[Server-devel] Filtering and authentication

Wed Apr 29 01:11:24 EDT 2009

On Tue, Apr 28, 2009 at 9:26 PM, Reuben K. Caron <reuben at laptop.org> wrote:
> On Tue, Apr 28, 2009 at 6:34 PM, Jerry Vonau <jvonau at shaw.ca> wrote:
>>
>> On Tue, 2009-04-28 at 16:34 -0400, Reuben K. Caron wrote:
>> > All of the documentation is contained within their download. It
>> > appears like a nice lightweight solution. It is basically a captive
>> > portal that requires authentication before allowing access to the
>> > internet. It takes a different approach then netreg using dynamically
>> > created iptables generated after a user logs in. Whereas netreg uses
>> > dhcp to assign one set of ip addresses to an authenticated group of
>> > users and one set of ip addresses to an unauthenticated set of users.
>> > It appears in their current implementation nocat would require an
>> > authentication every time  a user connects to the system and netreg
>> > would require a single authentication event and subsequently would
>> > read the mac address from the dhcpd.conf file and grant an
>> > authenticated ip address.
>> >
>> > Regards,
>> > Reuben
>>
>> Thanks Reuben,
>>
>> The part that I like is the hook to query a DB, with a bit of work the
>> need to login could be removed, and just look up the group membership
>> that the mac address has in the db.
>>
>> Just a thought,
>>
>> Jerry
>
>
> Keep the thoughts coming! :-) Additionally, this solution would be more
> secure as it does a dance with iptables versus the netreg way where a user
> could simply assign themselves an ip in from the authenticated group and
> gain access to the internet. Both solutions have their merit..first one to
> program it into XS gets their pick..
> Reuben
> _______________________________________________
> Server-devel mailing list
> Server-devel at lists.laptop.org
> http://lists.laptop.org/listinfo/server-devel
>
>

Nocat brings back memories!!!

NocatAuth, as the package is really called, is nice, although it
hasn't been developed for a long time now. The mailing list is kept
alive for archival purposes, mostly. The nocatauth model, in my
opinion, is well thought out and one of the main reasons it was
superseded by the likes of Chillispot and WifiDog was that nocat was
in Perl, and people wanted a small footprint captive portal on their
wireless APs.

I've cc'd the original devs (Hi Rob, Schuyler) on this, in case they
want to chime in. There was a time when I used to live and breathe
nocat code, but those days are long gone :-(

This report is from Nocat v 0.60
http://web.archive.org/web/20030114135947/http://verma.sfsu.edu/users/wireless/bics699_nocatauth_report.pdf
The last known stable (and might I add, rock solid) image was 0.82

I still have my nocat shirt :-)

cheers,
Sameer
-- 
Dr. Sameer Verma, Ph.D.
Associate Professor of Information Systems
San Francisco State University
San Francisco CA 94132 USA
http://verma.sfsu.edu/
http://opensource.sfsu.edu/