Re: [squid-users] Digest Authentication

From: Glenn Baptista <glenn@dont-contact.us>
Date: Tue, 14 Dec 2004 11:49:56 +0530

Hello Henrik,

Thanks very much for your help. I was not successful in being able to do
digest authentication. Following are details of what I did. Can you
please help me overcome the problem which is reported by squid as a
'Parsing error'

.[root@rnd2 sbin]# ./squid
2004/12/14 11:10:34| Parsing Config File: Unknown authentication scheme
'digest'.
2004/12/14 11:10:34| Parsing Config File: Unknown authentication scheme
'digest'.
2004/12/14 11:10:34| Parsing Config File: Unknown authentication scheme
'digest'.
2004/12/14 11:10:34| Parsing Config File: Unknown authentication scheme
'digest'.
2004/12/14 11:10:34| Parsing Config File: Unknown authentication scheme
'digest'.

Following is how I went about the exercise.
I got the Squid 2.5 Stable 7 source and made it using the following
commands. The output is also pasted for your convenience.

I look forward to hearing from you.

Warm regards

Glenn Baptista

1. CONFIGURING THE MAKEFILE
./configure --enable-digest-auth-helpers

RELEVANT OUTPUT FROM CONFIGURE
....
creating helpers/digest_auth/Makefile
creating helpers/digest_auth/password/Makefile
....

2. MAKE ALL
./make all

RELEVANT OUTPUT FROM MAKE ALL
Making install in digest_auth
make[2]: Entering directory
`/root/temp/squid-2.5.STABLE7/helpers/digest_auth'
Making install in password
make[3]: Entering directory
`/root/temp/squid-2.5.STABLE7/helpers/digest_auth/password'
make[4]: Entering directory
`/root/temp/squid-2.5.STABLE7/helpers/digest_auth/password'
/bin/sh ../../../cfgaux/mkinstalldirs /usr/local/squid/libexec
/usr/bin/install -c digest_pw_auth /usr/local/squid/libexec/digest_pw_auth
make[4]: Nothing to be done for `install-data-am'.
make[4]: Leaving directory
`/root/temp/squid-2.5.STABLE7/helpers/digest_auth/password'
make[3]: Leaving directory
`/root/temp/squid-2.5.STABLE7/helpers/digest_auth/password'
make[3]: Entering directory
`/root/temp/squid-2.5.STABLE7/helpers/digest_auth'
make[4]: Entering directory
`/root/temp/squid-2.5.STABLE7/helpers/digest_auth'
make[4]: Nothing to be done for `install-exec-am'.
make[4]: Nothing to be done for `install-data-am'.
make[4]: Leaving directory
`/root/temp/squid-2.5.STABLE7/helpers/digest_auth'
make[3]: Leaving directory
`/root/temp/squid-2.5.STABLE7/helpers/digest_auth'
make[2]: Leaving directory
`/root/temp/squid-2.5.STABLE7/helpers/digest_auth'
Making install in external_acl
make[2]: Entering directory
`/root/temp/squid-2.5.STABLE7/helpers/external_acl'
make[3]: Entering directory
`/root/temp/squid-2.5.STABLE7/helpers/external_acl'
make[4]: Entering directory
`/root/temp/squid-2.5.STABLE7/helpers/external_acl'
make[4]: Nothing to be done for `install-exec-am'.
make[4]: Nothing to be done for `install-data-am'.
make[4]: Leaving directory
`/root/temp/squid-2.5.STABLE7/helpers/external_acl'
make[3]: Leaving directory
`/root/temp/squid-2.5.STABLE7/helpers/external_acl'
make[2]: Leaving directory
`/root/temp/squid-2.5.STABLE7/helpers/external_acl'
make[2]: Entering directory `/root/temp/squid-2.5.STABLE7/helpers'
make[3]: Entering directory `/root/temp/squid-2.5.STABLE7/helpers'
make[3]: Nothing to be done for `install-exec-am'.
make[3]: Nothing to be done for `install-data-am'.
make[3]: Leaving directory `/root/temp/squid-2.5.STABLE7/helpers'
make[2]: Leaving directory `/root/temp/squid-2.5.STABLE7/helpers'
make[1]: Leaving directory `/root/temp/squid-2.5.STABLE7/helpers'
make[1]: Entering directory `/root/temp/squid-2.5.STABLE7'
make[2]: Entering directory `/root/temp/squid-2.5.STABLE7'
make[2]: Nothing to be done for `install-exec-am'.
make[2]: Nothing to be done for `install-data-am'.
make[2]: Leaving directory `/root/temp/squid-2.5.STABLE7'
make[1]: Leaving directory `/root/temp/squid-2.5.STABLE7'

3. MAKE INSTALL
./make install

RESULT
Copies the file 'digest_pw_auth' into the /usr/local/squid/libexec
directory.

SQUID CONFIGURATION
Added the relevant configuration to the squid.conf file

auth_param digest program /usr/local/squid/libexec/digest_pw_auth
/usr/local/squid/etc/passwd
auth_param digest children 5
auth_param digest realm Squid proxy-caching web server
auth_param digest credentialsttl 2 hours
auth_param digest casesensitive off

ERROR OUTPUT OF SQUID
.[root@rnd2 sbin]# ./squid
2004/12/14 11:10:34| Parsing Config File: Unknown authentication scheme
'digest'.
2004/12/14 11:10:34| Parsing Config File: Unknown authentication scheme
'digest'.
2004/12/14 11:10:34| Parsing Config File: Unknown authentication scheme
'digest'.
2004/12/14 11:10:34| Parsing Config File: Unknown authentication scheme
'digest'.
2004/12/14 11:10:34| Parsing Config File: Unknown authentication scheme
'digest'.

Henrik Nordstrom wrote:

> On Tue, 7 Dec 2004, Glenn Baptista wrote:
>
>> Is digest authentication is possible in the following environment.
>> 1. We are using squid version 2.5 Stable 3 on a Redhat 9 server (and
>> are happy to upgrade to any other suitable version).
>>
>> 2. We wish to authenticate using an independent DIGEST scheme; the
>> equivalent of 'ncsa_auth', because the users are not already
>> centrally authenticated. We wish to add the users and passwords to
>> the Linux box ONLY FOR SQUID; the users are not Linux OS users.
>
>
> Good. This is the only mode Squid supports.
>
>> If the answer to the above is yes, the queries are:
>> 1. What is the version of squid where this is possible?
>
>
> Squid-2.5 or later.
>
>> 2. What is the authentication program and is it part of the
>> '/usr/lib/squid/' directory or does it have to be separately compiled.
>
>
> You need to enable the digest scheme and compile the password digest
> helper.
>
>> 3. What is the name of the program which will create the password
>> file and where is it located.
>
>
> The helper shipped with Squid-2.5 uses plain text password file for
> Digest with the format
>
> login:password
>
> The helper shipped with Squid-3.0 (also works with Squid-2.5) also
> understands encrypted password files created by the htdigest program
> from Apache.
>
> Regards
> Henrik
>
Received on Mon Dec 13 2004 - 23:18:28 MST

This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:02 MST