I've played with NoCat, but it requires you to set up your own
AuthService on a separate box if you want to have tight control over
your hotspot users. That also means there has to be connectivity from
the AP back to the auth box, and if that were somehow broken nobody
could login. My users are more or less stationary and always connected,
so I think something like NoCat would be cumbersome to them. It does
offer the ease of centralized user management, but I just don't think
it's right for me.
From: Mitch (WebCob) [mailto:mitch at webcob dot com]
Sent: Saturday, December 06, 2003 2:48 PM
To: Magne Andreassen; 'John Voigt'; m0n0wall at lists dot m0n0 dot ch
Cc: fred at daytonawan dot com
Subject: RE: [m0n0wall] FW: MAC filtering on wireless interfaces
Hey Magne - I agree with you in pricipal - but there are different
realities - one like Fred seems to be talking about - WAP hotspots...
would put an unrealistic burden on the users to connect if we expect
them to configure IPSEC or PPTP on their windows boxes so they can surf
in my coffee shop.
Found the link I was thinking of Fred: http://nocat.net/
There is always a balance of security and usability - if the "cost" of
security sacrifices to much usability, then it's pointless - the system
won't be used at all...
my 2 pennies.