Thanks a lot Henrik. My Squid 2.6 stable 4 is working fine now with SSL both ends and with 2 factor authentication. I am at the last stop now where i need all the users who type "http://www.test.com"; to automatically directed to "https://www.test.com"; i tried quite a few things with http_port directive but couldnt get it working. Do i have to use SQUIRM or is there any other directive i have to use. Sameer Joshi -----Original Message----- From: "Henrik Nordstrom" <henrik@xxxxxxxxxxxxxxxxxxx> Sent: Wed, December 6, 2006 3:42 am To: sameer.joshi@xxxxxxxxxxxx Cc: squid-users@xxxxxxxxxxxxxxx Subject: Re: Need Help in authentication lör 2006-12-02 klockan 11:37 +0530 skrev Sameer Joshi: > 2. Now my company wants me to have 2 factor authentication (RSA tokens) on > revese proxy. I just need to know how does this work and if there are any > working squid.conf configurations for the same token based authentication is always a little tricky in HTTP as there is no session as such to connect the authentication to, authentication is done per request. The easiest approach is to use Basic authentication and request that the user enters Login: his user name Password: the generated token followed by his personal password then set a long ttl for basic authentication. When the ttl expires OR the user restarts his browser the proxy will query for a new token. password verification is done by a simple helper program accepting the above input on stdin and returnong OK/ERR results on stdout. See auth_param basic program description in squid.conf. Problem: This can not be combined with web servers in turn using another set of HTTP authentication as there is only room for a single set of login credentials in the HTTP protocol. Other solutions is also possible using cookie servers etc. Regards Henrik Sameer Joshi Paladion Networks, India Phone: 91-22-55910513 Fax: 91-22-55913580 Mobile:91-98191-86001 http://www.paladion.net Disclaimer: "This e-mail message may contain confidential or proprietary information. Do not use it if you are not the original intended recipient. As e-mail may be altered electronically, Paladion Networks cannot guarantee the integrity of this communication. Before opening any attachments please recheck them for viruses and defects"
