LDAPDIGEST by Richard Stubbs stubbs@ukzn.ac.za Based on code from squid_ldap_ auth by Henrik Nordstrom (hno@squid-cache.org) and Glen Newton (glen.newton@nrc.ca). Uses edir_ldapext by Novell as released in the FreeRadius project
This helper is to allow you to use digest authentication between the squid server and an LDAP backend (Currently eDir Based). This provides an alternative to the clear text (well base64) of the basic authentication method.
Modify makefile and insert path to appropriate squid libraries and any other libraries that may be required.
Run make
Install the binary somewhere and modify the squid.conf to use the program as appropriate. You will use this in the same way that Henrik's squid_ldap_auth is used. In order for this method to work your LDAP will need to support extraction of the user password.
Currently only Novell eDir with Universal Password enabled is supported. Your Universal Password should be enabled and the policy should allow admin users to extract passwords. Please be aware that this presents a significant security risk as any admin user can extract any password. This means that you should take extra care with your admin users (as if you did not!). It is recommended that you store the admin password in the secret file (the W option). For a higher level of security there are a few more things you could do (for example setup a special ldap tree), Also use TLS to connect to the LDAP server and make sure your squid server is secure!
Aside from the fact that it only currently support eDir and there is some setup required in eDir, and you should be aware digest authentication is not supported by all browsers..
© 2008 Novell, Inc. All Rights Reserved.
