Re: [squid-users] Squid3 Authentication digest ldap problema

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 20 Jun 2008 15:58:38 +1200

Henrik Nordstrom wrote:
> On tor, 2008-06-19 at 15:49 -0430, Edward Ortega wrote:
>> Hi!
>>
>> I've a problem with authentication ldap on squid3 using digest, i'm
>> using Squid Cache: Version 3.0.PRE5 on Debian ia64 :
>>
>> # /usr/lib/squid3/digest_ldap_auth -v 3 -b 'dc=something,dc=com' -F
>> '(&(objectclass=posixAccount)(uid=%s))' -H 'ldap://ldap' -A
>> 'userPassword' -l -e -d
>> someuser somepassword
>> ERR
>>
>> Any help would be appreciated, thanks!
>
> Digest helpers expect a different input.
>
> "username":"realm"<enter>
> (with the quotes)
>
> Additionally userPassword is usually write-only in most LDAP trees for
> security reasons, and practically never contains a Digest H(A1) hash (-e
> option).
>
> The job of a digest helper is to return the Digest H(A1) hash for a
> given username + realm combination. This can be based on either
> plaintext passwords or precalculated digest H(A1) hashes stored in the
> backend..
>
> H(A1) is MD5(username + ":" + realm + ":" + password)
>
> Regards
> Henrik

Also, the Debian sid repositories provide a much more recent and
Production-ready release of 3.0.
I'd really recommend using STABLE6 if you need it now, STABLE7 when it
gets there.

Amos

-- 
Please use Squid 2.7.STABLE2 or 3.0.STABLE6
Received on Fri Jun 20 2008 - 03:58:42 MDT

This archive was generated by hypermail 2.2.0 : Fri Jun 20 2008 - 12:00:04 MDT