[squid-users] need rspauth in digest response header

From: Deepak Rao <deepak.rao.257_at_gmail.com>
Date: Sat, 6 Feb 2010 19:56:09 +0530

Hi,

How to enable mutual authentication of both squid server and the clients?

I am using squid in reverse proxy mode and using digest
authentication. The requirement is: both client and server needs to
mutually authenticate each other on every request/response

So the REQUEST from client will be like:
GET http://squid-server/resource
Authorization: Digest username=username, realm=”realm”, nonce=ccc,
cnonce=ddd, response=H(username, password, ccc)

and on successful authentication, the squid server RESPONSE will have
the following header:
200 OK
Authentication-Info: rspauth=H(username, password, <cnonce>), nextnonce=cce

My current squid digest configuration is as follows:

auth_param digest program ~/squid_reverse_proxy/libexec/digest_pw_auth
~/squid_reverse_proxy/etc/digest_passwd
auth_param digest children 5
auth_param digest realm Squid proxy-caching web server
auth_param digest nonce_garbage_interval 5 minutes
auth_param digest nonce_max_duration 30 minutes
auth_param digest nonce_max_count 50

With this configuration, I am not getting rspauth in the response from
squid. How to fix this?
[Even nextnonce field does not get set. But when nonce_max_count is
set to 1, squid sets the nextnonce header]

Thanks,
Deepak
Received on Sat Feb 06 2010 - 14:26:17 MST

This archive was generated by hypermail 2.2.0 : Sat Feb 06 2010 - 12:00:03 MST