[pfSense Support] concurrent captive portal users
By default, captive portal will allow multiple logins using the same username and password... If the username and password is shared among a group of people, they could all login and surf to various places at the same time and monowall (and I presume pfSense) would be happy with it... In our situation, we didn't want people to have the option of sharing their usernames and passwords. I just mod'ed the monowall code so concurrent logins with the same username are not allowed with Captive Portal... (I plan to put a config item in for this later, so you can choose to operate this way or not)... The way I've coded it, if you are logged into the captive portal and someone else logs in with your username and password, it will kick you off, then allow them in, making a note of the reason for the logout in the syslog, like so: Is this a feature that others are interested in? I am sure it wouldn't take much to put this in pfSense, since I think most of that code is still the same as monowall... How do I go about getting it added? Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] concurrent captive portal users
If you can make this an option this would be a great addition. A unified diff with the m0n0wall code changes should be enough for me to integrate the code into pfSense. Scott On 8/2/05, Paul Taylor [EMAIL PROTECTED] wrote: By default, captive portal will allow multiple logins using the same username and password... If the username and password is shared among a group of people, they could all login and surf to various places at the same time and monowall (and I presume pfSense) would be happy with it... In our situation, we didn't want people to have the option of sharing their usernames and passwords. I just mod'ed the monowall code so concurrent logins with the same username are not allowed with Captive Portal... (I plan to put a config item in for this later, so you can choose to operate this way or not)... The way I've coded it, if you are logged into the captive portal and someone else logs in with your username and password, it will kick you off, then allow them in, making a note of the reason for the logout in the syslog, like so: Is this a feature that others are interested in? I am sure it wouldn't take much to put this in pfSense, since I think most of that code is still the same as monowall... How do I go about getting it added? Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] concurrent captive portal users
Woops - I was trying to paste this in after like so: when I accidentally sent the email... :) Last 50 captive portal log entries Aug 2 13:44:33 LOGIN: pault, 00:50:da:b2:42:36, 192.168.1.254 Aug 2 13:45:29 LOGIN: pault, 00:10:4b:76:91:4e, 192.168.1.253 Aug 2 14:01:34 DISCONNECT: pault, 00:10:4b:76:91:4e, 192.168.1.253 Aug 2 14:01:51 CONCURRENT LOGIN - TERMINATING: pault, 00:50:da:b2:42:36, 192.168.1.254 Aug 2 14:01:51 LOGIN: pault, 00:10:4b:76:91:4e, 192.168.1.253 Aug 2 14:01:55 CONCURRENT LOGIN - TERMINATING: pault, 00:10:4b:76:91:4e, 192.168.1.253 Aug 2 14:01:55 LOGIN: pault, 00:50:da:b2:42:36, 192.168.1.254 Aug 2 14:02:24 CONCURRENT LOGIN - TERMINATING: pault, 00:50:da:b2:42:36, 192.168.1.254 Aug 2 14:02:24 LOGIN: pault, 00:10:4b:76:91:4e, 192.168.1.253 Aug 2 14:02:38 CONCURRENT LOGIN - TERMINATING: pault, 00:10:4b:76:91:4e, 192.168.1.253 Aug 2 14:02:38 LOGIN: pault, 00:50:da:b2:42:36, 192.168.1.254 Note that I kicked the pault user at 14:01:34, then tried logging in as pault at 14:01:51 (after saving the code onto Monowall). It kicked the other login of pault out (the .254 user) and then logged me in (.253). Then, we went back and forth logged each other out... What fun! Paul -Original Message- From: Paul Taylor [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 02, 2005 2:29 PM To: support@pfsense.com Subject: [pfSense Support] concurrent captive portal users By default, captive portal will allow multiple logins using the same username and password... If the username and password is shared among a group of people, they could all login and surf to various places at the same time and monowall (and I presume pfSense) would be happy with it... In our situation, we didn't want people to have the option of sharing their usernames and passwords. I just mod'ed the monowall code so concurrent logins with the same username are not allowed with Captive Portal... (I plan to put a config item in for this later, so you can choose to operate this way or not)... The way I've coded it, if you are logged into the captive portal and someone else logs in with your username and password, it will kick you off, then allow them in, making a note of the reason for the logout in the syslog, like so: Is this a feature that others are interested in? I am sure it wouldn't take much to put this in pfSense, since I think most of that code is still the same as monowall... How do I go about getting it added? Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] concurrent captive portal users
On 8/2/05, Paul Taylor [EMAIL PROTECTED] wrote: Woops - I was trying to paste this in after like so: when I accidentally sent the email... :) Last 50 captive portal log entries Aug 2 13:44:33 LOGIN: pault, 00:50:da:b2:42:36, 192.168.1.254 Aug 2 13:45:29 LOGIN: pault, 00:10:4b:76:91:4e, 192.168.1.253 Aug 2 14:01:34 DISCONNECT: pault, 00:10:4b:76:91:4e, 192.168.1.253 Aug 2 14:01:51 CONCURRENT LOGIN - TERMINATING: pault, 00:50:da:b2:42:36, 192.168.1.254 Aug 2 14:01:51 LOGIN: pault, 00:10:4b:76:91:4e, 192.168.1.253 Aug 2 14:01:55 CONCURRENT LOGIN - TERMINATING: pault, 00:10:4b:76:91:4e, 192.168.1.253 Aug 2 14:01:55 LOGIN: pault, 00:50:da:b2:42:36, 192.168.1.254 Aug 2 14:02:24 CONCURRENT LOGIN - TERMINATING: pault, 00:50:da:b2:42:36, 192.168.1.254 Aug 2 14:02:24 LOGIN: pault, 00:10:4b:76:91:4e, 192.168.1.253 Aug 2 14:02:38 CONCURRENT LOGIN - TERMINATING: pault, 00:10:4b:76:91:4e, 192.168.1.253 Aug 2 14:02:38 LOGIN: pault, 00:50:da:b2:42:36, 192.168.1.254 Note that I kicked the pault user at 14:01:34, then tried logging in as pault at 14:01:51 (after saving the code onto Monowall). It kicked the other login of pault out (the .254 user) and then logged me in (.253). Then, we went back and forth logged each other out... What fun! You might also make the behaviour configurable - say, _not_ logging the existing user out, or giving an option asking first. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] concurrent captive portal users
Bill, I am planning to make it an option - Either log them out, or allow concurrency I hadn't thought of having it ask. I've also had another suggestion to redirect them to a page that indicates their password may have been compromised... I'll probably stick with an on/off switch for now... Paul -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 02, 2005 2:59 PM To: Paul Taylor Cc: support@pfsense.com Subject: Re: [pfSense Support] concurrent captive portal users On 8/2/05, Paul Taylor [EMAIL PROTECTED] wrote: Woops - I was trying to paste this in after like so: when I accidentally sent the email... :) Last 50 captive portal log entries Aug 2 13:44:33 LOGIN: pault, 00:50:da:b2:42:36, 192.168.1.254 Aug 2 13:45:29 LOGIN: pault, 00:10:4b:76:91:4e, 192.168.1.253 Aug 2 14:01:34 DISCONNECT: pault, 00:10:4b:76:91:4e, 192.168.1.253 Aug 2 14:01:51 CONCURRENT LOGIN - TERMINATING: pault, 00:50:da:b2:42:36, 192.168.1.254 Aug 2 14:01:51 LOGIN: pault, 00:10:4b:76:91:4e, 192.168.1.253 Aug 2 14:01:55 CONCURRENT LOGIN - TERMINATING: pault, 00:10:4b:76:91:4e, 192.168.1.253 Aug 2 14:01:55 LOGIN: pault, 00:50:da:b2:42:36, 192.168.1.254 Aug 2 14:02:24 CONCURRENT LOGIN - TERMINATING: pault, 00:50:da:b2:42:36, 192.168.1.254 Aug 2 14:02:24 LOGIN: pault, 00:10:4b:76:91:4e, 192.168.1.253 Aug 2 14:02:38 CONCURRENT LOGIN - TERMINATING: pault, 00:10:4b:76:91:4e, 192.168.1.253 Aug 2 14:02:38 LOGIN: pault, 00:50:da:b2:42:36, 192.168.1.254 Note that I kicked the pault user at 14:01:34, then tried logging in as pault at 14:01:51 (after saving the code onto Monowall). It kicked the other login of pault out (the .254 user) and then logged me in (.253). Then, we went back and forth logged each other out... What fun! You might also make the behaviour configurable - say, _not_ logging the existing user out, or giving an option asking first. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] concurrent captive portal users
On 8/2/05, Paul Taylor [EMAIL PROTECTED] wrote: I am planning to make it an option - Either log them out, or allow concurrency I hadn't thought of having it ask. I've also had another suggestion to redirect them to a page that indicates their password may have been compromised... I'll probably stick with an on/off switch for now... Great ideas!! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
