[ previous ] [ next ] [ threads ]
 
 From:  "Mitch \(WebCob\)" <mitch at webcob dot com>
 To:  "Chris Buechler" <cbuechler at gmail dot com>, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] Captive with IMAP
 Date:  Tue, 28 Sep 2004 16:40:24 -0700
> > Don't piss on the idea when there isn't a better alternative... ;-)
> But there is.  Use a user DB on m0n0wall, as you mentioned.
>

If it's too restrictive, I fear it won't be useful. The same people who
can't set up radius also can't hack a mono image on another system.

> > Any of those users (though they may not be able to access their
> ISP's radius
> > service) could access their POP service or IMAP service...
> And then (probably without them realizing) allow every user of their
> ISP to authenticate to their hotspot!  True, probably a small risk in
> a home environment, but it gives them a false sense of security
> nonetheless.  Not to mention the risk of a less-then-clueful admin
> turning it on in a business.

I was making the assumption (dangerous I know) that it wouldn't matter for a
home user, and that for a business user, they would probably allow
authentication to their domain. I guess if they don't HAVE a domain it would
open the door a little wider, but I think those sorts of concerns can be
addressed in the manual ;-)

> In that situation, the user database Dinesh discussed is exactly
> what they need.

I prefer that idea... just think it has to be on par with comparable
services (user capacity wise) or else we lose users... As an individual,
considering my hourly rate, I've spent more time reading on Radius and IAS
than it would have cost to buy a comercial WISP gateway. We can't force that
situation.

If expanding the user database to the point where it's usable is the
solution I'm all for it - otherwise, I'm also in support of those who would
hack in alternative authentication schemes to provide a single password db -
regardless of where it lives.

m/