On Sunday 15 June 2003 00.21, Steven Sporen wrote:
> I'm trying to understand how the digest authentication was
> implemented within Squid, specifically how does Squid calculate the
> hash to compare to what the client sent through if the nonce value
> is changed per session?
Squid asks the helper for the HA1 value of the user+realm, then
applies the digest algorith to this per request.
> Is it possible to have squid pass through the digest
> proxy-authentication request directly to a web server which would
> perform the authentication allowing or denying access to the
> browsing through the cache? I would like to have squid authenticate
> against an IIS server.
Not easily. For this you basically have to replace the digest
implementation in Squid with a dummy layer just relaying all
authentication to the IIS server on each and every request.
What might be possible is to add in a reasonable manner is an
interface whereby the helper can query an external password source
for the MD5-sess HA1 value, or alternatively the H() part of the
MD5-sess A1 value (or MD5 HA1 value if communication is secure but
this is not recommended for security reasons). Problem is to find a
password database who is willing to give this information allowing
Squid to perform digest operations.
-- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, info@marasystems.comReceived on Sat Jun 14 2003 - 17:09:31 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:22 MST