digest和basic auth 安装:
# ./configure --prefix=/usr/local/squid --sysconfdir=/etc/ --enable-arp-acl --enable-linux-netfilter --enable-pthreads --enable-storeio=ufs --enable-auth="basic digest" --enable-digest-auth-helpers=password --enable-baisc-auth-helpers="NCSA" --enable-underscore
#make && make install
#cp ./helpers/digest_auth/password/digest_pw_auth /usr/local/squid/bin/
#cp ./helpers/basic_auth/NCSA/ncsa_auth /usr/local/squid/bin/
digest配置:
#vim squid.conf
auth_param digest program /usr/local/squid/bin/digest_pw_auth -c /usr/local/squid/digest.passwd
auth_param digest children 5
#auth_param digest realm Squid proxy-caching web server
auth_param digest realm testrealm
auth_param digest nonce_garbage_interval 5 minutes
auth_param digest nonce_max_duration 30 minutes
auth_param digest nonce_max_count 50
acl test proxy_auth REQUIRED
http_access allow test
添加用户脚本:
#!/bin/bash
user=$1
pass=$2
realm=$3
if [ -z "$1" -o -z "$2" -o -z "$3" ] ; then
echo "Usage: $0 user password 'realm'";
exit 1
fi
ha1=$(echo -n "$user:$realm:$pass"|md5sum |cut -f1 -d' ') #此变量由用户名,域值,密码生成的MD5摘要值。三者必须以冒号分隔。
echo "$user:$realm:$ha1" >> /usr/local/squid/digest.passwd
注:
1.$realm的值要与squid.conf配置中的auth_param digest realm testrealm 一致。如果修改了realm的值需要重启后重新载入内存生效。
2.如果使用digest认证用户密码以明文形式存储,squid.conf配置认证文件读取方式:
auth_param digest program /usr/local/squid/bin/digest_pw_auth /usr/local/squid/digest.passwd
这样squid不提供任何工具来维护这种格式的密码文件(认证文件内容-->username:password)
如果以MD5加密方式存储(test5:testtest:e85a864960698be7cf83c39a9a61c03f):
auth_param digest program /usr/local/squid/bin/digest_pw_auth -c /usr/local/squid/digest.passwd
阅读(2474) | 评论(0) | 转发(0) |