]>
Commit | Line | Data |
---|---|---|
54e8823b AJ |
1 | .if !'po4a'hide' .TH digest_file_auth 8 |
2 | . | |
2cd86812 | 3 | .SH NAME |
d632afde | 4 | digest_file_auth \- File based digest authentication helper for Squid. |
2cd86812 | 5 | .PP |
6cb2818d | 6 | Version 1.1 |
54e8823b AJ |
7 | . |
8 | .SH SYNOPSIS | |
9 | .if !'po4a'hide' .B digest_file_auth | |
10 | .if !'po4a'hide' .B [\-c] | |
11 | file | |
12 | . | |
13 | .SH DESCRIPTION | |
14 | .B digest_file_auth | |
15 | is an installed binary authentication program for Squid. It handles digest | |
16 | authentication protocol and authenticates against a text file backend. | |
17 | . | |
2b61af8e | 18 | This program will automatically detect the existence of a concurrency channel-ID and adjust appropriately. |
6cb2818d AJ |
19 | It may be used with any value 0 or above for the auth_param children concurrency= parameter. |
20 | . | |
54e8823b AJ |
21 | .SH OPTIONS |
22 | .if !'po4a'hide' .TP 12 | |
23 | .if !'po4a'hide' .B \-c | |
24 | Accept digest hashed passwords rather than plaintext in the password file | |
25 | . | |
26 | .SH CONFIGURATION | |
27 | .PP | |
28 | Username database file format: | |
29 | .TP 6 | |
30 | - comment lines are possible and should start with a '#'; | |
31 | . | |
32 | .TP | |
33 | - empty or blank lines are possible; | |
34 | . | |
35 | .TP | |
36 | - plaintext entry format is username:password | |
37 | . | |
38 | .TP | |
39 | - HA1 entry format is username:realm:HA1 | |
40 | . | |
41 | .PP | |
42 | To build a directory integrated backend, you need to be able to | |
43 | calculate the HA1 returned to squid. To avoid storing a plaintext | |
44 | password you can calculate | |
45 | .B MD5(username:realm:password) | |
46 | when the user changes their password, and store the tuple | |
47 | .B username:realm:HA1. | |
48 | then find the matching | |
49 | .B username:realm | |
50 | when squid asks for the HA1. | |
51 | .PP | |
52 | This implementation could be improved by using such a triple for | |
53 | the file format. However storing such a triple does little to | |
54 | improve security: If compromised the | |
55 | .B username:realm:HA1 | |
56 | combination is "plaintext equivalent" - for the purposes of digest authentication | |
2b61af8e | 57 | they allow the user access. Password synchronization is not tackled |
54e8823b AJ |
58 | by digest - just preventing on the wire compromise. |
59 | . | |
60 | .SH AUTHOR | |
61 | This program was written by | |
62 | .if !'po4a'hide' .I Robert Collins <robertc@squid-cache.org> | |
63 | .PP | |
64 | Based on prior work by | |
65 | .if !'po4a'hide' .I Arjan de Vet <Arjan.deVet@adv.iae.nl> | |
66 | .if !'po4a.hide' .I Jon Thackray <jrmt@uk.gdscorp.com> | |
67 | .PP | |
68 | This manual was written by | |
69 | .if !'po4a'hide' .I Robert Collins <robertc@squid-cache.org> | |
2da9607e | 70 | .if !'po4a'hide' .I Amos Jeffries <amosjeffries@squid-cache.org> |
54e8823b AJ |
71 | . |
72 | .SH COPYRIGHT | |
ca02e0ec | 73 | .PP |
5b74111a | 74 | * Copyright (C) 1996-2018 The Squid Software Foundation and contributors |
ca02e0ec AJ |
75 | * |
76 | * Squid software is distributed under GPLv2+ license and includes | |
77 | * contributions from numerous individuals and organizations. | |
78 | * Please see the COPYING and CONTRIBUTORS files for details. | |
79 | .PP | |
54e8823b AJ |
80 | This program and documentation is copyright to the authors named above. |
81 | .PP | |
82 | Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+). | |
83 | . | |
84 | .SH QUESTIONS | |
85 | Questions on the usage of this program can be sent to the | |
86 | .I Squid Users mailing list | |
8311b837 | 87 | .if !'po4a'hide' <squid-users@lists.squid-cache.org> |
54e8823b AJ |
88 | . |
89 | .SH REPORTING BUGS | |
90 | Bug reports need to be made in English. | |
91 | See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. | |
92 | .PP | |
93 | Report bugs or bug fixes using http://bugs.squid-cache.org/ | |
94 | .PP | |
95 | Report serious security bugs to | |
8311b837 | 96 | .I Squid Bugs <squid-bugs@lists.squid-cache.org> |
54e8823b AJ |
97 | .PP |
98 | Report ideas for new improvements to the | |
99 | .I Squid Developers mailing list | |
8311b837 | 100 | .if !'po4a'hide' <squid-dev@lists.squid-cache.org> |
54e8823b AJ |
101 | . |
102 | .SH SEE ALSO | |
6d5cbee6 AJ |
103 | .if !'po4a'hide' .BR squid "(8), " |
104 | .if !'po4a'hide' .BR GPL "(7), " | |
54e8823b AJ |
105 | .br |
106 | The Squid FAQ wiki | |
107 | .if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq | |
108 | .br | |
109 | The Squid Configuration Manual | |
110 | .if !'po4a'hide' http://www.squid-cache.org/Doc/config/ |