Ach! It should come as no surprise that Mr. Nordstrom is
absolutely correct in all regards. My "echo" shell built-in doesn't
support the "-n". If you also have this problem, try using "printf",
eg.
# printf "<username>:<realm>:<password> | md5sum | cut -d\ -f1
to generate the hashed password.
Mr. Nordstrom is also correct on the formatting of the digest
password file. Either of the following work:
<username>:<md5-hash>
<username>:<realm>:<md5-hash>
which means that the output from "htdigest" will work as-is. I was
supplying the parameters to "htdigest" in the wrong order.
I apologize for sowing confusion!
Back to the topic: ldap_digest_auth:
I use the "iplanetReversiblePassword" attribute to store the
realm & password hash, eg.
iplanetReversiblePassword: <realm>:<md5-hash>
the hash can be the one generated with the previous command or the
htdigest. I use the following to harvest this from LDAP (yes, this is
an older style LDAP tree, but it works equally well under the newer
tree schemes):
auth_param digest program
/opt/webproxy/squid3.0.5/libexec/digest_ldap_auth -b
"ou=nsPeople,o=<domain>,c=us" -u "uid" -A "iplanetReversiblePassword"
-e -v 3 -h localhost
Many thanks to Mr. Nordstrom for keeping me straight!
Regards,
Chris
