[isf-wifidog] auth server: debian packaging, timeouts,
kicking users, captcha
Ian White
ian.white at datamile-computers.com
Mar 16 Mai 15:09:41 EDT 2006
Alex,
Not sure how this would be offically but users and connections are different
tables if you are using the postgresql version.
Users holds the user name , password etc.
connection holds a user auth connection, with a field called token_status
which details the state of the connection.
The basic model is
Inital connection
http://dev.wifidog.org/wiki/doc/developer/FlowDiagram
1) User redirected to server login http://server/login/index.php
2) user enters name/password
3) If valid, a connection record is setup with token_status of TOKEN_USED is
created
4) Server send message to message to wifidog http with TOKEN value
5) wifibox calls http://server/auth/index.php?stage=login ....
6) Token is validated as correct and user is allowed on
To set this in action , use wifidog in debug mode wifidog -f -d 7 , and you
will set the messaging.
Now once the connection is in place, the wifidog will call the server with
traffic counter updates for each of its connections
http://server/auth/index.php?stage=counters
Now the quick why to log someone out is to change the token_status for the
connection in question, and add a small piece of code to auth/index.php to
support changing the return message to the logout on, when the new status is
seen.
Regards
Ian
----- Original Message -----
From: "Alexander List" <alex at list.priv.at>
To: <wifidog at listes.ilesansfil.org>
Sent: Tuesday, May 16, 2006 5:42 PM
Subject: [isf-wifidog] auth server: debian packaging, timeouts, kicking
users, captcha
> Hello folks,
>
> Some feedback, lots of questions ;-)
>
> First of all, thanks for this wonderful thing :-).
>
> I'm new to wifidog. I checked out the sources from SVN, and installation
> the auth server on Debian was err.., rather painful for the uneducated
> :-) but not being a Linux newbie I worked it out. The install.php could
> be improved or replaced by something like debconf. I prefer to use
> Debian packages if possible.
>
> I spent some time figuring that I could enter passwords for "admin" in
> the install.php that wouldn't be accepted by the login page later on
> (too short, invalid characters). OK, found how to delete users from the
> database with pgppgadmin...
>
> The path to Smarty (lib/smarty/...) is hardcoded in several locations. I
> use the stock Debian version of Smarty, so maybe there should be a
> mechanism to check if a sufficient version is installed and use that
> one...
>
> I might help out creating a decent auth server Debian package with your
> help - the documentation just doesn't give me enough inormation at this
> point...
>
> But that's a separate project, at the moment I have more urgent needs:
>
> This is my setup:
>
> Several "dumb" APs bridged to my Linux box' eth1, DHCP server serving
> RFC1918 addresses to eth1, wifidog and auth gateway on the same box.
> That is, no wifidog app on the APs because the firmware cant' be changed
> and they're only Layer2 anyway...
>
> I've got the auth server up and running, added my gateway box as the
> only node to the system, sending e-mail with the activation link and
> activation works like a charm.
>
> Unidentified users are redirected to the login page, and are allowed
> outside access as soon as they're validated and logged in.
>
> Now my questions:
>
> How do I kick a user, that is not disable her account but disconnect an
> online user? Restarting the wifidog daemon wouldn't help, the user is
> left in the database and won't go away. Is there a more elegant way than
> deleting the record directly from the database?
>
> I would like to limit session time to 60 minutes and force the user to
> reauthenticate after that period. How would I go about this most
> elegantly?
>
> Eventually, I'd like to add a "captcha" like Turing test to the login
> page to prevent scripts from logging in :-) - how would I integrate that?
>
> Thanks in advance for any hints!
>
> Alex
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
>
>
More information about the WiFiDog
mailing list