On Thursday 29 May 2003 15.08, Allen Miller wrote: > For grins, I used the -m option (force MD5 encryption) with > htpasswd, but I could never get authenticated using IE6.
-m uses MD5 hashes which the ncsa_auth shipped with Squid-2.5 and earlier does not understand. For this to work you must use the ncsa_auth helper from Squid-3. > My goal is to allow users to change their Squid password via a web > interface, not be limited to 8 chars, and not to send username and > password info in the clear. For the first part you can use MD5 hashes (-m option to htpasswd and the ncsa_auth helper from Squid-3). To fulfull the second part you have to abandon the use of Basic HTTP authentication and switch to digest authentication which provides secure exchanges of the user credentials over the network. The Digest support in Squid-2.5.STABLE3 should be usable with most major browsers currently on the market.. (some small amount of configuration may be needed to work around browser bugs, but the knobs for doing so is there..), but I'd recommend using the digest_pw_auth helper from Squid-3 for increased security. This version of the helper supports storing the user passwords in HA1 hashed format instead of plain text. Note: both the ncsa_auth and digest_pw_auth helpers from Squid-3 works just fine with Squid-2.5. I do not recommend using Squid-3 in production, only these helpers from the Squid-3 distribution with a otherwise Squid-2.5 installation. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
