Hi! Henrik Nordstrom escribió: > On tor, 2008-06-19 at 15:49 -0430, Edward Ortega wrote: > >> Hi! >> >> I've a problem with authentication ldap on squid3 using digest, i'm >> using Squid Cache: Version 3.0.PRE5 on Debian ia64 : >> >> # /usr/lib/squid3/digest_ldap_auth -v 3 -b 'dc=something,dc=com' -F >> '(&(objectclass=posixAccount)(uid=%s))' -H 'ldap://ldap' -A >> 'userPassword' -l -e -d >> someuser somepassword >> ERR >> >> Any help would be appreciated, thanks! >> > > Digest helpers expect a different input. > > "username":"realm"<enter> > (with the quotes) > > Additionally userPassword is usually write-only in most LDAP trees for > security reasons, and practically never contains a Digest H(A1) hash (-e > option). > > The job of a digest helper is to return the Digest H(A1) hash for a > given username + realm combination. This can be based on either > plaintext passwords or precalculated digest H(A1) hashes stored in the > backend.. > > H(A1) is MD5(username + ":" + realm + ":" + password) > > Ok, i store on the '*street*' attribute something like you said ( MD5(username + ":" + realm + ":" + password) ), have i to store the "realm" argument on other attribute to squid understand the hash?
#/usr/lib/squid3/digest_ldap_auth -v 3 -b 'dc=something,dc=com' -F '(&(objectclass=posixAccount)(uid=%s))' -H 'ldap://ldap' -A '*street*' -l -d > Regards > Henrik > Thanks agains
