lör 2006-12-02 klockan 11:37 +0530 skrev Sameer Joshi: > 2. Now my company wants me to have 2 factor authentication (RSA tokens) on > revese proxy. I just need to know how does this work and if there are any > working squid.conf configurations for the same token based authentication is always a little tricky in HTTP as there is no session as such to connect the authentication to, authentication is done per request. The easiest approach is to use Basic authentication and request that the user enters Login: his user name Password: the generated token followed by his personal password then set a long ttl for basic authentication. When the ttl expires OR the user restarts his browser the proxy will query for a new token. password verification is done by a simple helper program accepting the above input on stdin and returnong OK/ERR results on stdout. See auth_param basic program description in squid.conf. Problem: This can not be combined with web servers in turn using another set of HTTP authentication as there is only room for a single set of login credentials in the HTTP protocol. Other solutions is also possible using cookie servers etc. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
