On mån, 2007-07-30 at 11:14 +0200, sflour@audencia.com wrote:
> auth_param digest program c:/squid/libexec/digest_ldap_auth.exe -A
> "description" -b "DC=aude,DC=com" -D
> "Cn=administrateur,OU=Users,DC=aude,DC=com" -w "toto" -F
> sAMAccountName=%s -h 192.1.1.1
> realm AUDE
> and by exemple a user "squid" and his password "12345"
> In the description field of the user squid in the AD write AUDE:12345
Would work I think. But you should just enter the password without the
realm in the attribute. The realm is only used when working with
hashed/encrypted passwords.
If you want to enter the hashed/encrypted password then the Digest hash
can be computed with Apache htdigest or other Digest password file
maintenance tool, or even plain md5..
The Digest hash is simply MD5(username:realm:password)
On Linux:
htdigest -c /dev/tty realm AUDE
Adding password for AUDE in realm realm.
New password: [12345]
Re-type new password: [12345]
AUDE:realm:b28e76e5f5423220334007f7d20c57c0
or if you prefer
echo -n AUDE:realm:12345 | md5sum
b28e76e5f5423220334007f7d20c57c0 -
Then add the value "realm:b28e76e5f5423220334007f7d20c57c0" to the LDAP
attribute you told digest_ldap_auth to look for, and use the -e option
to digest_ldap_auth to tell it to look for hashed passwords. This is a
little more secure as the actual password is not stored, only a realm
and user unique one-way hash of it..
Regards
Henrik
Received on Mon Jul 30 2007 - 07:50:11 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Aug 01 2007 - 12:00:04 MDT