[thirdparty/squid.git] / helpers / digest_auth / file / digest_file_auth.8

.if !'po4a'hide' .TH digest_file_auth 8
.
.SH NAME
.if !'po4a'hide' .B digest_file_auth
.if !'po4a'hide' \-
File based digest authentication helper for Squid.
.PP
Version 1.1
.
.SH SYNOPSIS
.if !'po4a'hide' .B digest_file_auth
.if !'po4a'hide' .B [\-c]
file
.
.SH DESCRIPTION
.B digest_file_auth
is an installed binary authentication program for Squid. It handles digest 
authentication protocol and authenticates against a text file backend.
.
This program will automatically detect the existence of a concurrecy channel-ID and adjust appropriately.
It may be used with any value 0 or above for the auth_param children concurrency= parameter.
.
.SH OPTIONS
.if !'po4a'hide' .TP 12
.if !'po4a'hide' .B \-c
Accept digest hashed passwords rather than plaintext in the password file
.
.SH CONFIGURATION
.PP
Username database file format:
.TP 6
- comment lines are possible and should start with a '#';
.
.TP
- empty or blank lines are possible;
.
.TP
- plaintext entry format is username:password
.
.TP
- HA1 entry format is username:realm:HA1
.
.PP
To build a directory integrated backend, you need to be able to
calculate the HA1 returned to squid. To avoid storing a plaintext
password you can calculate 
.B MD5(username:realm:password) 
when the user changes their password, and store the tuple 
.B username:realm:HA1.
then find the matching 
.B username:realm 
when squid asks for the HA1.
.PP
This implementation could be improved by using such a triple for
the file format.  However storing such a triple does little to
improve security: If compromised the
.B username:realm:HA1 
combination is "plaintext equivalent" - for the purposes of digest authentication
they allow the user access. Password syncronisation is not tackled
by digest - just preventing on the wire compromise.
.
.SH AUTHOR
This program was written by
.if !'po4a'hide' .I Robert Collins <robertc@squid-cache.org>
.PP
Based on prior work by
.if !'po4a'hide' .I Arjan de Vet <Arjan.deVet@adv.iae.nl>
.if !'po4a.hide' .I Jon Thackray <jrmt@uk.gdscorp.com>
.PP
This manual was written by
.if !'po4a'hide' .I Robert Collins <robertc@squid-cache.org>
.if !'po4a'hide' .I Amos Jeffries <amosjeffries@squid-cache.org>
.
.SH COPYRIGHT
.PP
 * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
.PP
This program and documentation is copyright to the authors named above.
.PP
Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
.
.SH QUESTIONS
Questions on the usage of this program can be sent to the
.I Squid Users mailing list
.if !'po4a'hide' <squid-users@squid-cache.org>
.
.SH REPORTING BUGS
Bug reports need to be made in English.
See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
.PP
Report bugs or bug fixes using http://bugs.squid-cache.org/
.PP
Report serious security bugs to
.I Squid Bugs <squid-bugs@squid-cache.org>
.PP
Report ideas for new improvements to the
.I Squid Developers mailing list
.if !'po4a'hide' <squid-dev@squid-cache.org>
.
.SH SEE ALSO
.if !'po4a'hide' .BR squid "(8), "
.if !'po4a'hide' .BR GPL "(7), "
.br
The Squid FAQ wiki
.if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq
.br
The Squid Configuration Manual
.if !'po4a'hide' http://www.squid-cache.org/Doc/config/
Commit	Line	Data
54e8823b AJ	1	.if !'po4a'hide' .TH digest_file_auth 8
54e8823b AJ	2	.
2cd86812	3	.SH NAME
54e8823b AJ	4	.if !'po4a'hide' .B digest_file_auth
	5	.if !'po4a'hide' \-
	6	File based digest authentication helper for Squid.
2cd86812	7	.PP
6cb2818d	8	Version 1.1
54e8823b AJ	9	.
	10	.SH SYNOPSIS
	11	.if !'po4a'hide' .B digest_file_auth
	12	.if !'po4a'hide' .B [\-c]
	13	file
	14	.
	15	.SH DESCRIPTION
	16	.B digest_file_auth
	17	is an installed binary authentication program for Squid. It handles digest
	18	authentication protocol and authenticates against a text file backend.
	19	.
6cb2818d AJ	20	This program will automatically detect the existence of a concurrecy channel-ID and adjust appropriately.
	21	It may be used with any value 0 or above for the auth_param children concurrency= parameter.
	22	.
54e8823b AJ	23	.SH OPTIONS
	24	.if !'po4a'hide' .TP 12
	25	.if !'po4a'hide' .B \-c
	26	Accept digest hashed passwords rather than plaintext in the password file
	27	.
	28	.SH CONFIGURATION
	29	.PP
	30	Username database file format:
	31	.TP 6
	32	- comment lines are possible and should start with a '#';
	33	.
	34	.TP
	35	- empty or blank lines are possible;
	36	.
	37	.TP
	38	- plaintext entry format is username:password
	39	.
	40	.TP
	41	- HA1 entry format is username:realm:HA1
	42	.
	43	.PP
	44	To build a directory integrated backend, you need to be able to
	45	calculate the HA1 returned to squid. To avoid storing a plaintext
	46	password you can calculate
	47	.B MD5(username:realm:password)
	48	when the user changes their password, and store the tuple
	49	.B username:realm:HA1.
	50	then find the matching
	51	.B username:realm
	52	when squid asks for the HA1.
	53	.PP
	54	This implementation could be improved by using such a triple for
	55	the file format. However storing such a triple does little to
	56	improve security: If compromised the
	57	.B username:realm:HA1
	58	combination is "plaintext equivalent" - for the purposes of digest authentication
	59	they allow the user access. Password syncronisation is not tackled
	60	by digest - just preventing on the wire compromise.
	61	.
	62	.SH AUTHOR
	63	This program was written by
	64	.if !'po4a'hide' .I Robert Collins <robertc@squid-cache.org>
	65	.PP
	66	Based on prior work by
	67	.if !'po4a'hide' .I Arjan de Vet <Arjan.deVet@adv.iae.nl>
	68	.if !'po4a.hide' .I Jon Thackray <jrmt@uk.gdscorp.com>
	69	.PP
	70	This manual was written by
	71	.if !'po4a'hide' .I Robert Collins <robertc@squid-cache.org>
2da9607e	72	.if !'po4a'hide' .I Amos Jeffries <amosjeffries@squid-cache.org>
54e8823b AJ	73	.
54e8823b AJ	74	.SH COPYRIGHT
ca02e0ec AJ	75	.PP
	76	* Copyright (C) 1996-2014 The Squid Software Foundation and contributors
	77	*
	78	* Squid software is distributed under GPLv2+ license and includes
	79	* contributions from numerous individuals and organizations.
	80	* Please see the COPYING and CONTRIBUTORS files for details.
	81	.PP
54e8823b AJ	82	This program and documentation is copyright to the authors named above.
	83	.PP
	84	Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
	85	.
	86	.SH QUESTIONS
	87	Questions on the usage of this program can be sent to the
	88	.I Squid Users mailing list
	89	.if !'po4a'hide' <squid-users@squid-cache.org>
	90	.
	91	.SH REPORTING BUGS
	92	Bug reports need to be made in English.
	93	See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
	94	.PP
	95	Report bugs or bug fixes using http://bugs.squid-cache.org/
	96	.PP
	97	Report serious security bugs to
	98	.I Squid Bugs <squid-bugs@squid-cache.org>
	99	.PP
	100	Report ideas for new improvements to the
	101	.I Squid Developers mailing list
	102	.if !'po4a'hide' <squid-dev@squid-cache.org>
	103	.
	104	.SH SEE ALSO
6d5cbee6 AJ	105	.if !'po4a'hide' .BR squid "(8), "
6d5cbee6 AJ	106	.if !'po4a'hide' .BR GPL "(7), "
54e8823b AJ	107	.br
	108	The Squid FAQ wiki
	109	.if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq
	110	.br
	111	The Squid Configuration Manual
	112	.if !'po4a'hide' http://www.squid-cache.org/Doc/config/