Re: [squid-users] Need Help in authentication

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Tue, 05 Dec 2006 23:12:03 +0100

lör 2006-12-02 klockan 11:37 +0530 skrev Sameer Joshi:

> 2. Now my company wants me to have 2 factor authentication (RSA tokens) on
> revese proxy. I just need to know how does this work and if there are any
> working squid.conf configurations for the same

token based authentication is always a little tricky in HTTP as there is
no session as such to connect the authentication to, authentication is
done per request.

The easiest approach is to use Basic authentication and request that the
user enters

Login: his user name

Password: the generated token followed by his personal password

then set a long ttl for basic authentication. When the ttl expires OR
the user restarts his browser the proxy will query for a new token.

password verification is done by a simple helper program accepting the
above input on stdin and returnong OK/ERR results on stdout. See
auth_param basic program description in squid.conf.

Problem: This can not be combined with web servers in turn using another
set of HTTP authentication as there is only room for a single set of
login credentials in the HTTP protocol.

Other solutions is also possible using cookie servers etc.

Regards
Henrik

Received on Tue Dec 05 2006 - 15:12:10 MST

This archive was generated by hypermail pre-2.1.9 : Mon Jan 01 2007 - 12:00:01 MST