[ previous ] [ next ] [ threads ]
 
 From:  Adam Nellemann <adam at nellemann dot nu>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] m0n0wall version 1.1b7
 Date:  Thu, 13 May 2004 18:43:25 +0200
David Rodgers wrote:

> OK ... I didn't really like the captive portal idea but since it's already 
> this far how about the next logical step .....  

Luckily it can be disabled (indeed this is the default state). As I 
understand it, there is no overhead or possibility of security issues 
when the portal feature is disabled.

> How about an authentication option that can be enabled for the portal to allow 
> you to controls users via a radius server? Just a click box that adds a 
> userid and password field to the aup form and uses radius authentication.

This can already be achieved (more or less) by pasting in the right 
HTML code. That being said, I think Manuel et.al. is already working 
on something along these lines, albeit in a more flexible way:

If I remember correctly, the plan is to remove the auto-generated 
button, and instead preload the HTML box with the code for the button. 
This way you can either choose to elaborate on the HTML code, or you 
can simply do a redirect to some auth. page (such as radius). It 
should then be possible to authorize a user by throwing a HTTP 
response at m0n0wall (similar to that generated by the preloaded code 
for the button i guess?)

While perhaps not as easy to set up, this should provide for a more 
flexible system, allowing you to do more or less whatever you fancy 
with the portal page.

Additionally, I got the impression that a white-list feature is also 
under way, in the form of a list where you can enter a number of MAC 
addresses which are allowed to bypass the portal page entirely.

I hope this fits your bill? It certainly does mine, but then again, 
I'm not really in need of a portal, I'm just playing around with it 
for my WLAN guests at home, mainly for the coolness factor ;)


Adam.