Hi,
after some strange authentication issues i came across the problem of different implementions of Digest Authentication in IE on the one hand and Chrome/Firefox on the other.
The problem occurs when a user sets a password containing a german "Umlaut" äöü or some special characters like ¤.
IE seems to build the digest hash with iso8859-1 charset characters whereas chrome uses utf-8. This leads to different hashes, and the User is forbidden access depending on the browser he uses and how the stored hash in the ldap was built.
For example :
Chrome works:
echo -n '<USER>:<REALM>:üBel01??' | md5sum
fbf61c978941ab35281dd99b95543943
IE works:
echo -n '<USER>:<REALM>:üBel01??' | iconv -t iso-8859-1 -f utf-8 | md5sum
44fce233d7bda083d54015c879c47f16
It even works with IE and Chrome Hash if i convert the PW to UTF-8 ( http://www.percederberg.net/tools/text_converter.html ) and c&p the utf8 string into the IE pw field! But thats nothing i can suggest who cant even start the browser if their shortcut isn't at the right place :D
The "easy" version is to forbidd these characters, but some of our customers use their Win-Pw. The complex method would be to store both hashes and a helper checking the browser user-agent and deliever the suitable hash...
I know thats no problem of squid, but maybe someone came across this before, or someone is in the same situation and my information is helpful.
Is there mybe a hidden workaround to tell or force the browser to use a certain kind of encoding? Mybe in squid, or in the browser settings?
Greets
Christian
Received on Fri Apr 04 2014 - 11:13:39 MDT
This archive was generated by hypermail 2.2.0 : Fri Apr 04 2014 - 12:00:04 MDT