[Chilli] [Patch] Disable user-caused logout when UAM is not used
IT-Systemmanagement Pieter Hollants
pieter at hollants.com
Tue May 18 15:14:00 UTC 2010
Currently, users have the possiblity to logout by accessing
http://<chilliIP>:<chilliPort>/logout or by accessing http://logout.
This makes sense with UAM, where the webbrowser was the "authentication
device" used to gain access to the Internet.
With EAPOL, WPA and MAC authentication, however, the "login" occurs
using the client operating system's methods and dialogs, so this is
where the user also expects to perform a "logoff", eg. by disassociating
from the WPA-EAP perotected WLAN. (Yes, I know CoovaChilli itself can't
notice a disassociation unless the access point sends accounting
information).
So to be consistent, the user-caused logout methods described above
should not work outside of UAM, since that will only cause confusion:
the user will be redirected to the uamhomepage Website and while he
_can_ logon again there, this mixes up different auth. types and defeats
the purpose of WPA-EAP.
The attached patch therefore disables "logout" for all downlink
protocols except UAM. It doesn't yet prevent authentication scripts from
presenting a logout button, that's up to a seperate patch.
Please review.
--
Dipl.-Wirtsch.-Inform. Pieter Hollants
IT-Systemmanagement Pieter Hollants Tel. : (+49) (0)6192-910717
Rossertstraße 80 Fax : (+49) (0)6192-910713
65830 Kriftel eMail: pieter at hollants.com
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: coova-chilli-1.2.2-logout_uamonly.diff
URL: <http://lists.coova.org/pipermail/chilli/attachments/20100518/d7a8ecf3/attachment.asc>
More information about the Chilli
mailing list