Thanks a lot Henrik. My Squid 2.6 stable 4 is working fine now with SSL
both ends and with 2 factor authentication.
I am at the last stop now where i need all the users who type
"http://www.test.com" to automatically directed to "https://www.test.com"
i tried quite a few things with http_port directive but couldnt get it
working. Do i have to use SQUIRM or is there any other directive i have to
use.
Sameer Joshi
-----Original Message-----
From: "Henrik Nordstrom" <henrik@henriknordstrom.net>
Sent: Wed, December 6, 2006 3:42 am
To: sameer.joshi@paladion.net
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Need Help in authentication
lör 2006-12-02 klockan 11:37 +0530 skrev Sameer Joshi:
> 2. Now my company wants me to have 2 factor authentication (RSA tokens) on
> revese proxy. I just need to know how does this work and if there are any
> working squid.conf configurations for the same
token based authentication is always a little tricky in HTTP as there is
no session as such to connect the authentication to, authentication is
done per request.
The easiest approach is to use Basic authentication and request that the
user enters
Login: his user name
Password: the generated token followed by his personal password
then set a long ttl for basic authentication. When the ttl expires OR
the user restarts his browser the proxy will query for a new token.
password verification is done by a simple helper program accepting the
above input on stdin and returnong OK/ERR results on stdout. See
auth_param basic program description in squid.conf.
Problem: This can not be combined with web servers in turn using another
set of HTTP authentication as there is only room for a single set of
login credentials in the HTTP protocol.
Other solutions is also possible using cookie servers etc.
Regards
Henrik
Sameer Joshi
Paladion Networks, India
Phone: 91-22-55910513
Fax: 91-22-55913580
Mobile:91-98191-86001
Disclaimer:
"This e-mail message may contain confidential or proprietary information.
Do not use it if you are not the original intended recipient. As e-mail
may be altered electronically, Paladion Networks cannot guarantee the
integrity of this communication. Before opening any attachments please
recheck them for viruses and defects"
Received on Fri Dec 08 2006 - 06:37:50 MST
This archive was generated by hypermail pre-2.1.9 : Mon Jan 01 2007 - 12:00:01 MST