lör 2006-12-02 klockan 11:37 +0530 skrev Sameer Joshi:
> 2. Now my company wants me to have 2 factor authentication (RSA tokens) on
> revese proxy. I just need to know how does this work and if there are any
> working squid.conf configurations for the same
token based authentication is always a little tricky in HTTP as there is
no session as such to connect the authentication to, authentication is
done per request.
The easiest approach is to use Basic authentication and request that the
user enters
Login: his user name
Password: the generated token followed by his personal password
then set a long ttl for basic authentication. When the ttl expires OR
the user restarts his browser the proxy will query for a new token.
password verification is done by a simple helper program accepting the
above input on stdin and returnong OK/ERR results on stdout. See
auth_param basic program description in squid.conf.
Problem: This can not be combined with web servers in turn using another
set of HTTP authentication as there is only room for a single set of
login credentials in the HTTP protocol.
Other solutions is also possible using cookie servers etc.
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Mon Jan 01 2007 - 12:00:01 MST