[isf-wifidog] Roadmap?
Jkx
Jkx at larsen-b.com
Mer 18 Mai 17:33:02 EDT 2005
On Wed, 18 May 2005 12:03:27 -0700
Jo Walsh <jo at frot.org> wrote:
> hello Mina, list; our 2 cents from quite new wifidog users:
>
> +1 on this; wifidog-auth-lite seemed like a good start; it was very
> easy to write a python clone of open mode to plug onto our userdb/
> portal server; i'd be happy to contrib to a standalone python auth
> server in future. NoCatAuth had pluggable modules for different
> sources of userdata (DBI,LDAP,PAM, etc...)
> this does seem like a good way forward.
In fact i've already started something like that. I don't have a tgz yet
since i doesn't have a lot of time right now. but this is my goal.
> my plan is for our auth server to interface with both. right now we
> perceive possible security issues in that your design can have https
> between gateway-running-wifidog and auth-server, but is sending
> plaintext between the client and the gateway.
And right now, you can't change that, because the gw isn't https aware.
> we've been patching wifidog client so that if gw_id is not set in
> wifidog.conf, then the client sends the MAC address as gw_id instead.
> making an ipkg... will keep pinging; will send a dodgy inkscape flow
> diagram of the putative splash/auth design if useful for protocol
> re-engineering...
This sound a good feature too me, but there is a drawback (which already
exist), somebody can place a face gateway by stealing the gw_id or mac..
no ?
Thanks ..
Plus d'informations sur la liste de diffusion WiFiDog