Context Navigation

digest_file_auth.8 @ 5495

Last change on this file since 5495 was 5495, checked in by Juanma, 4 years ago
Initial release
File size: 3.4 KB

Line
1	.if !'po4a'hide' .TH digest_file_auth 8
2	.
3	.SH NAME
4	digest_file_auth \- File based digest authentication helper for Squid.
5	.PP
6	Version 1.1
7	.
8	.SH SYNOPSIS
9	.if !'po4a'hide' .B digest_file_auth
10	.if !'po4a'hide' .B [\-c]
11	file
12	.
13	.SH DESCRIPTION
14	.B digest_file_auth
15	is an installed binary authentication program for Squid. It handles digest
16	authentication protocol and authenticates against a text file backend.
17	.
18	This program will automatically detect the existence of a concurrecy channel-ID and adjust appropriately.
19	It may be used with any value 0 or above for the auth_param children concurrency= parameter.
20	.
21	.SH OPTIONS
22	.if !'po4a'hide' .TP 12
23	.if !'po4a'hide' .B \-c
24	Accept digest hashed passwords rather than plaintext in the password file
25	.
26	.SH CONFIGURATION
27	.PP
28	Username database file format:
29	.TP 6
30	- comment lines are possible and should start with a '#';
31	.
32	.TP
33	- empty or blank lines are possible;
34	.
35	.TP
36	- plaintext entry format is username:password
37	.
38	.TP
39	- HA1 entry format is username:realm:HA1
40	.
41	.PP
42	To build a directory integrated backend, you need to be able to
43	calculate the HA1 returned to squid. To avoid storing a plaintext
44	password you can calculate
45	.B MD5(username:realm:password)
46	when the user changes their password, and store the tuple
47	.B username:realm:HA1.
48	then find the matching
49	.B username:realm
50	when squid asks for the HA1.
51	.PP
52	This implementation could be improved by using such a triple for
53	the file format. However storing such a triple does little to
54	improve security: If compromised the
55	.B username:realm:HA1
56	combination is "plaintext equivalent" - for the purposes of digest authentication
57	they allow the user access. Password syncronisation is not tackled
58	by digest - just preventing on the wire compromise.
59	.
60	.SH AUTHOR
61	This program was written by
62	.if !'po4a'hide' .I Robert Collins <robertc@squid-cache.org>
63	.PP
64	Based on prior work by
65	.if !'po4a'hide' .I Arjan de Vet <Arjan.deVet@adv.iae.nl>
66	.if !'po4a.hide' .I Jon Thackray <jrmt@uk.gdscorp.com>
67	.PP
68	This manual was written by
69	.if !'po4a'hide' .I Robert Collins <robertc@squid-cache.org>
70	.if !'po4a'hide' .I Amos Jeffries <amosjeffries@squid-cache.org>
71	.
72	.SH COPYRIGHT
73	.PP
74	* Copyright (C) 1996-2015 The Squid Software Foundation and contributors
75	*
76	* Squid software is distributed under GPLv2+ license and includes
77	* contributions from numerous individuals and organizations.
78	* Please see the COPYING and CONTRIBUTORS files for details.
79	.PP
80	This program and documentation is copyright to the authors named above.
81	.PP
82	Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
83	.
84	.SH QUESTIONS
85	Questions on the usage of this program can be sent to the
86	.I Squid Users mailing list
87	.if !'po4a'hide' <squid-users@squid-cache.org>
88	.
89	.SH REPORTING BUGS
90	Bug reports need to be made in English.
91	See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
92	.PP
93	Report bugs or bug fixes using http://bugs.squid-cache.org/
94	.PP
95	Report serious security bugs to
96	.I Squid Bugs <squid-bugs@squid-cache.org>
97	.PP
98	Report ideas for new improvements to the
99	.I Squid Developers mailing list
100	.if !'po4a'hide' <squid-dev@squid-cache.org>
101	.
102	.SH SEE ALSO
103	.if !'po4a'hide' .BR squid "(8), "
104	.if !'po4a'hide' .BR GPL "(7), "
105	.br
106	The Squid FAQ wiki
107	.if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq
108	.br
109	The Squid Configuration Manual
110	.if !'po4a'hide' http://www.squid-cache.org/Doc/config/

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format