87Report serious security bugs to
88.I Squid Bugs <squid-bugs@squid-cache.org>
89.PP
90Report ideas for new improvements to the
91.I Squid Developers mailing list
92.if !'po4a'hide' <squid-dev@squid-cache.org>
93.
94.SH SEE ALSO
95.if !'po4a'hide' .BR squid "(8) "
96.br
97The Squid FAQ wiki
98.if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq
99.br
100The Squid Configuration Manual
101.if !'po4a'hide' http://www.squid-cache.org/Doc/config/
Mirror of https://github.com/squid-cache/squid.git