Le 2016-03-10 10:03, Ian MacDonald a écrit :
Fabrice,
Thank you for the information; The limitation on the password
attribute security is a show stopper for us as we can't deviate from
our current SSHA hashing mechanisms.
This may not be a bad thing, as our goal of implementing a public
wireless AP that allowed both self-registration but could be bypassed
by existing credentials (username=email) may have proven to be too
confusing for users.
So we are now considering the following options, with hopes of a
successful pilot this week. Perhaps you can comment on which options
are not easily accomplished; our core objective is simply to be able
to use the Secure SSIDs with an ability to revoke and administrate;
Being able to communicate by email and use a shared secret are
secondary objectives.
A) captive portal, everyone self-registers devices with an email
address and use a publicly posted shared key (shared key solves the
issue of people on the fringe of the service area using it)
Like chained authentication source you can define in PacketFence.
B) captive portal, everyone self-registers devices with an email
address every six months (okay, but more difficult to prevent
unauthorized users at the fringe of the service area)
Hum...
C) simple captive portal, everyone self-registers by simply accepting
the AUP (keep our fingers crossed that we don't start to see a horde
of tablet users move from the local coffee shop to park benches next door)
Register for 1 hour in this case.
When I was looking at the sources configuration page, there is a note
that all the external sources (i.e. email registration) do not support
802.1X; Does that mean that we can not use secure SSIDs with
self-registration?
You can do it in email source you can create local account and you can
have a look in packetfence-tunnel to allow peap with local account (cf
documentation and select clear text password for local passord).
https://github.com/inverse-inc/packetfence/blob/devel/docs/PacketFence_Administration_Guide.asciidoc#option-5-eap-local-user-authentication
cheers,
Ian
On Thu, Mar 10, 2016 at 8:56 AM, Fabrice DURAND <[email protected]
<mailto:[email protected]>> wrote:
clear text password or the nthash password in an attribute
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
