Re: [squid-users] htpasswd+ncsa_auth from Henrik Nordstrom on 2003-05-29 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 29 May 2003 23:39:01 +0200

To use digest authentication you must compile support for digest
authentication into Squid.

(--enable-auth=... option. See configure --help)

Regards
Henrik

On Thursday 29 May 2003 20.14, Allen Miller wrote:
> Do I have to compile digest_pw_auth support into Squid?
>
> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@squid-cache.org]
> Sent: Thursday, May 29, 2003 8:55 AM
> To: Allen Miller
> Cc: Squid Users
> Subject: Re: [squid-users] htpasswd+ncsa_auth
>
> On Thursday 29 May 2003 15.08, Allen Miller wrote:
> > For grins, I used the -m option (force MD5 encryption) with
> > htpasswd, but I could never get authenticated using IE6.
>
> -m uses MD5 hashes which the ncsa_auth shipped with Squid-2.5 and
> earlier does not understand. For this to work you must use the
> ncsa_auth helper from Squid-3.
>
> > My goal is to allow users to change their Squid password via a
> > web interface, not be limited to 8 chars, and not to send
> > username and password info in the clear.
>
> For the first part you can use MD5 hashes (-m option to htpasswd
> and the ncsa_auth helper from Squid-3).
>
> To fulfull the second part you have to abandon the use of Basic
> HTTP authentication and switch to digest authentication which
> provides secure exchanges of the user credentials over the network.
> The Digest support in Squid-2.5.STABLE3 should be usable with most
> major browsers currently on the market.. (some small amount of
> configuration may be needed to work around browser bugs, but the
> knobs for doing so is there..), but I'd recommend using the
> digest_pw_auth helper from Squid-3 for increased security. This
> version of the helper supports storing the user passwords in HA1
> hashed format instead of plain text.
>
> Note: both the ncsa_auth and digest_pw_auth helpers from Squid-3
> works just fine with Squid-2.5. I do not recommend using Squid-3 in
> production, only these helpers from the Squid-3 distribution with a
> otherwise Squid-2.5 installation.
>
> Regards
> Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com

Received on Thu May 29 2003 - 15:49:39 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:07 MST