On Sunday 15 June 2003 00.21, Steven Sporen wrote: > I'm trying to understand how the digest authentication was > implemented within Squid, specifically how does Squid calculate the > hash to compare to what the client sent through if the nonce value > is changed per session?
Squid asks the helper for the HA1 value of the user+realm, then applies the digest algorith to this per request. > Is it possible to have squid pass through the digest > proxy-authentication request directly to a web server which would > perform the authentication allowing or denying access to the > browsing through the cache? I would like to have squid authenticate > against an IIS server. Not easily. For this you basically have to replace the digest implementation in Squid with a dummy layer just relaying all authentication to the IIS server on each and every request. What might be possible is to add in a reasonable manner is an interface whereby the helper can query an external password source for the MD5-sess HA1 value, or alternatively the H() part of the MD5-sess A1 value (or MD5 HA1 value if communication is secure but this is not recommended for security reasons). Problem is to find a password database who is willing to give this information allowing Squid to perform digest operations. -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
