Django & Two Factor Authentication (2FA)
I am writing to ask whether it is possible to configure "django.contrib.auth" so that it can implement Two Factor Authentication to step up login security. The idea is that instead authenticating against just "username" and "password" one could add another field say "passcode" which would receive a dynamic token or PIN for additional security. I have tried to extend "User" by subclassing, while noting that there a couple of objections to this approach. I'm not a fan of monkey- patching and I am not quite sure adding fields using the documented 'ForeignKey' extension strategy will do the trick. In any case, when I try to login as admin after all the grunt work of subclassing, Python spits out all sorts of exceptions including the nefarious *None Type* -- 'None Type' object has no attribute 'DoesNotExist'. Finally, assuming we can effectively implement 2 Factor Authentication, how would we ensure that the admin adapts to 2FA i.e. that its login form contains an additional "passcode" field for user token/PIN input and verification. I am new to Django, but not to Python so any assistance in this matter will be highly appreciated. Hacking this is like trying to resolve a rubix cube with one hand. So help me out here if you can. Patrick -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
Re: Django & Two Factor Authentication (2FA)
Hi Jacob, I actually wrote to Adrian and he advised me to post the question on 2FA here. So I did. Anyhow, I suppose your right. I'll take this question to Django-users see if I can get answers there. Thanks again for the quick reply and pointers. Patrick On Mar 23, 4:35 pm, Jacob Kaplan-Moss wrote: > Hi Patrick -- > > Look, I don't mean to be a jerk, but again this really should be > posted to django-users. Any question that begins "how can I..." or > "can Django..." isn't on-topic for this group. All of your questions > are on-topic for django-users and would probably get answers or at > least some pointers. Asking here isn't going to get you any answers > beyond what you've already gotten. > > If there's some deep bug in Django that somehow completely prevents > 2FA from happening, discussing *that* would be on topic, but unless > you hit that point — and I don't think you will — you'll really find > more complete help over at django-users. > > Thanks, > > Jacob -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
