On mån, 2008-06-02 at 10:10 -0400, Chris Riggins wrote:
> I found that the method below did not work, actually.  I still
> have not figured out just how Apache's "htdigest" is joining the
> several inputs to create the md5 hash, but it isn't
> "user:realm:password" | md5sum.

It is the same. Try again..

$ echo -n "henrik:Squid HTTP Proxy:testing" | md5sum
e07afc91b0cfe99ff7a3630d6f34db62  -

$ htdigest -c test.pwd "Squid HTTP Proxy" henrik
Adding password for henrik in realm Squid HTTP Proxy.
New password: [testing]
Re-type new password: [testing]
$ cat test.pwd
henrik:Squid HTTP Proxy:e07afc91b0cfe99ff7a3630d6f34db62


The following perl snippet also does the same thing:

#!/usr/bin/perl

use Digest::MD5 qw(md5_hex);

if (@ARGV != 3) {
    die("usage: user realm password\n");
}

print md5_hex(join(":", @ARGV))."\n";

> I finally got digest auth to work by doing the following (the
> "-c" creates the passwd file):
> 
> # htdigest -c <passwd_file> <realm> <username>
> 
> which requested a password.  I provided it twice, and it generated the
> following line in the file:
> 
> <username>:<realm>:md5-hash
> 
>      Now that format isn't usable by squid

It is. Squid digest_pw_auth accepts both username:hash and
username:realm:hash, with the Apache format preferred.

In the LDAP directory the format is slightly different however as the
data is there stored within the user object, and Squid expecting
realm:hash in the LDAP attribute.

Regards
Henrik

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to