[isf-wifidog] immediate user disconnect feature

acv acv at miniguru.ca
Lun 21 Avr 10:17:50 EDT 2008


	The original specification for the token was a pseudo-random
number. It gets transfered once (during the login process) in the clear
between the client and the gateway.

	You're probably aware that the connections between the auth
server and the gateway are always gateway initiated so "immediate"
would translate to "immediately after next command to the auth server".

Alex

On Mon, Apr 21, 2008 at 04:07:14PM +0200, Wichert Akkerman wrote:
> Date: Mon, 21 Apr 2008 16:07:14 +0200
> From: Wichert Akkerman <wichert at wiggy.net>
> To: wifidog at listes.ilesansfil.org
> Mail-Followup-To: wifidog at listes.ilesansfil.org
> Subject: [isf-wifidog] immediate user disconnect feature
> 
> I'm looking at implementing an immediate disconnect feature in the
> gateway. The basic flow I'm using is:
> 
> - auth server sends a disconnect command to the gateway, specifying
>   enough information to find the client and authenticate the request
> - gateway removes client from the client list
> - gateway sends counters to auth server
> - gateway sends logout to auth server
> 
> The last try could share code with the wdctl reset feature and the
> manual logout option. It could even replace logout feature as it
> currently exists.
> 
> My current code uses /wifidog/disconnect as entry point for the callback
> and require the auth server to send both the mac and token. This means
> that the token has to be secure to prevent abuse. Specifically: if you
> know someones ip address and mac address you must not be able to
> calculate the token. I have no idea if that is true for the standard
> auth server.
> 
> Wichert.
> 
> -- 
> Wichert Akkerman <wichert at wiggy.net>    It is simple to make things.
> http://www.wiggy.net/                   It is hard to make things simple.
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
-------------- section suivante --------------
Une pièce jointe non texte a été nettoyée...
Nom: non disponible
Type: application/pgp-signature
Taille: 187 octets
Desc: non disponible
Url: http://listes.ilesansfil.org/pipermail/wifidog/attachments/20080421/6abc06f8/attachment.pgp 


Plus d'informations sur la liste de diffusion WiFiDog