Squid: The Definitive Guide by Duane Wessels
Author:Duane Wessels
Language: eng
Format: mobi, epub, pdf
Tags: Reference:Computers
ISBN: 0750016256
Publisher: O'Reilly Media
Published: 2009-02-09T10:00:00+00:00
Digest Authentication API
If you'd like to write your own Digest authentication helper, you need to understand the communication between Squid and the helper process. The exchange is similar to that for Basic authentication, albeit a little more complicated.
The first difference is that Squid writes the username and realm string, rather than username and password, to the helper process. These strings are quoted and separated by a colon. For example:
"bobby":"Tom Landry Middle School"
The second difference is that the helper process returns an MD5 digest string, rather than OK, if the username is valid. As with Basic authentication, the helper process writes ERR if the user doesn't exist or if the input from Squid is unparseable for some reason.
The helper returns an MD5 digest with the username, realm, and password. The three strings are concatenated together and separated by colons:
username:realm:password
Remember that the password isn't sent in the HTTP request. Rather, the helper retrieves the user's password from a database (like the plaintext file used by the password helper). For example, let's say that Bobby's password is CapeRs. The helper process receives the username and realm from Squid, gets the password from its database, and calculates an MD5 checksum of this string:
bobby:Tom Landry Middle School:CapeRs
The Squid source code includes a library function, DigestCalcHA1( ), which implements this calculation. We can test all this in a terminal window to see what the helper returns:
% echo 'bobby:CapeRs' > /tmp/pw
% echo bogus_input | digest_pw_auth /tmp/pw
ERR
% echo "nouser":"some realm" | digest_pw_auth /tmp/pw
ERR
% echo '"bobby":"Tom Landry Middle School"' | digest_pw_auth /tmp/pw
c7ca3efda238c65b2d48684a51baa90e
Squid stores this MD5 checksum and uses it in other parts of the Digest authentication algorithm. Note that the checksum only changes when the user changes his password. In Squid's current Digest implementation, these checksums are kept in memory as long as the user remains active. If the user is inactive for authenticate_ttl seconds, the MD5 checksum may be removed from Squid's memory. Upon the next request from that user, Squid asks the external helper process to calculate it again.
Download
Squid: The Definitive Guide by Duane Wessels.epub
Squid: The Definitive Guide by Duane Wessels.pdf
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Coding Theory | Localization |
Logic | Object-Oriented Design |
Performance Optimization | Quality Control |
Reengineering | Robohelp |
Software Development | Software Reuse |
Structured Design | Testing |
Tools | UML |
Deep Learning with Python by François Chollet(12593)
Hello! Python by Anthony Briggs(9928)
OCA Java SE 8 Programmer I Certification Guide by Mala Gupta(9804)
The Mikado Method by Ola Ellnestam Daniel Brolund(9787)
Dependency Injection in .NET by Mark Seemann(9348)
Algorithms of the Intelligent Web by Haralambos Marmanis;Dmitry Babenko(8310)
Test-Driven iOS Development with Swift 4 by Dominik Hauser(7773)
Grails in Action by Glen Smith Peter Ledbrook(7705)
The Well-Grounded Java Developer by Benjamin J. Evans Martijn Verburg(7568)
Becoming a Dynamics 365 Finance and Supply Chain Solution Architect by Brent Dawson(7192)
Microservices with Go by Alexander Shuiskov(6956)
Practical Design Patterns for Java Developers by Miroslav Wengner(6873)
Test Automation Engineering Handbook by Manikandan Sambamurthy(6817)
Secrets of the JavaScript Ninja by John Resig Bear Bibeault(6426)
Angular Projects - Third Edition by Aristeidis Bampakos(6236)
The Art of Crafting User Stories by The Art of Crafting User Stories(5752)
NetSuite for Consultants - Second Edition by Peter Ries(5678)
Demystifying Cryptography with OpenSSL 3.0 by Alexei Khlebnikov(5492)
Kotlin in Action by Dmitry Jemerov(5076)
