[isf-wifidog] auth server: debian packaging, timeouts, kicking users, captcha

Ian White ian.white at datamile-computers.com
Mar 16 Mai 15:09:41 EDT 2006


Alex,

Not sure how this would be offically but users and connections are different 
tables if you are using the postgresql version.

Users holds the user name , password etc.

connection holds a user auth connection, with a field called token_status 
which details the state of the connection.

The basic model is

Inital connection

http://dev.wifidog.org/wiki/doc/developer/FlowDiagram

1) User redirected to server login http://server/login/index.php
2) user enters name/password
3) If valid, a connection record is setup with token_status of TOKEN_USED is 
created
4) Server send message to message to wifidog http with TOKEN value
5) wifibox calls http://server/auth/index.php?stage=login ....
6) Token is validated as correct and user is allowed on

To set this in action , use wifidog in debug mode wifidog -f -d 7 , and you 
will set the messaging.

Now once the connection is in place, the wifidog will call the server with 
traffic counter updates for each of its connections

 http://server/auth/index.php?stage=counters

Now the quick why to log someone out is to change the token_status for the 
connection in question, and add a small piece of code to auth/index.php to 
support changing the return message to the logout on, when the new status is 
seen.

Regards

Ian

----- Original Message ----- 
From: "Alexander List" <alex at list.priv.at>
To: <wifidog at listes.ilesansfil.org>
Sent: Tuesday, May 16, 2006 5:42 PM
Subject: [isf-wifidog] auth server: debian packaging, timeouts, kicking 
users, captcha


> Hello folks,
>
> Some feedback, lots of questions ;-)
>
> First of all, thanks for this wonderful thing :-).
>
> I'm new to wifidog. I checked out the sources from SVN, and installation
> the auth server on Debian was err.., rather painful for the uneducated
> :-) but not being a Linux newbie I worked it out. The install.php could
> be improved or replaced by something like debconf. I prefer to use
> Debian packages if possible.
>
> I spent some time figuring that I could enter passwords for "admin" in
> the install.php that wouldn't be accepted by the login page later on
> (too short, invalid characters). OK, found how to delete users from the
> database with pgppgadmin...
>
> The path to Smarty (lib/smarty/...) is hardcoded in several locations. I
> use the stock Debian version of Smarty, so maybe there should be a
> mechanism to check if a sufficient version is installed and use that 
> one...
>
> I might help out creating a decent auth server Debian package with your
> help - the documentation just doesn't give me enough inormation at this
> point...
>
> But that's a separate project, at the moment I have more urgent needs:
>
> This is my setup:
>
> Several "dumb" APs bridged to my Linux box' eth1, DHCP server serving
> RFC1918 addresses to eth1, wifidog and auth gateway on the same box.
> That is, no wifidog app on the APs because the firmware cant' be changed
> and they're only Layer2 anyway...
>
> I've got the auth server up and running, added my gateway box as the
> only node to the system, sending e-mail with the activation link and
> activation works like a charm.
>
> Unidentified users are redirected to the login page, and are allowed
> outside access as soon as they're validated and logged in.
>
> Now my questions:
>
> How do I kick a user, that is not disable her account but disconnect an
> online user? Restarting the wifidog daemon wouldn't help, the user is
> left in the database and won't go away. Is there a more elegant way than
> deleting the record directly from the database?
>
> I would like to limit session time to 60 minutes and force the user to
> reauthenticate after that period. How would I go about this most 
> elegantly?
>
> Eventually, I'd like to add a "captcha" like Turing test to the login
> page to prevent scripts from logging in :-) - how would I integrate that?
>
> Thanks in advance for any hints!
>
> Alex
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
>
> 



More information about the WiFiDog mailing list