Hi, after some strange authentication issues i came across the problem of different implementions of Digest Authentication in IE on the one hand and Chrome/Firefox on the other. The problem occurs when a user sets a password containing a german "Umlaut" äöü or some special characters like €. IE seems to build the digest hash with iso8859-1 charset characters whereas chrome uses utf-8. This leads to different hashes, and the User is forbidden access depending on the browser he uses and how the stored hash in the ldap was built.
For example : Chrome works: echo -n '<USER>:<REALM>:üBel01??' | md5sum fbf61c978941ab35281dd99b95543943 IE works: echo -n '<USER>:<REALM>:üBel01??' | iconv -t iso-8859-1 -f utf-8 | md5sum 44fce233d7bda083d54015c879c47f16 It even works with IE and Chrome Hash if i convert the PW to UTF-8 ( http://www.percederberg.net/tools/text_converter.html ) and c&p the utf8 string into the IE pw field! But thats nothing i can suggest who cant even start the browser if their shortcut isn't at the right place :D The "easy" version is to forbidd these characters, but some of our customers use their Win-Pw. The complex method would be to store both hashes and a helper checking the browser user-agent and deliever the suitable hash... I know thats no problem of squid, but maybe someone came across this before, or someone is in the same situation and my information is helpful. Is there mybe a hidden workaround to tell or force the browser to use a certain kind of encoding? Mybe in squid, or in the browser settings? Greets Christian
