[squid-users] 2FA with Google Authenticator and squid login
Amos Jeffries
squid3 at treenet.co.nz
Mon Feb 3 05:10:02 UTC 2025
On 3/02/25 00:43, NgTech LTD wrote:
> What would make a 2fa in squid case?
>
When receiving a new login attempt the authentication (auth_param)
helper should initiate whatever side-channel token delivery is needed.
Then return "ERR" to Squid as usual.
Replace the login challenge error message with a login page to receive
that token and deliver it to a server that marks the client as logged
in. (Both ERR_ACCESS_DENIED and ERR_CACHE_ACCESS_DENIED. Either new
templates or a deny_info 401/407 - I'm not sure which will work best)
Somewhat like how the SQL_session helper works in "active mode" session,
but through the auth_param helpers instead of external ACL sessions.
HTH
Amos
> Thanks,
> Eliezer
>
> בתאריך יום א׳, 2 בפבר׳ 2025, 13:22, מאת Amos Jeffries
> <squid3 at treenet.co.nz <mailto:squid3 at treenet.co.nz>>:
>
> On 2/02/25 07:43, ngtech1ltd wrote:
> > Hey,
> >
> > I was wondering if anyone have implemented any 2FA with squid.
> >
> > IE a simple forward proxy that implements an external ACL helper
> that
>
> Ah, that would not be "authentication".
>
>
> 2FA is done through Squid auth_param and authentication helpers same as
> "normal" (1FA) authentication. It is just a slightly different bunch of
> steps the auth system performs in the background outside of Squid.
>
>
> Cheers
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-
> cache.org>
> https://lists.squid-cache.org/listinfo/squid-users <https://
> lists.squid-cache.org/listinfo/squid-users>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list