digest_file_auth - File based digest authentication helper for Squid. Version 1.1
digest_file_auth [-c] file
digest_file_auth(8) System Manager's Manual digest_file_auth(8)
NAME
digest_file_auth - File based digest authentication helper for Squid.
Version 1.1
SYNOPSIS
digest_file_auth [-c] file
DESCRIPTION
digest_file_auth is an installed binary authentication program for
Squid. It handles digest authentication protocol and authenticates
against a text file backend. This program will automatically detect
the existence of a concurrency channel-ID and adjust appropriately. It
may be used with any value 0 or above for the auth_param children con-
currency= parameter.
OPTIONS
-c Accept digest hashed passwords rather than plaintext in the
password file
CONFIGURATION
Username database file format:
- comment lines are possible and should start with a '#';
- empty or blank lines are possible;
- plaintext entry format is username:password
- HA1 entry format is username:realm:HA1
To build a directory integrated backend, you need to be able to calcu-
late the HA1 returned to squid. To avoid storing a plaintext password
you can calculate MD5(username:realm:password) when the user changes
their password, and store the tuple username:realm:HA1. then find the
matching username:realm when squid asks for the HA1.
This implementation could be improved by using such a triple for the
file format. However storing such a triple does little to improve
security: If compromised the username:realm:HA1 combination is "plain-
text equivalent" - for the purposes of digest authentication they allow
the user access. Password synchronization is not tackled by digest -
just preventing on the wire compromise.
AUTHOR
This program was written by Robert Collins <robertc@squid-cache.org>
Based on prior work by Arjan de Vet <Arjan.deVet@adv.iae.nl>
This manual was written by Robert Collins <robertc@squid-cache.org>
Amos Jeffries <amosjeffries@squid-cache.org>
COPYRIGHT
* Copyright (C) 1996-2021 The Squid Software Foundation and contribu-
tors
*
* Squid software is distributed under GPLv2+ license and includes
* contributions from numerous individuals and organizations.
* Please see the COPYING and CONTRIBUTORS files for details.
This program and documentation is copyright to the authors named above.
Distributed under the GNU General Public License (GNU GPL) version 2 or
later (GPLv2+).
QUESTIONS
Questions on the usage of this program can be sent to the Squid Users
mailing list <squid-users@lists.squid-cache.org>
REPORTING BUGS
Bug reports need to be made in English. See http://wiki.squid-
cache.org/SquidFaq/BugReporting for details of what you need to include
with your bug report.
Report bugs or bug fixes using http://bugs.squid-cache.org/
Report serious security bugs to Squid Bugs <squid-bugs@lists.squid-
cache.org>
Report ideas for new improvements to the Squid Developers mailing list
<squid-dev@lists.squid-cache.org>
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
+---------------+------------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+------------------+
|Availability | web/proxy/squid |
+---------------+------------------+
|Stability | Uncommitted |
+---------------+------------------+
SEE ALSO
squid(8), GPL(7),
The Squid FAQ wiki http://wiki.squid-cache.org/SquidFaq
The Squid Configuration Manual http://www.squid-cache.org/Doc/config/
NOTES
Source code for open source software components in Oracle Solaris can
be found at https://www.oracle.com/downloads/opensource/solaris-source-
code-downloads.html.
This software was built from source available at
https://github.com/oracle/solaris-userland. The original community
source was downloaded from http://www.squid-cache.org/Ver-
sions/v4/squid-4.15.tar.xz.
Further information about this software can be found on the open source
community website at http://www.squid-cache.org/.
digest_file_auth(8)