[Wifidog] Version 1.0

Alexandre Carmel-Veilleux saruman at northernhacking.org
Thu Apr 22 09:27:04 EDT 2004


On Thu, Apr 22, 2004 at 08:23:51AM -0400, Philippe April wrote:
> 
>   * this is all done by the authentication server. From now on, the
>     authentication server will only say "yay" or "nay", and an optional
>     error message. When the token gets re-validated every 5 minutes by
>     WiFiDog (asking the auth server), for a "validation_required" status
>     the auth server will change the status after 15 minutes if no
>     confirmation has been done.

	I would rather this be an UserClass that the GATEWAY will expire
after 15 minutes and the Auth Server will not allow to login twice.

	It's my belief that the Gateway should take care of deciding when
a connection ends.

>   * If he has not confirmed, his account his locked out and he STILL needs
>     to confirm out of the hotspot or contact us if he wants access. Cleanup
>     will be done after a month days.

	Good.

> So in general, it's the authentication server that makes the decisions
> of yes or no. Eventually, he will push the entire profile of the user
> (ACLs, traffic shaping rules, etc.)

	I think Gateway makes decisions on Existing connections. The Auth
Server does not decide when a connection ends.

> I think the entire code for userclasses is not needed anymore and I will
> remove it from CVS, but keep a diff of it in case I was wrong and we need
> it, but as talked with Daniel Drouet and Benoit, I believe the goal is to
> have hotspot owners customize what they want on the AUTH server and not on
> the router, so no custom configuration on the router.

	That will also break the UserRights stuff which is in userclasses.c.

	Not a major thing if you're rewriting the whole connection validation
block, but it will require changes to t_node.

	As an asside, I disagree with the wholesale turning over of all the
validation tasks to the Auth Server. The Gateway should take care of
expiring things in my mind. The AuthServer might well tell it how, but I
don't think it should do it.

	Sorry for missing the meeting, I've had unplanned stuff come up
with my new job.

Alex

-------------- next part --------------
_______________________________________________
Wifidog mailing list
Wifidog at isf.waglo.com
http://isf.waglo.com/mailman/listinfo/wifidog_isf.waglo.com


More information about the Wifidog mailing list