Hi!
Henrik Nordstrom escribió:
> On tor, 2008-06-19 at 15:49 -0430, Edward Ortega wrote:
>
>> Hi!
>>
>> I've a problem with authentication ldap on squid3 using digest, i'm
>> using Squid Cache: Version 3.0.PRE5 on Debian ia64 :
>>
>> # /usr/lib/squid3/digest_ldap_auth -v 3 -b 'dc=something,dc=com' -F
>> '(&(objectclass=posixAccount)(uid=%s))' -H 'ldap://ldap' -A
>> 'userPassword' -l -e -d
>> someuser somepassword
>> ERR
>>
>> Any help would be appreciated, thanks!
>>
>
> Digest helpers expect a different input.
>
> "username":"realm"<enter>
> (with the quotes)
>
> Additionally userPassword is usually write-only in most LDAP trees for
> security reasons, and practically never contains a Digest H(A1) hash (-e
> option).
>
> The job of a digest helper is to return the Digest H(A1) hash for a
> given username + realm combination. This can be based on either
> plaintext passwords or precalculated digest H(A1) hashes stored in the
> backend..
>
> H(A1) is MD5(username + ":" + realm + ":" + password)
>
>
Ok, i store on the '*street*' attribute something like you said (
MD5(username + ":" + realm + ":" + password) ), have i to store the
"realm" argument on other attribute to squid understand the hash?
#/usr/lib/squid3/digest_ldap_auth -v 3 -b 'dc=something,dc=com' -F
'(&(objectclass=posixAccount)(uid=%s))' -H 'ldap://ldap' -A '*street*'
-l -d
> Regards
> Henrik
>
Thanks agains
Received on Wed Jul 02 2008 - 19:22:39 MDT
This archive was generated by hypermail 2.2.0 : Thu Jul 03 2008 - 12:00:02 MDT