[isf-wifidog] auth server: debian packaging, timeouts,
kicking users, captcha
ian.white at datamile-computers.com
Mar 16 Mai 15:09:41 EDT 2006
Not sure how this would be offically but users and connections are different
tables if you are using the postgresql version.
Users holds the user name , password etc.
connection holds a user auth connection, with a field called token_status
which details the state of the connection.
The basic model is
1) User redirected to server login http://server/login/index.php
2) user enters name/password
3) If valid, a connection record is setup with token_status of TOKEN_USED is
4) Server send message to message to wifidog http with TOKEN value
5) wifibox calls http://server/auth/index.php?stage=login ....
6) Token is validated as correct and user is allowed on
To set this in action , use wifidog in debug mode wifidog -f -d 7 , and you
will set the messaging.
Now once the connection is in place, the wifidog will call the server with
traffic counter updates for each of its connections
Now the quick why to log someone out is to change the token_status for the
connection in question, and add a small piece of code to auth/index.php to
support changing the return message to the logout on, when the new status is
----- Original Message -----
From: "Alexander List" <alex at list.priv.at>
To: <wifidog at listes.ilesansfil.org>
Sent: Tuesday, May 16, 2006 5:42 PM
Subject: [isf-wifidog] auth server: debian packaging, timeouts, kicking
> Hello folks,
> Some feedback, lots of questions ;-)
> First of all, thanks for this wonderful thing :-).
> I'm new to wifidog. I checked out the sources from SVN, and installation
> the auth server on Debian was err.., rather painful for the uneducated
> :-) but not being a Linux newbie I worked it out. The install.php could
> be improved or replaced by something like debconf. I prefer to use
> Debian packages if possible.
> I spent some time figuring that I could enter passwords for "admin" in
> the install.php that wouldn't be accepted by the login page later on
> (too short, invalid characters). OK, found how to delete users from the
> database with pgppgadmin...
> The path to Smarty (lib/smarty/...) is hardcoded in several locations. I
> use the stock Debian version of Smarty, so maybe there should be a
> mechanism to check if a sufficient version is installed and use that
> I might help out creating a decent auth server Debian package with your
> help - the documentation just doesn't give me enough inormation at this
> But that's a separate project, at the moment I have more urgent needs:
> This is my setup:
> Several "dumb" APs bridged to my Linux box' eth1, DHCP server serving
> RFC1918 addresses to eth1, wifidog and auth gateway on the same box.
> That is, no wifidog app on the APs because the firmware cant' be changed
> and they're only Layer2 anyway...
> I've got the auth server up and running, added my gateway box as the
> only node to the system, sending e-mail with the activation link and
> activation works like a charm.
> Unidentified users are redirected to the login page, and are allowed
> outside access as soon as they're validated and logged in.
> Now my questions:
> How do I kick a user, that is not disable her account but disconnect an
> online user? Restarting the wifidog daemon wouldn't help, the user is
> left in the database and won't go away. Is there a more elegant way than
> deleting the record directly from the database?
> I would like to limit session time to 60 minutes and force the user to
> reauthenticate after that period. How would I go about this most
> Eventually, I'd like to add a "captcha" like Turing test to the login
> page to prevent scripts from logging in :-) - how would I integrate that?
> Thanks in advance for any hints!
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
More information about the WiFiDog