[mailto:hen...@henriknordstrom.net]
Sent: Sunday, June 06, 2010 12:28 PM
To: David Parks
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Digest authentication change from previous version?
sön 2010-06-06 klockan 09:35 -0600 skrev David Parks:
But since there's a change from what I
A while back I tested out squid with a custom Digest authenticator.
I found that squid was caching the authentication requests and not
re-requesting them from the auth-helper.
I don't recall what version I did the test on, but it might have been 2.7.
I am now using 3.0.25 and I see that my
sön 2010-06-06 klockan 09:35 -0600 skrev David Parks:
But since there's a change from what I originally found and now I want to
validate that this is indeed the _expected behavior_? Anyone familiar with
such a change?
It's not intentional.
Regards
Henrik
Hi, the digest authentication helper protocol requires that the helper
return the encrypted digest authentication hash given the username and
realm.
The problem is, if I have 2 different realms which authenticate against the
same user credentials, if I store the credentials in a one-way
fre 2010-06-04 klockan 19:39 -0600 skrev David Parks:
From what it looks like Digest Authentication doesn't support concurrency
(sending multiple requests to a single helper). But Basic Auth, and ACL
Helpers do.
Seems to be the case indeed. All the support is there, but the option is
missing
lör 2010-06-05 klockan 09:07 -0600 skrev David Parks:
Hi, the digest authentication helper protocol requires that the helper
return the encrypted digest authentication hash given the username and
realm.
Yes..
The problem is, if I have 2 different realms which authenticate against the
same
...@henriknordstrom.net]
Sent: Saturday, June 05, 2010 3:01 PM
To: David Parks
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Digest authentication helper question
lör 2010-06-05 klockan 09:07 -0600 skrev David Parks:
Hi, the digest authentication helper protocol requires that the helper
return
From what it looks like Digest Authentication doesn't support concurrency
(sending multiple requests to a single helper). But Basic Auth, and ACL
Helpers do.
Seems odd so I just want to do a verification that I'm reading it right.
Squid 3.0 STABLE 25
Thanks,
David
-users] Digest authentication not working
Ho, Oiling wrote:
Hi,
I setup squid on my PC as my proxy server, I am able to run the squid
client to access the internet. However, when I configure it to use
digest authentication, it stops working, this is in my squid.conf:
auth_param digest
-users] Digest authentication not working
Ho, Oiling wrote:
Hi,
I setup squid on my PC as my proxy server, I am able to run the squid
client to access the internet. However, when I configure it to use
digest authentication, it stops working, this is in my squid.conf:
auth_param digest
Hi,
I setup squid on my PC as my proxy server, I am able to run the squid
client to access the internet. However, when I configure it to use
digest authentication, it stops working, this is in my squid.conf:
auth_param digest program c:/squid/libexec/digest_pw_auth.exe
Ho, Oiling wrote:
Hi,
I setup squid on my PC as my proxy server, I am able to run the squid
client to access the internet. However, when I configure it to use
digest authentication, it stops working, this is in my squid.conf:
auth_param digest program c:/squid/libexec/digest_pw_auth.exe
On tis, 2008-05-06 at 07:58 -0700, Ghasem Abbasi wrote:
i want to configure squid proxy for digest
authentication with radius.
Unfortunately not possible.
Digest authentication need access to the plaintext password or the
Digest MD5 hashed variant thereof..
Quite recently the Radius protocol
Hi
i want to configure squid proxy for digest
authentication with radius.
please help me
thank a lot
abbasi
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now.
-cache.org
Sent: Monday, February 18, 2008 8:26 PM
Subject: Re: [squid-users] Digest Authentication in Squid through LDAP
in Windows 2003 DC
Hi,
Please, I need some help about Digest Authentication.
We made a new server in our enterprise, using Fedora 7 (64 bits).
We have Squid 3, installed, and we
-
From: Amos Jeffries [EMAIL PROTECTED]
To: Luis Claudio Botelho - Chefe de Tecnologia e Redes
[EMAIL PROTECTED]
Cc: squid-users@squid-cache.org
Sent: Monday, February 18, 2008 8:26 PM
Subject: Re: [squid-users] Digest Authentication in Squid through LDAP in
Windows 2003 DC
Hi,
Please, I need
Hi,
Please, I need some help about Digest Authentication.
We made a new server in our enterprise, using Fedora 7 (64 bits).
We have Squid 3, installed, and we need to authenticate our users in one of
the DC's (Windows 2003 Server DC).
The problem:
We started configuring Squid with basic
Luis Claudio Botelho - Chefe de Tecnologia e Redes wrote:
Hi,
Please, I need some help about Digest Authentication.
We made a new server in our enterprise, using Fedora 7 (64 bits).
We have Squid 3, installed, and we need to authenticate our users in
one of
the DC's (Windows 2003 Server DC).
Hi,
Please, I need some help about Digest Authentication.
We made a new server in our enterprise, using Fedora 7 (64 bits).
We have Squid 3, installed, and we need to authenticate our users in one
of
the DC's (Windows 2003 Server DC).
The problem:
We started configuring Squid with basic
tor 2007-02-01 klockan 19:52 +0100 skrev [EMAIL PROTECTED]:
Version: 2.5.9-10sarge2
Should work, but please try upgrading. Current release is 2.6.STABLE9.
2.5.STABLE9 is almost two years old, and there has been many changes
since then.
auth_param digest program /usr/lib/squid/digest_pw_auth
which is the control parameter for setting the auth
request
interval?
Authentication in HTTP is per request. Your login details
is cached by
the browser to avoid having to ask you on each request,
and Squid has no
control over how long your browser keeps the login
details cached.
..
Then
ons 2007-01-24 klockan 09:29 +0100 skrev [EMAIL PROTECTED]:
which is the control parameter for setting the auth
request interval?
Authentication in HTTP is per request. Your login details is cached by
the browser to avoid having to ask you on each request, and Squid has no
control over how
I've setting the auth digest and all is working, but i don't
understand this:
which is the control parameter for setting the auth
request interval?
At random time squid display the authentication form.
Is possible to set squid for auth request only when i start the browser
(or after a long
: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
Sent: 05 December 2006 00:44
To: Rocco De Angelis
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Digest Authentication (HELP)
mån 2006-12-04 klockan 03:57 + skrev Rocco De Angelis:
I'm planning to use Digest Authentication. It's not however
Hi
I'm planning to use Digest Authentication. It's not however still clear to
me yet how to forward the credential information. A redirector redirects the
user to a local web page. This page should provide an interface for
authentication right? Once the user enters the username and password on
I verified using current 2.5.STABLE (what will become 2.5.STABLE14), but
the digest code has not changed in a long time.. last functional change
was in 2.5.STABLE10 where support for %m in error pages was added.
I dont't use Squid digest autheticator. I use an external digest helper:
auth_param
Hello,
I'm using Digest Authentication and H1 hash data (
H1=hash(userid:realm:password) ) are on an LDAP server.
My external authenticator read userid and realm from stdinput, make an
ldap search against LDAP server and then return to Squid the H1 hash on
stdoutput.
Can Squid notify me
Dear Alberto
I think the right place to look for such notification capability is
the external authenticator itself.
On 5/18/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hello,
I'm using Digest Authentication and H1 hash data (
H1=hash(userid:realm:password) ) are on an LDAP server.
My
tor 2006-05-18 klockan 15:08 +0200 skrev [EMAIL PROTECTED]:
In fact, I think that my Squid 2.5.STABLE10 system is open to brute
force password attack.
In this situation in the access.log I see TCP_DENIED/407 error
messages but I don't know who is the user under attack.
I'd like to know the
Hi Henrik,
I'm using squid-2.5.STABLE12 . I'm trying authentication with a bad
password. In the access.log file I don't see the userid :
1147963589.188386 10.182.35.253 TCP_DENIED/407 1726 GET
http://www.google.com/ - NONE/- text/html
1147963589.220 32 10.182.35.253 TCP_DENIED/407
tor 2006-05-18 klockan 16:56 +0200 skrev [EMAIL PROTECTED]:
Hi Henrik,
I'm using squid-2.5.STABLE12 . I'm trying authentication with a bad
password. In the access.log file I don't see the userid :
1147963589.188386 10.182.35.253 TCP_DENIED/407 1726 GET
http://www.google.com/ -
Hi there everyone,
Just a quick question, whats the difference between digest authentication
and basic authentication?
- Digest auth. offers pw. encrypted exchange between browser and SQUID.
M.
lör 2006-04-15 klockan 12:03 +1000 skrev Paul Matthews:
Just a quick question, whats the difference between digest authentication
and basic authentication?
A lot.. If you are familiar with PPP the following analogues can be
made
basic - PAP, or plain text password exchange.
digest - CHAP, or
Hi there everyone,
Just a quick question, whats the difference between digest authentication
and basic authentication?
--
Paul Matthews
I.T Trainee | The Cathedral School
Ph (07) 47222 194 | Fax (07) 47222 111
PO Box 944 Aitkenvale Q 4814
E: [EMAIL PROTECTED]
W: www.cathedral.qld.edu.au
Ok thanks,
in this case, is there any other solution, safer than basic authentication
to use when NTLM cannot be used with some browsers ?
Best Regards,
Lionel
-
CE COURRIER ELECTRONIQUE EST A USAGE STRICTEMENT INFORMATIF ET NE SAURAIT
On Tue, 18 Oct 2005, ZX710STER001, Ext wrote:
in this case, is there any other solution, safer than basic authentication
to use when NTLM cannot be used with some browsers ?
There is the following choices:
Basic authentication (works with almost anything)
Digest authentication (requires
Hello,
can digest authentication use the AD directory (at first 2000, 2003 in a
second step) ?
(i was thinking in using digest authentification to replace basic
authentication)
If yes, is there a tutorial somewhere ?
Lionel
-
CE
Hi,
At 12.41 17/10/2005, ZX710STER001, Ext wrote:
Hello,
can digest authentication use the AD directory (at first 2000, 2003 in a
second step) ?
(i was thinking in using digest authentification to replace basic
authentication)
Currently there are no Digest helpers available to do this.
On Mon, 17 Oct 2005, Serassio Guido wrote:
Currently there are no Digest helpers available to do this.
But, if you want use Digest authentication, you must enable the storing of
the users password in reversible encryption format. This is not recommended
from Microsoft for security reasons.
Hi,
At 21.51 20/06/2005, kido wrote:
hi!
I'm using squid 2.5 ; basic authentication (ncsa) works just fine.
I tried to improve the authentication scheme, chosing digest. So, I entered:
squid-2.5.STABLE10/helpers/digest_auth/
and did make make install
then I uncommented the following line in
? :((
- Original Message -
From: Serassio Guido [EMAIL PROTECTED]
To: kido [EMAIL PROTECTED]; squid squid-users@squid-cache.org
Sent: Tuesday, June 21, 2005 9:22 AM
Subject: Re: [squid-users] digest authentication error
Hi,
At 21.51 20/06/2005, kido wrote:
hi!
I'm using squid 2.5
Hi,
At 18.49 21/06/2005, kido wrote:
hi, again!
I tried like u told me:
./configure --enable-basic-auth-helpers=NCSA
--enable-err-languages=Romanian --enable-arp-acl
--enable-digest-auth-helpers=password --enable-auth=basic digest
make
make install
I left this lines uncommented:
auth_param
hi!
I'm using squid 2.5 ; basic authentication (ncsa) works just fine.
I tried to improve the authentication scheme, chosing digest. So, I entered:
squid-2.5.STABLE10/helpers/digest_auth/
and did make make install
then I uncommented the following line in squid.conf.
auth_param digest program
Dear Henrik,
Tried doing like you suggested to check out the htdigest for the user
'test'.
Created an encrypted file using htdigest command for the user 'test'.
The output is always error when I input the name 'test'.
./digest_pw_auth -c /usr/local/squid/etc/passwd
testCR
ERR
Even with a
On Fri, 17 Dec 2004, Glenn Baptista wrote:
Dear Henrik,
Tried doing like you suggested to check out the htdigest for the user 'test'.
Created an encrypted file using htdigest command for the user 'test'. The
output is always error when I input the name 'test'.
My error. The helper expects
Hello Henrik,
Did try to look around to see how to proceed, but did not reach the
desired outcome. Saw the code for the text_backend.c file and realised
that you need to insert an additional parameter '-c' in the squid.conf
file for tthe 'digest_auth program ' parameter.
Still things did not
On Thu, 16 Dec 2004, Glenn Baptista wrote:
Can you provide some more direct help please?
Create the password file using htdigest
start the helper with -c option.
Works for me last time I tested, but it has admittedly been a while since
I tried this.
Another option is to edit the encrypted
On Thu, 16 Dec 2004, Glenn Baptista wrote:
Did try to look around to see how to proceed, but did not reach the desired
outcome. Saw the code for the text_backend.c file and realised that you need
to insert an additional parameter '-c' in the squid.conf file for tthe
'digest_auth program '
Hello Henrik,
Thank you for your assistance. './configure --enable-auth=digest
--enable-digest-auth-helpers' solved the problem like you suggested. So
I now have squid 2.5 Stable 7 working with an unencrypted password file
using the digest scheme.
name:password.
Going forward one last step,
On Wed, 15 Dec 2004, Glenn Baptista wrote:
I compiled version 3 like before and copied the 'digest_pw_auth' program into
the ../libexec directory.
I included the realm statement in squid.conf to read 'Test'
I created the password file using
htdigest .../passwd Test userName
What am I doing
On Tue, 14 Dec 2004, Glenn Baptista wrote:
Hello Henrik,
Thanks very much for your help. I was not successful in being able to do
digest authentication. Following are details of what I did. Can you please
help me overcome the problem which is reported by squid as a 'Parsing error'
[EMAIL
Hello Henrik,
Thanks very much for your help. I was not successful in being able to do
digest authentication. Following are details of what I did. Can you
please help me overcome the problem which is reported by squid as a
'Parsing error'
[EMAIL PROTECTED] sbin]# ./squid
2004/12/14 11:10:34|
On Tue, 7 Dec 2004, Glenn Baptista wrote:
Is digest authentication is possible in the following environment.
1. We are using squid version 2.5 Stable 3 on a Redhat 9 server (and are
happy to upgrade to any other suitable version).
2. We wish to authenticate using an independent DIGEST scheme;
Hello,
I have been trying to authenticate users using a 'Digest Authentication'
scheme but have not had success. I have been unable to find some
communication where this is described, though there are emails listing
some problems and many indicating that this may not be possible,
possibly
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Can I combine digest authentication with samba?
What I mean is not to have usernames and passwords to the digest_passwd file,
but to make digest talk directly to a samba server.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3 (GNU/Linux)
On Thu, 30 Sep 2004, Costas Zacharopoulos wrote:
Can I combine digest authentication with samba?
Yes, sort of.
What I mean is not to have usernames and passwords to the digest_passwd file,
but to make digest talk directly to a samba server.
No.
But you can use Samba to lookup the gruop memberships
I am new to squid. I want to know to generate the password file used by
the digest_pw_auth application that is included with Squid 2.5.STABLE5?
I tried using htdigest which I use with Apache but that does not see to
work.
Thanks!
On Thu, 29 Apr 2004, Aeon wrote:
I am new to squid. I want to know to generate the password file used by
the digest_pw_auth application that is included with Squid 2.5.STABLE5?
It is plain text
username:password
I tried using htdigest which I use with Apache but that does not see to
work.
It works perfectly. thanks!
On Thu, 29 Apr 2004, Henrik Nordstrom wrote:
On Thu, 29 Apr 2004, Aeon wrote:
I am new to squid. I want to know to generate the password file used by
the digest_pw_auth application that is included with Squid 2.5.STABLE5?
It is plain text
Hello,
i have some questions about digest authentication and in particular on the
way communication beetween squid, the client and the helper takes place
(I'm testing digest_pw_auth).
1. Who does create the challenge for the user? Squid or the helper?
2. In the case it is Squid, what does it
On Wed, 14 Jan 2004 [EMAIL PROTECTED] wrote:
1. Who does create the challenge for the user? Squid or the helper?
Squid.
2. In the case it is Squid, what does it pass to the helper on stdin?
3. And how does the helper reply? OK or ERR as usual?
2,3 is documented in the squid.conf comments
[EMAIL PROTECTED]Per:[EMAIL PROTECTED]
.orgCc: [EMAIL PROTECTED]
Oggetto: Re: [squid-users] Digest
On Thu, 2004-01-15 at 09:50, Antonio Manfreda wrote:
Hello,
I'm trying to make an offline calculation of the Request-Digest for an
authentication session beetween a client and Squid using
digest_pw_auth to see if I can reconstruct the response to the challenge.
I'm using md5sum on Linux to
missing?
Regards,
Antonio Manfreda
- Original Message -
From: Robert Collins [EMAIL PROTECTED]
To: Antonio Manfreda [EMAIL PROTECTED]
Cc: Squid Users [EMAIL PROTECTED]
Sent: Thursday, January 15, 2004 12:13 AM
Subject: Re: Rif: Re: [squid-users] Digest Authentication
On Thu, 15 Jan 2004, Antonio Manfreda wrote:
Thank you very much for the clue.
How can I turn on auth debugging in squid and what file does it use for
logging?
Anyway, I don't understand why, following RFC specs, I cant build the digest
created by the client (after all it is a client side
On Thu, 2004-01-15 at 10:35, Antonio Manfreda wrote:
Thank you very much for the clue.
How can I turn on auth debugging in squid and what file does it use for
logging?
Anyway, I don't understand why, following RFC specs, I cant build the digest
created by the client (after all it is a
66 matches
Mail list logo