best auth method?

Jim Carter jimc at math.ucla.edu
Thu Dec 19 05:23:06 EST 2002 

On Tue, 17 Dec 2002, Jason Radford wrote:
> We're looking at switching over our towers from ror mode to ap mode
> and wondered what the best auth method would be with a linux
> solution for authentifiation for wireless customers.  We'd like to find
> something that works across windows/unix/mac's if possible.

At the UCLA Library, the first time you use port 80 (HTTP) to anywhere, you
get a page back on which you give authentication information.  With a
successful login, your physical port is enabled and your original packet is
forwarded.  This is wired Ethernet, though the principle would be the same
with wireless.  I believe that the technology is purchased from Cisco.
I'm not sure who you should ask about this; try noc at cts.ucla.edu (the
Network Operations Center)  and they may know who to forward your questions
to.

At the Hampton Inn and Suites in Vancouver, CA (very nice hotel, I might
add), they have a thing where you connect to the hotel's web server and
give authentication information, after which your port (wired) is enabled.
Internet access is free with them, though other hotels would want a credit
card number.  Contact nazira at hamptoninnvancouver.com and ask who they
bought the software from.

With the web-based solutions, you don't have to think about Windoze / UNIX
/ Mac.

If you're going to "roll your own", there's a feature in iptables which
forcibly redirects all traffic meeting the criterion (i.e. unauthenticated
MAC address) to a host you choose, such as localhost.  You could implement
the Cisco-style login as an error page, when the web server on localhost
fails to find the requested data.  This is best for undergraduates who
never read instructions.  The explicit authentication mode, like in the
hotel, is a lot simpler to program.  But either of these schemes would come
down to enabling transport based on the originating MAC address.  At least
it's dynamic, so if the user changes PCMCIA cards, you aren't involved
administratively.

James F. Carter          Voice 310 825 2897    FAX 310 206 6673
UCLA-Mathnet;  6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555
Email: jimc at math.ucla.edu  http://www.math.ucla.edu/~jimc (q.v. for PGP key)

More information about the wireless mailing list