[isf-wifidog] Roadmap?
Jo Walsh
jo at frot.org
Mer 18 Mai 15:03:27 EDT 2005
hello Mina, list; our 2 cents from quite new wifidog users:
On Wed, May 18, 2005 at 09:49:16AM -0400, Mina Naguib wrote:
> 3. Along with the above, we should release a very light
> proof-of-concept auth server that demonstrates the use of the protocol
> from the server perspective (maybe in a couple of different
> languages/CGI frameworks if we're nice). We should release it with a
> pluggable modules architecture and maybe a couple of simple
> modules.
+1 on this; wifidog-auth-lite seemed like a good start; it was very
easy to write a python clone of open mode to plug onto our userdb/
portal server; i'd be happy to contrib to a standalone python auth
server in future. NoCatAuth had pluggable modules for different
sources of userdata (DBI,LDAP,PAM, etc...)
this does seem like a good way forward.
having the token exchange / URI protocol exchange documented would rock.
I've been talking with Schuyler about his plans to implement auth in
NoCatSplash based on the NoCatAuth design but using the TEA encryption
algorithm rather than GnuPG (12 lines of C!). This won't happen *very*
soon, so i am working with the wifidog client now.
my plan is for our auth server to interface with both. right now we
perceive possible security issues in that your design can have https
between gateway-running-wifidog and auth-server, but is sending
plaintext between the client and the gateway.
This is what i inferred from looking at auth-lite, please correct me
if this assumption is wrong! I don't mind this much anyway;
a login password to a few syndicating web services
is information i'm happy to scatter around the ether. I imagine that a
user base looking at you/Splash, with more transaction oriented use
cases in mind, might care rather more.
we've been patching wifidog client so that if gw_id is not set in
wifidog.conf, then the client sends the MAC address as gw_id instead.
making an ipkg... will keep pinging; will send a dodgy inkscape flow
diagram of the putative splash/auth design if useful for protocol
re-engineering...
-jo
Plus d'informations sur la liste de diffusion WiFiDog