Auto-authenticate user when one connects with a known MAC address
This feature has been widely asked for
When a new connection originates from a known MAC address, the user should be automatically connected to the auth server, without having to reenter his username/password (so this plugin depends on other authentication plugins).
Problem is: the Mac address is not available when the login page is requested, only when the authentication is verified and if the MAC is not recognised, the gateway will redirect to the gw_message page and the authentication is faulty. We should then program a way to redirect to the standard login page with other authenticators if this authenticator doesn't pass instead of showing the faulty authentication page.
Blueprint information
- Status:
- Not started
- Approver:
- None
- Priority:
- Medium
- Drafter:
- None
- Direction:
- Needs approval
- Assignee:
- gbastien
- Definition:
- New
- Series goal:
- None
- Implementation:
-
Unknown
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
What happens if two users share the same computer? Offer the choice to disconnect and reconnect as other? But then a connection has already been initiated between the gateway and the server... Will need to invalidate/destroy the previous connection so that the gateway/server protocol can start over again.
Is only the last mac address of the user kept or all MACs for a user?
What about public computers? Offer a choice when login to remember this MAC for this user and thus keep a list of known mac for a user? And if a user never wants to register his MAC address, then, he needs to login each time?
Geneviève
=======
The way I see it is with MAC sign on, the administrator has a wish to track the different computers rather than the different users mainly in a closed environment. Or they wish to make the process easier for devices like smart phones, handheld consoles like the DS etc.
A different situation is where the user signs up and the MAC is recorded and checked against when the user logs in in the future (The database would class this address as a unique value). the sole purpose of this is to stop the user from signing up with multiple accounts to bypass bandwidth limits etc. An option would allow the user to register a different computer and distroy his old one a certain amount of times say per month.
Robin.
=============
Thanks for adding this whiteboard article, gbastien!
Would a modification to the SplashOnly plugin be an option - although it wouldn't be as good as automatically permitting access, it could be a reasonable workaround. e.g. with SplashOnlyAlter
Re Robin's points (and I'm guessing all the above are his, but correct me if I'm wrong!) - good points re. preventing multiple registrations. In the situation I'm thinking of though, it's purely to make re-connection much easier for those on mobile devices who are regular users. In this situation there's no problem re. multiple users from the one device. Of course it could be a login option 'allow automatic login in the future from this device'. Also the AuthPuppy authserver homepage could always offer a log out option to allow a user to cancel the auto-MAC login. With regards public computers - I don't think you'd use this option at all as you presumably are wanting users to log in individually. If you want to allow permanent untracked access then you could just user the MAC bypass option in the Wifidog gateway settings on the router (indeed this is what we've done in our setup - a public fixed PC on bypass, but individuals can register for their own account for personal devices - it's just quite a hassle having to sign in each time just now).
Happy to try and answer any other qns!
Alan
=============
