helpers/digest_auth/file/digest_file_auth.8

   1 .if !'po4a'hide' .TH digest_file_auth 8
   2 .
   3 .SN NAME
   4 .if !'po4a'hide' .B digest_file_auth
   5 .if !'po4a'hide' \-
   6 File based digest authentication helper for Squid.
   7 ..PP
   8 Version 1.0
   9 .
  10 .SH SYNOPSIS
  11 .if !'po4a'hide' .B digest_file_auth
  12 .if !'po4a'hide' .B [\-c]
  13 file
  14 .
  15 .SH DESCRIPTION
  16 .B digest_file_auth
  17 is an installed binary authentication program for Squid. It handles digest
  18 authentication protocol and authenticates against a text file backend.
  19 .
  20 .SH OPTIONS
  21 .if !'po4a'hide' .TP 12
  22 .if !'po4a'hide' .B \-c
  23 Accept digest hashed passwords rather than plaintext in the password file
  24 .
  25 .SH CONFIGURATION
  26 .PP
  27 Username database file format:
  28 .TP 6
  29 - comment lines are possible and should start with a '#';
  30 .
  31 .TP
  32 - empty or blank lines are possible;
  33 .
  34 .TP
  35 - plaintext entry format is username:password
  36 .
  37 .TP
  38 - HA1 entry format is username:realm:HA1
  39 .
  40 .PP
  41 To build a directory integrated backend, you need to be able to
  42 calculate the HA1 returned to squid. To avoid storing a plaintext
  43 password you can calculate
  44 .B MD5(username:realm:password)
  45 when the user changes their password, and store the tuple
  46 .B username:realm:HA1.
  47 then find the matching
  48 .B username:realm
  49 when squid asks for the HA1.
  50 .PP
  51 This implementation could be improved by using such a triple for
  52 the file format.  However storing such a triple does little to
  53 improve security: If compromised the
  54 .B username:realm:HA1
  55 combination is "plaintext equivalent" - for the purposes of digest authentication
  56 they allow the user access. Password syncronisation is not tackled
  57 by digest - just preventing on the wire compromise.
  58 .
  59 .SH AUTHOR
  60 This program was written by
  61 .if !'po4a'hide' .I Robert Collins <robertc@squid-cache.org>
  62 .PP
  63 Based on prior work by
  64 .if !'po4a'hide' .I Arjan de Vet <Arjan.deVet@adv.iae.nl>
  65 .if !'po4a.hide' .I Jon Thackray <jrmt@uk.gdscorp.com>
  66 .PP
  67 This manual was written by
  68 .if !'po4a'hide' .I Robert Collins <robertc@squid-cache.org>
  69 .if !'po4a'hide' .I Amos Jeffries <squid3@treenet.co.nz>
  70 .
  71 .SH COPYRIGHT
  72 This program and documentation is copyright to the authors named above.
  73 .PP
  74 Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
  75 .
  76 .SH QUESTIONS
  77 Questions on the usage of this program can be sent to the
  78 .I Squid Users mailing list
  79 .if !'po4a'hide' <squid-users@squid-cache.org>
  80 .
  81 .SH REPORTING BUGS
  82 Bug reports need to be made in English.
  83 See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
  84 .PP
  85 Report bugs or bug fixes using http://bugs.squid-cache.org/
  86 .PP
  87 Report serious security bugs to
  88 .I Squid Bugs <squid-bugs@squid-cache.org>
  89 .PP
  90 Report ideas for new improvements to the
  91 .I Squid Developers mailing list
  92 .if !'po4a'hide' <squid-dev@squid-cache.org>
  93 .
  94 .SH SEE ALSO
  95 .if !'po4a'hide' .BR squid "(8) "
  96 .br
  97 The Squid FAQ wiki
  98 .if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq
  99 .br
 100 The Squid Configuration Manual
 101 .if !'po4a'hide' http://www.squid-cache.org/Doc/config/