Re: [squid-users] squid + digest ldap + password

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 27 May 2011 04:46:42 +1200

On 27/05/11 04:00, Maximiliano de Mattos wrote:
> thanks Amos!
>
> Now, i try with squid v3, if i remember ok i think i saw a post on
> that this version can manage hashed pwds... but now i can't find them
> :(

I recall we added it for the Basic auth DB helper. But there is almost
no change to the Digest since 2.7. Just some logic bugs.

> In other way i thinking to implement a helper thats make these
> autentication (taking user + password in clear text as parameters) and
> if this is correct, return to digest the result of MD5(user:realm:pwd
> in clear text mode)... or ERR in other case...

Think carefully. If the helper is for Squid the data it gets given is
straight off the wire.
Doing plain-text over the wire (Basic auth) then converting to Digest
for the final step once it is already inside secure areas is a bit late.

A Digest helper or update which uses some secure but reversible encrypt
for storage in LDAP would be very welcome.

Or even a digest helper which decrypts MD5 hash using the realm and
username Squid knows about. To recover the attempted password, do SSHA
on it and compare it against the SSHA stored real one.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.12
   Beta testers wanted for 3.2.0.7 and 3.1.12.1
Received on Thu May 26 2011 - 16:46:49 MDT

This archive was generated by hypermail 2.2.0 : Thu May 26 2011 - 12:00:03 MDT