Linux Today: Linux News On Internet Time.

O'Reilly Network: Authentication and Squid

Aug 12, 2001, 13:45 (0 Talkback[s])
(Other stories by Jennifer Vesperman)
"HTTP authentication uses the same basic protocols for HTTP web servers and HTTP proxy servers. These protocols have two authentication modes: basic and digest mode. In basic mode, the client passes the user name and the password to the server as a single base64-encoded block. In digest mode, the server encodes the password with a different key in a unidirectional function and the client decodes the function using the password, then returns the key. This proves that the client knows the password, without actually transmitting the password at any point.

To the server (web or proxy), HTTP authentication is stateless. To most clients, it is not -- within a given session, most clients retain user name/password pairs for host names and paths (more accurately, for HTTP realms) that have previously requested authentication.

If the client already has a user name/password pair for a URL, it sends them the page request. If the client does not send the authentication data with a request for a page that requires authentication, the server sends an authentication challenge before sending the page. The client receives the challenge and asks the user for the user name/password pair to send."

Complete Story

Related Stories: