Hi, the digest authentication helper protocol requires that the helper
return the encrypted digest authentication hash given the username and
realm.
The problem is, if I have 2 different realms which authenticate against the
same user credentials, if I store the credentials in a one-way encrypted
format (obviously preferable) I have to store them with the realm included
in the encryption, because I have to pass this back to squid via the helper.
In this case I would have to store a password for each realm, and could
never change the realm. Or I'm going to have to store the passwords
unencrypted so I can encrypt them with the realm in the helper.
Why not just use the same OK/ERR scheme that basic auth uses? This way the
helper can do the validation its own way without tying our hands when it
comes to situations like this?
Thanks,
David
Received on Sat Jun 05 2010 - 15:07:27 MDT
This archive was generated by hypermail 2.2.0 : Sun Jun 06 2010 - 12:00:03 MDT