Date: Fri, 29 Jun 2007 18:43:06 +0200 From: Laurent LEVIER <llevier@argosnet.com> To: "Huzeyfe Onal" <huzeyfe.onal@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: authpf method with a HTTP Server? Message-ID: <20070629164309.B3A97267E1D@mx.levier.org> In-Reply-To: <ffa9ac690706290858yb0d396age3e17e01d02fe731@mail.gmail.com > References: <40497.57.250.229.136.1183122125.squirrel@wm.argosnet.com> <46851030.2030409@gmail.com> <49399.57.250.229.136.1183130030.squirrel@wm.argosnet.com> <ffa9ac690706290858yb0d396age3e17e01d02fe731@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi At 17:58 29/06/2007, Huzeyfe Onal wrote: >what you are trying to achieve is very is easy with using captive >portal. But i think you want to write web interface for authpf. >There was some discussion about authpf web interface in >2004[1] which gives you an idea about it's feasible. I am not familiar with captive portals. I used WiFi term, this does not reflect the real full need. The idea is to authenticate users passing the FW not only over a WiFi link. So authenticating users when they build their tunnel, for example, is too restrictive. To me, it is either the spirit of a SSO able to authenticate only once the user so he can build his tunnel, pass a transparent proxy and pass FW rules, or the same as a captive portal, but also able to work over basic wired connectivity. As a summ, I dont intend to prevent access to AP, but directly control only the passthru of the Firewall with a transparent proxy. Not sure a captive portal can do that. I'm digging in parallel to learn more about this principle. Thanks Brgrds Laurent LEVIER Systems & Networks Senior Security Expert, CISSP CISM
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070629164309.B3A97267E1D>