Hi Henrik,
Ruy Oliveira helped me debuging the program. Return was ok, but there was some perl errors at my code. After some cleanup (by Ruy) it finally worked, and it really doesn't the "encode_base64".
As I am not a experienced perl programmer, and running it from command line give me apparently the right results, it was driving me crazy... :-)
I will now do some implementations at it to release the first version.
By the way, only returning the ha1 is fine.
Best Regards, Guilherme Monteiro
Henrik Nordstrom escreveu:
On Thu, 17 Mar 2005, Guilherme Buonfiglio de Castro Monteiro wrote:
Hi,
I'm developing a perl digest authentication program that uses LDAP as backend.
It's near completion but I'm needing help with HHA1 return to Squid.
First I will explain what I'm doing:
1) I'm creating a new Ldap ObjectClass that has uid/digestInfo/ha1
2) digestInfo is join(":",$username,$realm)
ha1 is md5_hex( join(":",$username,$realm,$password));
3) So for username:realm:password I have
digestInfo=username:realm
ha1=66999343281b2624585fd58cc9d36dfc
4) My program should receive "a line containing "username":"realm" and replies with the appropriate H(A1) value base64 encoded or ERR if the user (or his H(A1) hash) does not exists." (this was extracted from squid.conf for auth_param digest).
Actually it's receiving it. :-)
5) Then I issue a ldapsearch (digestInfo=".$digestInfo") and read the attribute ha1
6) Then I return $hha1 = encode_base64($ha1); I know that I'm missing the point at this moment!!!
You need to print the result.
I know ha1 is correct. I've already compared with results from apache htdigest program. But what Squid want's is not the encode_base64($ha1).
Squid wants the exact same format as Apache htdigest creates in the hash column.
The digest_pwauth helper is a good reference as for how your helper should operate. By using this as reference you can easily verify that your helper is working correctly, as both should return the exact same output given the same user data (login , realm , password, input where appropriately)
Regards Henrik
