auth server: debian packaging, timeouts, kicking users, captcha
alex at list.priv.at
Mar 16 Mai 12:42:40 EDT 2006
Some feedback, lots of questions ;-)
First of all, thanks for this wonderful thing :-).
I'm new to wifidog. I checked out the sources from SVN, and installation
the auth server on Debian was err.., rather painful for the uneducated
:-) but not being a Linux newbie I worked it out. The install.php could
be improved or replaced by something like debconf. I prefer to use
Debian packages if possible.
I spent some time figuring that I could enter passwords for "admin" in
the install.php that wouldn't be accepted by the login page later on
(too short, invalid characters). OK, found how to delete users from the
database with pgppgadmin...
The path to Smarty (lib/smarty/...) is hardcoded in several locations. I
use the stock Debian version of Smarty, so maybe there should be a
mechanism to check if a sufficient version is installed and use that one...
I might help out creating a decent auth server Debian package with your
help - the documentation just doesn't give me enough inormation at this
But that's a separate project, at the moment I have more urgent needs:
This is my setup:
Several "dumb" APs bridged to my Linux box' eth1, DHCP server serving
RFC1918 addresses to eth1, wifidog and auth gateway on the same box.
That is, no wifidog app on the APs because the firmware cant' be changed
and they're only Layer2 anyway...
I've got the auth server up and running, added my gateway box as the
only node to the system, sending e-mail with the activation link and
activation works like a charm.
Unidentified users are redirected to the login page, and are allowed
outside access as soon as they're validated and logged in.
Now my questions:
How do I kick a user, that is not disable her account but disconnect an
online user? Restarting the wifidog daemon wouldn't help, the user is
left in the database and won't go away. Is there a more elegant way than
deleting the record directly from the database?
I would like to limit session time to 60 minutes and force the user to
reauthenticate after that period. How would I go about this most elegantly?
Eventually, I'd like to add a "captcha" like Turing test to the login
page to prevent scripts from logging in :-) - how would I integrate that?
Thanks in advance for any hints!
More information about the WiFiDog