Authentication scheme based on digested password, specific to each
application protocol, is enabled with "AUTHORIZER=-dgauth".
This kind of authentication scheme,
at least APOP proxy or HTTP Digest/Basic gateway does,
requires the original cleartext of password.
A simple way to do so is giving directly a list of pairs of username
and password as
-dgauth{user1:pass1,user2:pass2,...}.
Another way is storing passwords by DeleGate with
"-Fauth -a username:password -dgauth".
Since passwords for -dgauth is stored in encrypted form, a keyword is
required for the encryption.
Specify the keyword as CRYPT=pass:keyword
or answer it interactively afterwards.
Otherwise, DGAuth can be delegated to a remote
DGAuth server.
DGAuth generates a session identifier which is retained identically
during the session started by an authentication,
then passed to CFI/CGI programs in environment variable "X_DIGEST_SESSION"
and can be logged into PROTOLOG.
Example:
// a HTTP proxy or server with the Digest authentication with clients. SERVER=http AUTHORIZER=-dgauth
// a POP proxy which uses APOP authentication with clients. SERVER=pop MOUNT="* pop://server/*" AUTHORIZER=-dgauth