[SGVLUG] NFD over Internet
Tom Emerson
osnut at pacbell.net
Sun Dec 4 10:49:07 PST 2005
On Sunday 04 December 2005 1:28 am, Alex Roston wrote:
>
> I have a program for my kiosk system which accepts cards. There's a card
> number associated with a number of minutes.[...] I have a customer who has
> deployed around 50 kiosks in Canada, and they want to extend this system
> [...]
> Lastly, if this isn't practical, what's the best (and hopefully easiet)
> way to implement an authentication system over the net?
A different solution would be a "AAA-radius" server -- what you're describing
is almost identical to what I did for a local coffee house for the wireless
internet access. Admittedly, the access point I was using was already geared
for this, so it was pretty trivial, but in learning how to use the radius
server, I came to understand the third "A" in the list -- accounting.
Like you, I was selling cards printed with random user/password combinations.
These users were pre-set in a mysql database with one or two hours associated
with them, and savvy end users could "log out" once they downloaded their
e-mail, compose responses, then "log in" to transmit them. In this way, a
"one hour" card could last someone a week if they were careful to limit each
"session" to 5 minutes or so.
The radius server already uses a "secure" channel -- you have to pre-set a
"shared secret" between the client and server, and I think you had to have
fixed IP addresses for the clients (but that may have been because I had the
luxury of a fixed address -- it might just be a configuration tweak to allow
dynamic client addresses) Once the server authenticates the user, it can
send back information that your application can use to limit access. It also
sends how much "time" you have available (so your client can enforce a
timeout) When you "sign out", the client sends a closing record that the
server can use to determine how much time you've used and adjust accordingly.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
Url : http://www.sgvlug.net/pipermail/sgvlug/attachments/20051204/cb664ead/attachment-0001.bin
More information about the SGVLUG
mailing list