]>
Commit | Line | Data |
---|---|---|
54e8823b AJ |
1 | .if !'po4a'hide' .TH digest_file_auth 8 |
2 | . | |
2cd86812 | 3 | .SH NAME |
54e8823b AJ |
4 | .if !'po4a'hide' .B digest_file_auth |
5 | .if !'po4a'hide' \- | |
6 | File based digest authentication helper for Squid. | |
2cd86812 | 7 | .PP |
6cb2818d | 8 | Version 1.1 |
54e8823b AJ |
9 | . |
10 | .SH SYNOPSIS | |
11 | .if !'po4a'hide' .B digest_file_auth | |
12 | .if !'po4a'hide' .B [\-c] | |
13 | file | |
14 | . | |
15 | .SH DESCRIPTION | |
16 | .B digest_file_auth | |
17 | is an installed binary authentication program for Squid. It handles digest | |
18 | authentication protocol and authenticates against a text file backend. | |
19 | . | |
6cb2818d AJ |
20 | This program will automatically detect the existence of a concurrecy channel-ID and adjust appropriately. |
21 | It may be used with any value 0 or above for the auth_param children concurrency= parameter. | |
22 | . | |
54e8823b AJ |
23 | .SH OPTIONS |
24 | .if !'po4a'hide' .TP 12 | |
25 | .if !'po4a'hide' .B \-c | |
26 | Accept digest hashed passwords rather than plaintext in the password file | |
27 | . | |
28 | .SH CONFIGURATION | |
29 | .PP | |
30 | Username database file format: | |
31 | .TP 6 | |
32 | - comment lines are possible and should start with a '#'; | |
33 | . | |
34 | .TP | |
35 | - empty or blank lines are possible; | |
36 | . | |
37 | .TP | |
38 | - plaintext entry format is username:password | |
39 | . | |
40 | .TP | |
41 | - HA1 entry format is username:realm:HA1 | |
42 | . | |
43 | .PP | |
44 | To build a directory integrated backend, you need to be able to | |
45 | calculate the HA1 returned to squid. To avoid storing a plaintext | |
46 | password you can calculate | |
47 | .B MD5(username:realm:password) | |
48 | when the user changes their password, and store the tuple | |
49 | .B username:realm:HA1. | |
50 | then find the matching | |
51 | .B username:realm | |
52 | when squid asks for the HA1. | |
53 | .PP | |
54 | This implementation could be improved by using such a triple for | |
55 | the file format. However storing such a triple does little to | |
56 | improve security: If compromised the | |
57 | .B username:realm:HA1 | |
58 | combination is "plaintext equivalent" - for the purposes of digest authentication | |
59 | they allow the user access. Password syncronisation is not tackled | |
60 | by digest - just preventing on the wire compromise. | |
61 | . | |
62 | .SH AUTHOR | |
63 | This program was written by | |
64 | .if !'po4a'hide' .I Robert Collins <robertc@squid-cache.org> | |
65 | .PP | |
66 | Based on prior work by | |
67 | .if !'po4a'hide' .I Arjan de Vet <Arjan.deVet@adv.iae.nl> | |
68 | .if !'po4a.hide' .I Jon Thackray <jrmt@uk.gdscorp.com> | |
69 | .PP | |
70 | This manual was written by | |
71 | .if !'po4a'hide' .I Robert Collins <robertc@squid-cache.org> | |
2da9607e | 72 | .if !'po4a'hide' .I Amos Jeffries <amosjeffries@squid-cache.org> |
54e8823b AJ |
73 | . |
74 | .SH COPYRIGHT | |
ca02e0ec AJ |
75 | .PP |
76 | * Copyright (C) 1996-2014 The Squid Software Foundation and contributors | |
77 | * | |
78 | * Squid software is distributed under GPLv2+ license and includes | |
79 | * contributions from numerous individuals and organizations. | |
80 | * Please see the COPYING and CONTRIBUTORS files for details. | |
81 | .PP | |
54e8823b AJ |
82 | This program and documentation is copyright to the authors named above. |
83 | .PP | |
84 | Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+). | |
85 | . | |
86 | .SH QUESTIONS | |
87 | Questions on the usage of this program can be sent to the | |
88 | .I Squid Users mailing list | |
89 | .if !'po4a'hide' <squid-users@squid-cache.org> | |
90 | . | |
91 | .SH REPORTING BUGS | |
92 | Bug reports need to be made in English. | |
93 | See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. | |
94 | .PP | |
95 | Report bugs or bug fixes using http://bugs.squid-cache.org/ | |
96 | .PP | |
97 | Report serious security bugs to | |
98 | .I Squid Bugs <squid-bugs@squid-cache.org> | |
99 | .PP | |
100 | Report ideas for new improvements to the | |
101 | .I Squid Developers mailing list | |
102 | .if !'po4a'hide' <squid-dev@squid-cache.org> | |
103 | . | |
104 | .SH SEE ALSO | |
6d5cbee6 AJ |
105 | .if !'po4a'hide' .BR squid "(8), " |
106 | .if !'po4a'hide' .BR GPL "(7), " | |
54e8823b AJ |
107 | .br |
108 | The Squid FAQ wiki | |
109 | .if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq | |
110 | .br | |
111 | The Squid Configuration Manual | |
112 | .if !'po4a'hide' http://www.squid-cache.org/Doc/config/ |