Hi Jacob, Thanks for the quick response. I appreciate the resources you pointed me to and I will study them.
The reason I requested for help from Django-dev is because Two Factor Authentication is a really a process. I mean, the user typically will have to receive a token by some means whether via sms (mobile) or some other device from the web app server. that token would have to be compatible with a encrypted token on the server which will be used to authenticate the user. Both tokens expire at some point after the transaction (or if unused, at some definite time say 2 hours after issue), hence they are generated dynamically for each login and specific to a user. I read that Drupal had some facility for two factor auth that was either built-in or auxiliary (plug-in). I was wondering whether the same can be achieved within the Django framework. I am not a Drupal pro, but I think what is attainable with that framework Django can certainly pull off. The question is how? Is the auth so tightly coupled to the standard User model that it cannot be extended to accommodate an additional authentication factor? Is admin reconfigurable so that all admins have the benefit of two factor auth? What about the modifying the login form to accommodate two factor auth? Should I set up two authentication procedures one for regular auth and another for the additional value (being a PIN/token) that is dynamically sent to the user by some secure means? That's what I am trying to resolve. Again, I may be barking up the wrong tree, but its a tree nonetheless and trees hide squirrels and squirrels hide nuts and nuts hide trees, and trees are good for everybody. right? Patrick On Wed, Mar 23, 2011 at 2:02 PM, Jacob Kaplan-Moss <ja...@jacobian.org>wrote: > Hey Patrick -- > > On Wed, Mar 23, 2011 at 11:42 AM, pokecho <poke...@gmail.com> wrote: > > I am writing to ask whether it is possible to configure > > "django.contrib.auth" so that it can implement Two Factor > > Authentication to step up login security. > > This question's more appropriate for django-users, which is where > usage questions should get directed. Django-dev is for discussion of > improving Django itself. > > But take a look at the docs on custom authentication backends: > > http://docs.djangoproject.com/en/dev/topics/auth/#other-authentication-sources > . > That's the key: you should be able to do what you want without > monkeypatching or subclasing User or anything gross like that. > > Jacob > > -- > You received this message because you are subscribed to the Google Groups > "Django developers" group. > To post to this group, send email to django-developers@googlegroups.com. > To unsubscribe from this group, send email to > django-developers+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-developers?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
