helpers/digest_auth/file/digest_file_auth.8

   1 .if !'po4a'hide' .TH digest_file_auth 8
   2 .
   3 .SH NAME
   4 .if !'po4a'hide' .B digest_file_auth
   5 .if !'po4a'hide' \-
   6 File based digest authentication helper for Squid.
   7 .PP
   8 Version 1.1
   9 .
  10 .SH SYNOPSIS
  11 .if !'po4a'hide' .B digest_file_auth
  12 .if !'po4a'hide' .B [\-c]
  13 file
  14 .
  15 .SH DESCRIPTION
  16 .B digest_file_auth
  17 is an installed binary authentication program for Squid. It handles digest
  18 authentication protocol and authenticates against a text file backend.
  19 .
  20 This program will automatically detect the existence of a concurrecy channel-ID and adjust appropriately.
  21 It may be used with any value 0 or above for the auth_param children concurrency= parameter.
  22 .
  23 .SH OPTIONS
  24 .if !'po4a'hide' .TP 12
  25 .if !'po4a'hide' .B \-c
  26 Accept digest hashed passwords rather than plaintext in the password file
  27 .
  28 .SH CONFIGURATION
  29 .PP
  30 Username database file format:
  31 .TP 6
  32 - comment lines are possible and should start with a '#';
  33 .
  34 .TP
  35 - empty or blank lines are possible;
  36 .
  37 .TP
  38 - plaintext entry format is username:password
  39 .
  40 .TP
  41 - HA1 entry format is username:realm:HA1
  42 .
  43 .PP
  44 To build a directory integrated backend, you need to be able to
  45 calculate the HA1 returned to squid. To avoid storing a plaintext
  46 password you can calculate
  47 .B MD5(username:realm:password)
  48 when the user changes their password, and store the tuple
  49 .B username:realm:HA1.
  50 then find the matching
  51 .B username:realm
  52 when squid asks for the HA1.
  53 .PP
  54 This implementation could be improved by using such a triple for
  55 the file format.  However storing such a triple does little to
  56 improve security: If compromised the
  57 .B username:realm:HA1
  58 combination is "plaintext equivalent" - for the purposes of digest authentication
  59 they allow the user access. Password syncronisation is not tackled
  60 by digest - just preventing on the wire compromise.
  61 .
  62 .SH AUTHOR
  63 This program was written by
  64 .if !'po4a'hide' .I Robert Collins <robertc@squid-cache.org>
  65 .PP
  66 Based on prior work by
  67 .if !'po4a'hide' .I Arjan de Vet <Arjan.deVet@adv.iae.nl>
  68 .if !'po4a.hide' .I Jon Thackray <jrmt@uk.gdscorp.com>
  69 .PP
  70 This manual was written by
  71 .if !'po4a'hide' .I Robert Collins <robertc@squid-cache.org>
  72 .if !'po4a'hide' .I Amos Jeffries <amosjeffries@squid-cache.org>
  73 .
  74 .SH COPYRIGHT
  75 This program and documentation is copyright to the authors named above.
  76 .PP
  77 Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
  78 .
  79 .SH QUESTIONS
  80 Questions on the usage of this program can be sent to the
  81 .I Squid Users mailing list
  82 .if !'po4a'hide' <squid-users@squid-cache.org>
  83 .
  84 .SH REPORTING BUGS
  85 Bug reports need to be made in English.
  86 See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
  87 .PP
  88 Report bugs or bug fixes using http://bugs.squid-cache.org/
  89 .PP
  90 Report serious security bugs to
  91 .I Squid Bugs <squid-bugs@squid-cache.org>
  92 .PP
  93 Report ideas for new improvements to the
  94 .I Squid Developers mailing list
  95 .if !'po4a'hide' <squid-dev@squid-cache.org>
  96 .
  97 .SH SEE ALSO
  98 .if !'po4a'hide' .BR squid "(8), "
  99 .if !'po4a'hide' .BR GPL "(7), "
 100 .br
 101 The Squid FAQ wiki
 102 .if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq
 103 .br
 104 The Squid Configuration Manual
 105 .if !'po4a'hide' http://www.squid-cache.org/Doc/config/