Re: [squid-users] ldap_auth from Chris Riggins on 2008-06-02 (squid-users)

From: Chris Riggins <criggins_at_gmail.com>
Date: Mon, 2 Jun 2008 15:19:09 -0400

Sorry, it never matches when I do it. eg.

(0)[slash]/opt/home/p36wk $ echo -n "p36wk:Realm:passw0rd" | md5sum
3acaf7548c911426be232de30c802233 -

$ /opt/apache/bin/htdigest -c passwd.htdigest p36wk Realm
Adding password for Realm in realm p36wk.
New password: [passw0rd]
Re-type new password: [passw0rd]
(0)[slash]/opt/home/p36wk $ cat passwd.htdigest
Realm:p36wk:828cadb12e66abf15ed07a7db267d3ea

My squid 3.0.5 proxy is running on Solaris 9, & the above test
was done on Solaris 10. The md5sum results don't match on either
machine.

I also tested the unchanged htdigest output file as the input to
digest_pw_auth under 3.0.5, and it fails to work.

I agree the digest_ldap_auth attribute value is somewhat
different. I'll have to login to my testing lab to double-check the
format I used.

Chris

On Mon, Jun 2, 2008 at 1:46 PM, Henrik Nordstrom
<henrik_at_henriknordstrom.net> wrote:
> On mån, 2008-06-02 at 10:10 -0400, Chris Riggins wrote:
>> I found that the method below did not work, actually. I still
>> have not figured out just how Apache's "htdigest" is joining the
>> several inputs to create the md5 hash, but it isn't
>> "user:realm:password" | md5sum.
>
> It is the same. Try again..
>
> $ echo -n "henrik:Squid HTTP Proxy:testing" | md5sum
> e07afc91b0cfe99ff7a3630d6f34db62 -
>
> $ htdigest -c test.pwd "Squid HTTP Proxy" henrik
> Adding password for henrik in realm Squid HTTP Proxy.
> New password: [testing]
> Re-type new password: [testing]
> $ cat test.pwd
> henrik:Squid HTTP Proxy:e07afc91b0cfe99ff7a3630d6f34db62
>
>
> The following perl snippet also does the same thing:
>
> #!/usr/bin/perl
>
> use Digest::MD5 qw(md5_hex);
>
> if (@ARGV != 3) {
> die("usage: user realm password\n");
> }
>
> print md5_hex(join(":", @ARGV))."\n";
>
>> I finally got digest auth to work by doing the following (the
>> "-c" creates the passwd file):
>>
>> # htdigest -c <passwd_file> <realm> <username>
>>
>> which requested a password. I provided it twice, and it generated the
>> following line in the file:
>>
>> <username>:<realm>:md5-hash
>>
>> Now that format isn't usable by squid
>
> It is. Squid digest_pw_auth accepts both username:hash and
> username:realm:hash, with the Apache format preferred.
>
> In the LDAP directory the format is slightly different however as the
> data is there stored within the user object, and Squid expecting
> realm:hash in the LDAP attribute.
>
> Regards
> Henrik
>
Received on Mon Jun 02 2008 - 19:19:13 MDT

This archive was generated by hypermail 2.2.0 : Tue Jun 03 2008 - 12:00:02 MDT