[isf-wifidog] immediate user disconnect feature
benoitg at coeus.ca
Lun 21 Avr 13:39:30 EDT 2008
On 21 April 2008, Wichert Akkerman wrote:
> I'm looking at implementing an immediate disconnect feature in the
> gateway. The basic flow I'm using is:
> - auth server sends a disconnect command to the gateway, specifying
> enough information to find the client and authenticate the request
> - gateway removes client from the client list
> - gateway sends counters to auth server
> - gateway sends logout to auth server
That's exactly what will happen (but not in that order) if the auth server
replies with a DENY to a counter update.
Note that it is always assumed that the auth server cannot reach the gateway
directly, that is a fundamental feature of wifidog and it's protocol.
> The last try could share code with the wdctl reset feature and the
> manual logout option. It could even replace logout feature as it
> currently exists.
> My current code uses /wifidog/disconnect as entry point for the callback
> and require the auth server to send both the mac and token. This means
> that the token has to be secure to prevent abuse. Specifically: if you
> know someones ip address and mac address you must not be able to
> calculate the token. I have no idea if that is true for the standard
> auth server.
It is, and that feature already exists. See
http://dev.wifidog.org/wiki/doc/developer/WiFiDogProtocol_V1, bottom of the
Technologies Coeus inc.
Plus d'informations sur la liste de diffusion WiFiDog