---- Original Message -----
From: "steve ulrich" <sulrich at botwerks.org>
To: <tcwug-list at tcwug.org>
Sent: Wednesday, June 19, 2002 9:58 PM
Subject: Re: authentication mechanisms (was: Re: [TCWUG] a call to limbs
...)


> when last we saw our hero (Wednesday, Jun 19, 2002),
>  Carl Wilhelm Soderstrom was madly tapping out:
> > >  - common authentication infrastructure - karl has offered a server to
> > >  handle some of the elements associated with creating a common
> > >  authentication infrastructure.  i suggest interested parties start
> > >  hammering out designs for this element
> >
> > let's start by asking the fundamental question of 'what are we trying to
do
> > here?'
>
> i think that the basic goal here is to provide an authentication
> mechanism that folks within the group can use to determine who they
> want to share access with.
>
> additionally, i think that it makes a lot of sense to provide simple
> things like dns for these nodes to unify the infrastructure.
>
>

well, what're they authenticating to? the hotspot or the infrastructure? if
it's the hotspot, just run somthing like wingate and audit everything that
comes through the air... if you're a unix nut, run
ipchains/tables/ipf/pf/whatever you prefer.

I think it'd be a good idea to start creating some subdomains for those of
us with hotspots up in the air already. However, the naming scheme i don't
think has been resolved. Mine at home is public.wireless.goobe.net - ssid of
goobenet-tcwug (for the public side). not quite sure how to tackle this one,
but if you have your own domain, i'd like to suggest my scheme.
"domain-tcwug" (minus punctuation) foocom-tcwug, botwerksorg-tcwug (some
might be too long). Just and idea. Also, i've seen AP's that broadcast
"information" packets, i'm investigating how to put a "welcome" message in
the air about mine, making some kind of refrence to AUP, yadda yadda
yadda...

>
> >
> > possible answers that have been discussed:
> > - roaming NoCatAuth authentication: if NoCatAuth admins subscribe to a
> >   centralized authentication service, users who register with that
service
> >   can go to NoCatAuth nodes that subscribe to the service, and get
> >   connectivity.
>
> this is what i was referring to regarding the authentication side of
> things.
>
>
> > - simple dynamic DNS, using wget and a CGI
> > - 'real' DDNS, with BIND 9
>
> the management of dns is largely tangential to this but key
> nonetheless.  looks like another element for attention as well.
>

http://www.dnstools.com/

Been looking at web based stuff for a friend of mine up here at college, so
far, this one seems more or less sane to me... don't have a unix box up here
running yet, but i'm gonna investigate this one a bit more.

> >
> > all of the above could be done, no problem.
> >
> > the first two, are the sort of thing that killdeer.tcwug.org was
intended for.
> >
> > the last one, Nate Carlson has generously offered to host on his own DNS
> > server. I judge that to be a superior idea to using killdeer.tcwug.org;
tho
> > killdeer could be used as a secondary DNS server. (considering that
they're
> > in the same rack, and share the same UPS and hub, the value of that is a
bit
> > dubious, tho).
>
> i have a couple machine that can be secondary dns servers.  my home
> network has a couple of machine which i can segment for this and i
> have machines scattered in colocation facilities around the country
> which can be used for this purpose as well.
>
> i don't think that we're at a loss for this type of capacity.  i think
> that anything we do should be hosted in several locations.  i'm a big
> fan of redundancy in this type of application.
>
>
>
> >
> > are there any other ideas that I have missed?
> >
>
> --
> steve ulrich                       sulrich at botwerks.org
> PGP: 8D0B 0EE9 E700 A6CF ABA7  AE5F 4FD4 07C9 133B FAFC
> _______________________________________________
> Twin Cities Wireless Users Group Mailing List - Minneapolis/St. Paul,
Minnesota
> http://www.tcwug.org
> tcwug-list at tcwug.org
> https://mailman.real-time.com/mailman/listinfo/tcwug-list
>


Again, my $.02 :)

--
Alex Hartman - goober at goobe.net
PGP Key fingerprint = 26 41 19 56 19 81 E2 BC  EE C8 1D F4 DB B8 ED B8
"All in all is all we all are..." -Kurt Cobain RIP 1967-1994