Go to main content

man pages section 8: System Administration Commands

Exit Print View

Updated: Thursday, June 13, 2019

digest_file_auth (8)


digest_file_auth - File based digest authentication helper for Squid. Version 1.1


digest_file_auth [-c] file


digest_file_auth(8)         System Manager's Manual        digest_file_auth(8)

       digest_file_auth - File based digest authentication helper for Squid.

       Version 1.1

       digest_file_auth [-c] file

       digest_file_auth  is  an  installed  binary  authentication program for
       Squid. It handles  digest  authentication  protocol  and  authenticates
       against  a  text  file backend.  This program will automatically detect
       the existence of a concurrency channel-ID and adjust appropriately.  It
       may  be used with any value 0 or above for the auth_param children con-
       currency= parameter.

       -c          Accept digest hashed passwords rather than plaintext in the
                   password file

       Username database file format:

       - comment lines are possible and should start with a '#';

       - empty or blank lines are possible;

       - plaintext entry format is username:password

       - HA1 entry format is username:realm:HA1

       To  build a directory integrated backend, you need to be able to calcu-
       late the HA1 returned to squid. To avoid storing a  plaintext  password
       you  can  calculate  MD5(username:realm:password) when the user changes
       their password, and store the tuple username:realm:HA1.  then find  the
       matching username:realm when squid asks for the HA1.

       This  implementation  could  be improved by using such a triple for the
       file format.  However storing such a  triple  does  little  to  improve
       security:  If compromised the username:realm:HA1 combination is "plain-
       text equivalent" - for the purposes of digest authentication they allow
       the  user  access.  Password synchronization is not tackled by digest -
       just preventing on the wire compromise.

       This program was written by Robert Collins <robertc@squid-cache.org>

       Based on prior work by Arjan de Vet <Arjan.deVet@adv.iae.nl>

       This manual was written  by  Robert  Collins  <robertc@squid-cache.org>
       Amos Jeffries <amosjeffries@squid-cache.org>

        *  Copyright (C) 1996-2017 The Squid Software Foundation and contribu-
        * Squid software is distributed under GPLv2+ license and includes
        * contributions from numerous individuals and organizations.
        * Please see the COPYING and CONTRIBUTORS files for details.

       This program and documentation is copyright to the authors named above.

       Distributed under the GNU General Public License (GNU GPL) version 2 or
       later (GPLv2+).

       Questions  on  the usage of this program can be sent to the Squid Users
       mailing list <squid-users@squid-cache.org>

       Bug reports  need  to  be  made  in  English.   See  http://wiki.squid-
       cache.org/SquidFaq/BugReporting for details of what you need to include
       with your bug report.

       Report bugs or bug fixes using http://bugs.squid-cache.org/

       Report serious security bugs to Squid Bugs <squid-bugs@squid-cache.org>

       Report ideas for new improvements to the Squid Developers mailing  list

       See attributes(7) for descriptions of the following attributes:

       |Availability   | web/proxy/squid  |
       |Stability      | Uncommitted      |
       squid(8), GPL(7),
       The Squid FAQ wiki http://wiki.squid-cache.org/SquidFaq
       The Squid Configuration Manual http://www.squid-cache.org/Doc/config/

       This     software     was    built    from    source    available    at
       https://github.com/oracle/solaris-userland.   The  original   community
       source    was    downloaded    from     http://www.squid-cache.org/Ver-

       Further information about this software can be found on the open source
       community website at http://www.squid-cache.org/.