On 3/02/25 00:43, NgTech LTD wrote:
What would make a 2fa in squid case?
When receiving a new login attempt the authentication (auth_param)
helper should initiate whatever side-channel token delivery is needed.
Then return "ERR" to Squid as usual.
Replace the login challenge error message with a login page to receive
that token and deliver it to a server that marks the client as logged
in. (Both ERR_ACCESS_DENIED and ERR_CACHE_ACCESS_DENIED. Either new
templates or a deny_info 401/407 - I'm not sure which will work best)
Somewhat like how the SQL_session helper works in "active mode" session,
but through the auth_param helpers instead of external ACL sessions.
HTH
Amos
Thanks,
Eliezer
בתאריך יום א׳, 2 בפבר׳ 2025, 13:22, מאת Amos Jeffries
<squid3@xxxxxxxxxxxxx <mailto:squid3@xxxxxxxxxxxxx>>:
On 2/02/25 07:43, ngtech1ltd wrote:
> Hey,
>
> I was wondering if anyone have implemented any 2FA with squid.
>
> IE a simple forward proxy that implements an external ACL helper
that
Ah, that would not be "authentication".
2FA is done through Squid auth_param and authentication helpers same as
"normal" (1FA) authentication. It is just a slightly different bunch of
steps the auth system performs in the background outside of Squid.
Cheers
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx <mailto:squid-users@lists.squid-
cache.org>
https://lists.squid-cache.org/listinfo/squid-users <https://
lists.squid-cache.org/listinfo/squid-users>
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
