Index: squid/src/cf.data.pre
diff -c squid/src/cf.data.pre:1.245.2.51 squid/src/cf.data.pre:1.245.2.52
*** squid/src/cf.data.pre:1.245.2.51	Tue Oct 14 14:17:45 2003
--- squid/src/cf.data.pre	Thu Nov  6 07:54:20 2003
***************
*** 1277,1283 ****
  	basic authentication sheme is not used unless a program is specified.
  
  	If you want to use the traditional proxy authentication,
! 	jump over to the ../auth_modules/NCSA directory and
  	type:
  		% make
  		% make install
--- 1277,1283 ----
  	basic authentication sheme is not used unless a program is specified.
  
  	If you want to use the traditional proxy authentication,
! 	jump over to the helpers/basic_auth/NCSA directory and
  	type:
  		% make
  		% make install
***************
*** 1285,1293 ****
  	Then, set this line to something like
  
  	auth_param basic program @DEFAULT_PREFIX@/bin/ncsa_auth @DEFAULT_PREFIX@/etc/passwd
! 
  	"children" numberofchildren
! 	The number of authenticator processes to spawn (no default).
  	If you start too few Squid will have to wait for them to
  	process a backlog of usercode/password verifications, slowing
  	it down. When password verifications are done via a (slow)
--- 1285,1293 ----
  	Then, set this line to something like
  
  	auth_param basic program @DEFAULT_PREFIX@/bin/ncsa_auth @DEFAULT_PREFIX@/etc/passwd
! 	
  	"children" numberofchildren
! 	The number of authenticator processes to spawn.
  	If you start too few Squid will have to wait for them to
  	process a backlog of usercode/password verifications, slowing
  	it down. When password verifications are done via a (slow)
***************
*** 1299,1305 ****
  	Specifies the realm name which is to be reported to the
  	client for the basic proxy authentication scheme (part of
  	the text the user will see when prompted their username and
! 	password). There is no default.
  	auth_param basic realm Squid proxy-caching web server
  
  	"credentialsttl" timetolive
--- 1299,1305 ----
  	Specifies the realm name which is to be reported to the
  	client for the basic proxy authentication scheme (part of
  	the text the user will see when prompted their username and
! 	password).
  	auth_param basic realm Squid proxy-caching web server
  
  	"credentialsttl" timetolive
***************
*** 1312,1317 ****
--- 1312,1318 ----
  	system (such as SecureID).  If you are using such a system,
  	you will be vulnerable to replay attacks unless you also
  	use the max_user_ip ACL in an http_access rule.
+ 	auth_param basic credentialsttl 2 hours
  
  	=== Parameters for the digest scheme follow ===
  
***************
*** 1321,1330 ****
  	replies with the appropriate H(A1) value base64 encoded.
  	See rfc 2616 for the definition of H(A1).  If you use an
  	authenticator, make sure you have 1 acl of type proxy_auth.
! 	By default, authentication is not used.
  
! 	If you want to use build an authenticator,
! 	jump over to the ../digest_auth_modules directory and choose the
  	authenticator to use. It it's directory type
          	% make
  	        % make install
--- 1322,1332 ----
  	replies with the appropriate H(A1) value base64 encoded.
  	See rfc 2616 for the definition of H(A1).  If you use an
  	authenticator, make sure you have 1 acl of type proxy_auth.
! 	By default, the digest authentication scheme is not used
! 	unless a program is specified.
  
! 	If you want to use a digest authenticator, jump over to
! 	the helpers/digest_auth/ directory and choose the
  	authenticator to use. It it's directory type
          	% make
  	        % make install
***************
*** 1346,1382 ****
  	Specifies the realm name which is to be reported to the
  	client for the digest proxy authentication scheme (part of
  	the text the user will see when prompted their username and
! 	password). There is no default.
  	auth_param digest realm Squid proxy-caching web server
  
  	"nonce_garbage_interval" timeinterval
  	Specifies the interval that nonces that have been issued
  	to client_agent's are checked for validity.
  
  	"nonce_max_duration" timeinterval
  	Specifies the maximum length of time a given nonce will be
  	valid for.
  
  	"nonce_max_count" number
  	Specifies the maximum number of times a given nonce can be
  	used.
  
  	"nonce_strictness" on|off
  	Determines if squid requires strict increment-by-1 behaviour
  	for nonce counts, or just incrementing (off - for use when
  	useragents generate nonce counts that occasionally miss 1
! 	(ie, 1,2,4,6)). Default off.
  
  	"check_nonce_count" on|off
  	This directive if set to off can disable the nonce count check
  	completely to work around buggy digest qop implementations in
  	certain mainstream browser versions. Default on to check the
  	nonce count to protect from authentication replay attacks.
  
  	"post_workaround" on|off
  	This is a workaround to certain buggy browsers who sends
  	an incorrect request digest in POST requests when reusing
  	the same nonce as aquired earlier on a GET request.
  
  	=== NTLM scheme options follow ===
  
--- 1348,1390 ----
  	Specifies the realm name which is to be reported to the
  	client for the digest proxy authentication scheme (part of
  	the text the user will see when prompted their username and
! 	password).
  	auth_param digest realm Squid proxy-caching web server
  
  	"nonce_garbage_interval" timeinterval
  	Specifies the interval that nonces that have been issued
  	to client_agent's are checked for validity.
+ 	auth_param digest nonce_garbage_interval 5 minutes
  
  	"nonce_max_duration" timeinterval
  	Specifies the maximum length of time a given nonce will be
  	valid for.
+ 	auth_param digest nonce_max_duration 30 minutes
  
  	"nonce_max_count" number
  	Specifies the maximum number of times a given nonce can be
  	used.
+ 	auth_param digest nonce_max_count 50
  
  	"nonce_strictness" on|off
  	Determines if squid requires strict increment-by-1 behaviour
  	for nonce counts, or just incrementing (off - for use when
  	useragents generate nonce counts that occasionally miss 1
! 	(ie, 1,2,4,6)).
! 	auth_param digest nonce_strictness off
  
  	"check_nonce_count" on|off
  	This directive if set to off can disable the nonce count check
  	completely to work around buggy digest qop implementations in
  	certain mainstream browser versions. Default on to check the
  	nonce count to protect from authentication replay attacks.
+ 	auth_param digest check_nonce_count on
  
  	"post_workaround" on|off
  	This is a workaround to certain buggy browsers who sends
  	an incorrect request digest in POST requests when reusing
  	the same nonce as aquired earlier on a GET request.
+ 	auth_param digest post_workaround off
  
  	=== NTLM scheme options follow ===
  
***************
*** 1386,1393 ****
  	and replies with the ntlm CHALLENGE, then waits for the
  	response and answers with "OK" or "ERR" in an endless loop.
  	If you use an ntlm authenticator, make sure you have 1 acl
! 	of type proxy_auth.  By default, the ntlm authenticator_program
! 	is not used.
  
  	auth_param ntlm program @DEFAULT_PREFIX@/bin/ntlm_auth
  
--- 1394,1401 ----
  	and replies with the ntlm CHALLENGE, then waits for the
  	response and answers with "OK" or "ERR" in an endless loop.
  	If you use an ntlm authenticator, make sure you have 1 acl
! 	of type proxy_auth.  By default, the ntlm authentication scheme
! 	is not used unless a program is specified.
  
  	auth_param ntlm program @DEFAULT_PREFIX@/bin/ntlm_auth
  
Index: squid/src/auth/basic/auth_basic.c
diff -c squid/src/auth/basic/auth_basic.c:1.14.2.3 squid/src/auth/basic/auth_basic.c:1.14.2.4
*** squid/src/auth/basic/auth_basic.c:1.14.2.3	Sun Aug 10 12:53:38 2003
--- squid/src/auth/basic/auth_basic.c	Thu Nov  6 07:54:20 2003
***************
*** 321,326 ****
--- 321,327 ----
  	scheme->scheme_data = xmalloc(sizeof(auth_basic_config));
  	memset(scheme->scheme_data, 0, sizeof(auth_basic_config));
  	basicConfig = scheme->scheme_data;
+ 	basicConfig->basicAuthRealm = xstrdup("Squid proxy-caching web server");
  	basicConfig->authenticateChildren = 5;
  	basicConfig->credentialsTTL = 2 * 60 * 60;	/* two hours */
      }
Index: squid/src/auth/digest/auth_digest.c
diff -c squid/src/auth/digest/auth_digest.c:1.10.2.9 squid/src/auth/digest/auth_digest.c:1.10.2.10
*** squid/src/auth/digest/auth_digest.c:1.10.2.9	Thu Nov  6 07:47:53 2003
--- squid/src/auth/digest/auth_digest.c	Thu Nov  6 07:54:21 2003
***************
*** 960,965 ****
--- 960,966 ----
  	memset(scheme->scheme_data, 0, sizeof(auth_digest_config));
  	digestConfig = scheme->scheme_data;
  	digestConfig->authenticateChildren = 5;
+ 	digestConfig->digestAuthRealm = xstrdup("Squid proxy-caching web server");
  	/* 5 minutes */
  	digestConfig->nonceGCInterval = 5 * 60;
  	/* 30 minutes */
***************
*** 970,975 ****
--- 971,977 ----
  	digestConfig->NonceStrictness = 0;
  	/* Verify nonce count */
  	digestConfig->CheckNonceCount = 1;
+ 	digestConfig->PostWorkaround = 0;
      }
      digestConfig = scheme->scheme_data;
      if (strcasecmp(param_str, "program") == 0) {