Re: Digest authentication with LDAP backend

From: Guilherme Buonfiglio de Castro Monteiro <>
Date: Thu, 07 Apr 2005 18:27:14 -0300

Hi Henrik,

Ruy Oliveira helped me debuging the program. Return was ok, but there
was some perl errors at my code. After some cleanup (by Ruy) it finally
worked, and it really doesn't the "encode_base64".
As I am not a experienced perl programmer, and running it from command
line give me apparently the right results, it was driving me crazy... :-)
I will now do some implementations at it to release the first version.
By the way, only returning the ha1 is fine.

Best Regards,
Guilherme Monteiro

Henrik Nordstrom escreveu:
> On Thu, 17 Mar 2005, Guilherme Buonfiglio de Castro Monteiro wrote:
>> Hi,
>> I'm developing a perl digest authentication program that uses LDAP as
>> backend.
>> It's near completion but I'm needing help with HHA1 return to Squid.
>> First I will explain what I'm doing:
>> 1) I'm creating a new Ldap ObjectClass that has uid/digestInfo/ha1
>> 2) digestInfo is join(":",$username,$realm)
>> ha1 is md5_hex( join(":",$username,$realm,$password));
>> 3) So for username:realm:password I have
>> digestInfo=username:realm
>> ha1=66999343281b2624585fd58cc9d36dfc
>> 4) My program should receive "a line containing "username":"realm" and
>> replies with the appropriate H(A1) value base64 encoded or ERR if the
>> user (or his H(A1) hash) does not exists." (this was extracted from
>> squid.conf for auth_param digest).
>> Actually it's receiving it. :-)
>> 5) Then I issue a ldapsearch (digestInfo=".$digestInfo") and read the
>> attribute ha1
>> 6) Then I return $hha1 = encode_base64($ha1); I know that I'm
>> missing the point at this moment!!!
> You need to print the result.
>> I know ha1 is correct. I've already compared with results from apache
>> htdigest program. But what Squid want's is not the encode_base64($ha1).
> Squid wants the exact same format as Apache htdigest creates in the hash
> column.
> The digest_pwauth helper is a good reference as for how your helper
> should operate. By using this as reference you can easily verify that
> your helper is working correctly, as both should return the exact same
> output given the same user data (login , realm , password, input where
> appropriately)
> Regards
> Henrik
Received on Thu Apr 07 2005 - 15:28:52 MDT

This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:06 MDT