RE: [squid-users] plugin to secure authentication

I am not sure what you mean by "LDAP based digest helper in the Squid-3
tree", but have have tried digest_pw_auth and that does not work. It
works fine for plain text files but not for LDAP.

I am using a script which enables users to authenticate against our
Microsoft AD (ldap_auth) as well as against a text file (ncsa_auth).
With basic authentication the script works fine. However, I am now
required to encrypt the ldap credentials so basic won't do. It is not
necessary to encrypt the flat file ncsa_auth passwords. A copy of the
script follows.

I have used the following line in squid.conf to call the script the
below -
auth_param digest program /usr/local/squid/scripts/dual_auth.sh (whereas
before I used auth_param basic program...)

#!/bin/sh
# read from stdin until EOF is received

while read INP; do
# Use username and password to authenticate against AD domain number
DOMAIN1=`echo $INP | /usr/local/squid/libexec/squid_ldap_auth -b
"OU=UserAccounts,OU=my,DC=WORK,DC=DOMAIN,DC=AC,DC=ZA" -v 3 -D
"Cn=UserName,OU=my,DC=WORK,DC=DOMAIN,DC=AC,DC=ZA" -w "PASSWORD" -f
"uid=%s" -h 146.141.x.x -p 389 -d`
#
#
# If username and password is correct for either domain, output "OK"
if [ "$DOMAIN1" == "OK" ]; then
        echo "OK"
else
        echo "ERR"
fi
done

-----Original Message-----
From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
Sent: 06 April 2006 01:50 PM
To: Paolo Biancolli
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] plugin to secure authentication

tor 2006-04-06 klockan 09:10 +0200 skrev Paolo Biancolli:

> I am also intersted in securing passwords using ldap. Where can I find

> this helper? I am using squid 2.5 on linux 2.4.

There is a digest LDAP based digest helper in the Squid-3 tree (this
helper also works with 2.5).

Regards
Henrik
Received on Thu Apr 06 2006 - 08:35:27 MDT