digest_file_auth - File based digest authentication helper for Squid.
Contents
Configuration
Username database file format:
- comment lines are possible and should start with a '#';
- empty or blank lines are possible;
- plaintext entry format is username:password
- HA1 entry format is username:realm:HA1
To build a directory integrated backend, you need to be able to calculate the HA1 returned to squid. To
avoid storing a plaintext password you can calculate MD5(username:realm:password) when the user changes
their password, and store the tuple username:realm:HA1. then find the matching username:realm when squid
asks for the HA1.
This implementation could be improved by using such a triple for the file format. However storing such a
triple does little to improve security: If compromised the username:realm:HA1 combination is "plaintext
equivalent" - for the purposes of digest authentication they allow the user access. Password
synchronization is not tackled by digest - just preventing on the wire compromise.
Copyright
* Copyright (C) 1996-2024 The Squid Software Foundation and contributors
*
* Squid software is distributed under GPLv2+ license and includes
* contributions from numerous individuals and organizations.
* Please see the COPYING and CONTRIBUTORS files for details.
This program and documentation is copyright to the authors named above.
Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
Description
digest_file_auth is an installed binary authentication program for Squid. It handles digest
authentication protocol and authenticates against a text file backend. This program will automatically
detect the existence of a concurrency channel-ID and adjust appropriately. It may be used with any value
0 or above for the auth_param children concurrency= parameter.
Name
digest_file_auth - File based digest authentication helper for Squid.
Version 1.1
Options
-c Accept digest hashed passwords rather than plaintext in the password file
Questions
Questions on the usage of this program can be sent to the SquidUsersmailinglist <squid-
users@lists.squid-cache.org>
Reporting Bugs
Bug reports need to be made in English. See https://wiki.squid-cache.org/SquidFaq/BugReporting for
details of what you need to include with your bug report.
Report bugs or bug fixes using https://bugs.squid-cache.org/
Report serious security bugs to SquidBugs<squid-bugs@lists.squid-cache.org>
Report ideas for new improvements to the SquidDevelopersmailinglist <squid-dev@lists.squid-cache.org>
See Also
squid(8), GPL(7), The Squid FAQ wiki https://wiki.squid-cache.org/SquidFaq The Squid Configuration Manual http://www.squid-cache.org/Doc/config/digest_file_auth(8)
Synopsis
digest_file_auth[-c] file
