]>
Commit | Line | Data |
---|---|---|
54e8823b AJ |
1 | .if !'po4a'hide' .TH digest_file_auth 8 |
2 | . | |
2cd86812 | 3 | .SH NAME |
54e8823b AJ |
4 | .if !'po4a'hide' .B digest_file_auth |
5 | .if !'po4a'hide' \- | |
6 | File based digest authentication helper for Squid. | |
2cd86812 | 7 | .PP |
54e8823b AJ |
8 | Version 1.0 |
9 | . | |
10 | .SH SYNOPSIS | |
11 | .if !'po4a'hide' .B digest_file_auth | |
12 | .if !'po4a'hide' .B [\-c] | |
13 | file | |
14 | . | |
15 | .SH DESCRIPTION | |
16 | .B digest_file_auth | |
17 | is an installed binary authentication program for Squid. It handles digest | |
18 | authentication protocol and authenticates against a text file backend. | |
19 | . | |
20 | .SH OPTIONS | |
21 | .if !'po4a'hide' .TP 12 | |
22 | .if !'po4a'hide' .B \-c | |
23 | Accept digest hashed passwords rather than plaintext in the password file | |
24 | . | |
25 | .SH CONFIGURATION | |
26 | .PP | |
27 | Username database file format: | |
28 | .TP 6 | |
29 | - comment lines are possible and should start with a '#'; | |
30 | . | |
31 | .TP | |
32 | - empty or blank lines are possible; | |
33 | . | |
34 | .TP | |
35 | - plaintext entry format is username:password | |
36 | . | |
37 | .TP | |
38 | - HA1 entry format is username:realm:HA1 | |
39 | . | |
40 | .PP | |
41 | To build a directory integrated backend, you need to be able to | |
42 | calculate the HA1 returned to squid. To avoid storing a plaintext | |
43 | password you can calculate | |
44 | .B MD5(username:realm:password) | |
45 | when the user changes their password, and store the tuple | |
46 | .B username:realm:HA1. | |
47 | then find the matching | |
48 | .B username:realm | |
49 | when squid asks for the HA1. | |
50 | .PP | |
51 | This implementation could be improved by using such a triple for | |
52 | the file format. However storing such a triple does little to | |
53 | improve security: If compromised the | |
54 | .B username:realm:HA1 | |
55 | combination is "plaintext equivalent" - for the purposes of digest authentication | |
56 | they allow the user access. Password syncronisation is not tackled | |
57 | by digest - just preventing on the wire compromise. | |
58 | . | |
59 | .SH AUTHOR | |
60 | This program was written by | |
61 | .if !'po4a'hide' .I Robert Collins <robertc@squid-cache.org> | |
62 | .PP | |
63 | Based on prior work by | |
64 | .if !'po4a'hide' .I Arjan de Vet <Arjan.deVet@adv.iae.nl> | |
65 | .if !'po4a.hide' .I Jon Thackray <jrmt@uk.gdscorp.com> | |
66 | .PP | |
67 | This manual was written by | |
68 | .if !'po4a'hide' .I Robert Collins <robertc@squid-cache.org> | |
69 | .if !'po4a'hide' .I Amos Jeffries <squid3@treenet.co.nz> | |
70 | . | |
71 | .SH COPYRIGHT | |
72 | This program and documentation is copyright to the authors named above. | |
73 | .PP | |
74 | Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+). | |
75 | . | |
76 | .SH QUESTIONS | |
77 | Questions on the usage of this program can be sent to the | |
78 | .I Squid Users mailing list | |
79 | .if !'po4a'hide' <squid-users@squid-cache.org> | |
80 | . | |
81 | .SH REPORTING BUGS | |
82 | Bug reports need to be made in English. | |
83 | See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. | |
84 | .PP | |
85 | Report bugs or bug fixes using http://bugs.squid-cache.org/ | |
86 | .PP | |
87 | Report serious security bugs to | |
88 | .I Squid Bugs <squid-bugs@squid-cache.org> | |
89 | .PP | |
90 | Report ideas for new improvements to the | |
91 | .I Squid Developers mailing list | |
92 | .if !'po4a'hide' <squid-dev@squid-cache.org> | |
93 | . | |
94 | .SH SEE ALSO | |
95 | .if !'po4a'hide' .BR squid "(8) " | |
96 | .br | |
97 | The Squid FAQ wiki | |
98 | .if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq | |
99 | .br | |
100 | The Squid Configuration Manual | |
101 | .if !'po4a'hide' http://www.squid-cache.org/Doc/config/ |