Re: [squid-users] ldap and digest on squid for windows

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Mon, 30 Jul 2007 15:49:59 +0200

On mån, 2007-07-30 at 11:14 +0200, sflour@audencia.com wrote:

> auth_param digest program c:/squid/libexec/digest_ldap_auth.exe -A
> "description" -b "DC=aude,DC=com" -D
> "Cn=administrateur,OU=Users,DC=aude,DC=com" -w "toto" -F
> sAMAccountName=%s -h 192.1.1.1
> realm AUDE

> and by exemple a user "squid" and his password "12345"
> In the description field of the user squid in the AD write AUDE:12345

Would work I think. But you should just enter the password without the
realm in the attribute. The realm is only used when working with
hashed/encrypted passwords.

If you want to enter the hashed/encrypted password then the Digest hash
can be computed with Apache htdigest or other Digest password file
maintenance tool, or even plain md5..

The Digest hash is simply MD5(username:realm:password)

On Linux:

htdigest -c /dev/tty realm AUDE
Adding password for AUDE in realm realm.
New password: [12345]
Re-type new password: [12345]
AUDE:realm:b28e76e5f5423220334007f7d20c57c0

or if you prefer

echo -n AUDE:realm:12345 | md5sum
b28e76e5f5423220334007f7d20c57c0 -

Then add the value "realm:b28e76e5f5423220334007f7d20c57c0" to the LDAP
attribute you told digest_ldap_auth to look for, and use the -e option
to digest_ldap_auth to tell it to look for hashed passwords. This is a
little more secure as the actual password is not stored, only a realm
and user unique one-way hash of it..

Regards
Henrik
Received on Mon Jul 30 2007 - 07:50:11 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Aug 01 2007 - 12:00:04 MDT