RE: [squid-users] External Authenticator help!

Thanks for your reply, Henrik.

I've written the authenticator. But the funny thing is my value does not
match the htdigest value?? I've used the md5_hex exactly as you've shown
below. Am I doing something wrong? I've tried md5_base64 as well.

My Value:
perl -e 'use Digest::MD5 qw(md5_hex); my $value = md5_hex(join(":",
"78069102","Cyber","h6VOPgOfY1")); print "$value\n";'
4c9a61f233ef81a598b2fe0ce3c3e111

HTDIGEST Value:

$htdigest -c ./me.passwd 78069102 Cyber
Adding password for Cyber in realm 78069102.
New password:
Re-type new password:
[root@hand1 kiosk]# cat me.passwd
Cyber:78069102:119661f93bbd162a101aee176dcca537

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@squid-cache.org]
Sent: 10 April 2004 12:48
To: Prash
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] External Authenticator help!

On Sat, 10 Apr 2004, Prash wrote:

> To implement this, I have to write a authenticator either (maybe in perl)
..
> say digest. Basic is easy but password is not encrypted over the wire. I'm
> thinking of storing all the user/passwords in a dbm file and have the
> authenticator read it. Time it every 15 min and keep updating the dbm
file.

Sounds good.

> For this I've set the
> auth_param digest credentialsttl 0.25 hours
> auth_param digest program /etc/squid/test/test.pl
> auth_param digest children 5
> auth_param digest realm My External Authenticator
> auth_param digest nonce_garbage_interval 5 minutes
> auth_param digest nonce_max_duration 30 minutes
> auth_param digest nonce_max_count 50
>
> Is there any simple way to achieve the above? Also I've no experience
> writing digest authenticator for squid. Can anyone give me pointers
please?

All the Digest authenticators for Squid needs to do is to return the
current HA1 Digest hash value for the user. This is the same has as
generated by the Apache htdigest command and documented in RFC2617, or in
perl speak

  use Digest::MD5 qw(md5_hex);
  my $HA1 = md5_hex( join(":", $user, $realm, $password) );

The realm must match what you have set in squid.conf auth_param digest
realm.

The exact details on the Digest authenticator helper protocol syntax is
documented in squid.conf..

Regards
Henrik
Received on Sat Apr 10 2004 - 13:20:53 MDT