[isf-wifidog] Implementing MAC address based blacklist.
Benoit Grégoire
bock at step.polymtl.ca
Mar 4 Déc 14:14:51 EST 2007
On 3 December 2007, Chris Rowson wrote:
> There isn't a function built in that allows this. I believe it's on
> the roadmap though?
It is, but as usual, it requires developers willing to code it. This one is
very simple however, ass everything needed in the gateway is already there.
The changes needed for basic functionnality in the auth server are:
-Add a network_had_blacklist and blacklist table in the db. The latter would
(for now) only have a guuid and a MAC adress field.
-Add a UI for it. This implied writing a very simple "Blacklist" object that
inherits from generic object, and hooking it in from Network::getAdminUI()
and Network::processAdminUI()
-Actually use the blacklist during login attempt (at the token creation stage.
This should be authenticator independent.
-Optionally, also prevent creating an account from that computer. This MUST
somehow be done within the AuthenticatorLocalUser code even if additional
hooks have to be written), not in the general auth or signup code.
The above should be fairly simple, and fairly future proof (in the future
there will be much more complicated use case than static, persistent MAC
based blacklists).
Plus d'informations sur la liste de diffusion WiFiDog