Hi, the digest authentication helper protocol requires that the helper
return the encrypted digest authentication hash given the username and
realm.
The problem is, if I have 2 different realms which authenticate against the
same user credentials, if I store the credentials in a one-way encrypted
format (obviously preferable) I have to store them with the realm included
in the encryption, because I have to pass this back to squid via the helper.
In this case I would have to store a password for each realm, and could
never change the realm. Or I'm going to have to store the passwords
unencrypted so I can encrypt them with the realm in the helper.
Why not just use the same OK/ERR scheme that basic auth uses? This way the
helper can do the validation its own way without tying our hands when it
comes to situations like this?
Thanks,
David