Search squid archive

Re: [squid-users] ssl'ing squid trafic

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Mar 15, 2005 at 03:33:35PM +0100, Henrik Nordstrom wrote:
> On Tue, 15 Mar 2005, Sergey Shepshelevich wrote:
> 
> >1. squid + digest_pw_auth. In this case we have to use HTTP digest, but at 
> >the moment
> >we are storing users' passwords in  openldap directory as _crypted_ 
> >attribute "userPassword".
> >At the same time, to use the digest authorization we have to store
> >MD5(username:realm:password), but it's difficult in our environment.
> 
> Difficult in most environments.
> 
> >Storing clear password in openldap directory also is not a case.
> 
> Unfortunately the only approach which is "future safe" wrt introducing new 
> secure authentication methods without forcing all users to change their 
> password to have the password hashes recalculated.
> 
> >Does any one know if there is any working schemas utilizing openldap + 
> >HTTP digest auth?
> 
> I have a digest auth helper querying LDAP for the hash, but as you noted 
> above this requires either Digest MD5 hashes or plain text passwords in 
> the directory..

 Do you store MD5(username:realm:password) in ldap directory ? 
 There are problem with passwords ... 

 If using MD5(username:realm:password) as userPassword other programs can't work.

 Is it possible use 'sasl2 + squid  + openldap' and one attibute 'userPassword'
 contains MD5(username:realm:password) ?

 
 I read 'Using Digest Authentication as a SASL Mechanism'
 http://www.faqs.org/rfcs/rfc2831.html

  //3.10  Storing passwords
  //Digest authentication requires that the authenticating agent (usually
  //the server) store some data derived from the user's name and password
  //in a "password file" associated with a given realm. Normally this
  //might contain pairs consisting of username and H({ username-value,
  // ":", realm-value, ":", passwd }), which is adequate to compute H(A1)
  //as described above without directly exposing the user's password.

 and can't say may be becouse inteface's digest helper and squid is not clearly for me.

 
 



Thanks,

-- 
Sergey Shepshelevich
Ulyanovsk State Technical University
NOC, System administrator

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux