On 27/05/11 04:00, Maximiliano de Mattos wrote:
thanks Amos! Now, i try with squid v3, if i remember ok i think i saw a post on that this version can manage hashed pwds... but now i can't find them :(
I recall we added it for the Basic auth DB helper. But there is almost no change to the Digest since 2.7. Just some logic bugs.
In other way i thinking to implement a helper thats make these autentication (taking user + password in clear text as parameters) and if this is correct, return to digest the result of MD5(user:realm:pwd in clear text mode)... or ERR in other case...
Think carefully. If the helper is for Squid the data it gets given is straight off the wire. Doing plain-text over the wire (Basic auth) then converting to Digest for the final step once it is already inside secure areas is a bit late.
A Digest helper or update which uses some secure but reversible encrypt for storage in LDAP would be very welcome.
Or even a digest helper which decrypts MD5 hash using the realm and username Squid knows about. To recover the attempted password, do SSHA on it and compare it against the SSHA stored real one.
Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.7 and 3.1.12.1
