Search squid archive

Re: ldap and digest on squid for windows

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On mån, 2007-07-30 at 11:14 +0200, sflour@xxxxxxxxxxxx wrote:

> auth_param digest program c:/squid/libexec/digest_ldap_auth.exe -A
> "description" -b "DC=aude,DC=com" -D
> "Cn=administrateur,OU=Users,DC=aude,DC=com" -w "toto" -F
> sAMAccountName=%s -h 192.1.1.1
> realm AUDE

> and by exemple a user  "squid" and his password "12345" 
> In the description field of the user squid in the AD write AUDE:12345

Would work I think. But you should just enter the password without the
realm in the attribute. The realm is only used when working with
hashed/encrypted passwords.

If you want to enter the hashed/encrypted password then the Digest hash
can be computed with Apache htdigest or other Digest password file
maintenance tool, or even plain md5..

The Digest hash is simply MD5(username:realm:password)

On Linux:

htdigest -c /dev/tty realm AUDE
Adding password for AUDE in realm realm.
New password: [12345]
Re-type new password: [12345]
AUDE:realm:b28e76e5f5423220334007f7d20c57c0

or if you prefer

echo -n AUDE:realm:12345 | md5sum
b28e76e5f5423220334007f7d20c57c0  -

Then add the value "realm:b28e76e5f5423220334007f7d20c57c0" to the LDAP
attribute you told digest_ldap_auth to look for, and use the -e option
to digest_ldap_auth to tell it to look for hashed passwords. This is a
little more secure as the actual password is not stored, only a realm
and user unique one-way hash of it.. 

Regards
Henrik


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux