[wd-isf] Captive DNS, and auth server bypass
Philippe April
isf_lists at philippeapril.com
Sun Feb 6 19:53:01 EST 2005
>> I think that alone is worth the extra effort. It also opens the door
>> for many "neato" fake servers built-into wifidog, such as pop3 server
>> that delivers a message "Please use a web browser first to log in at
>> http://foo.bar", etc...
>
> Well, the issue with that one is that we'd then have to deal
> with forcing the client to send username and passwords in clear text to
> the gateway...
I imagine this was just a possibility, it's not something I'd like to
put in (for the reason alex states and the fact that... we're doing
enough already :P) Too invasive.
>> The ideal solution is to, of course, have multiple
>> geographically-redundant auth servers so we'd never need this, but
>> reality (as we've seen this morning) is not the case. And even if it
>> is
>> the case for ISF, it may not be the case for all wifidog adopters.
>
> Heh. There ain't no such thing as 100% geographically-redundant
> always up system, I know that for a fact *EG*. I prefer fail open
> systems for most things. We're not guarding a bank vault here.
If we have 2 sites up, even just in montreal, I don't think the
possibility that both sites go down is very high. Even if they both go
down for let's say... 10 more months, well I don't mind I'll log in
everywhere and shutdown wifidog :)
We should still implement this, but like I said I wouldn't put too much
effort into it right now.
Philippe April
-------------- next part --------------
_______________________________________________
wifidog mailing list
wifidog at listes.ilesansfil.org
http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog-listes.ilesansfil.org
More information about the Wifidog
mailing list