[squid-users] Problem with Digest Authentication and different browsers

From: Christian Zink <christian.zink_at_outlook.de>
Date: Fri, 4 Apr 2014 13:13:28 +0200

Hi, after some strange authentication issues i came across the problem of different implementions of Digest Authentication in IE on the one hand and Chrome/Firefox on the other. The problem occurs when a user sets a password containing a german "Umlaut" ��� or some special characters like �. IE seems to build the digest hash with iso8859-1 charset characters whereas chrome uses utf-8. This leads to different hashes, and the User is forbidden access depending on the browser he uses and how the stored hash in the ldap was built.� For example : Chrome works: echo -n '<USER>:<REALM>:�Bel01??' | md5sum fbf61c978941ab35281dd99b95543943 � � IE works: echo -n '<USER>:<REALM>:�Bel01??' | iconv -t iso-8859-1 -f utf-8 | md5sum 44fce233d7bda083d54015c879c47f16� It even works with IE and Chrome Hash if i convert the PW to UTF-8 ( http://www.percederberg.net/tools/text_converter.html ) and c&p the utf8 string into the IE pw field! But thats nothing i can suggest who cant even start the browser if their shortcut isn't at the right place :D The "easy" version is to forbidd these characters, but some of our customers use their Win-Pw. The complex method would be to store both hashes and a helper checking the browser user-agent and deliever the suitable hash...� I know thats no problem of squid, but maybe someone came across this before, or someone is in the same situation and my information is helpful. Is there mybe a hidden workaround to tell or force the browser to use a certain kind of encoding? Mybe in squid, or in the browser settings? Greets� Christian
Received on Fri Apr 04 2014 - 11:13:39 MDT

This archive was generated by hypermail 2.2.0 : Fri Apr 04 2014 - 12:00:04 MDT