[CentOS] [OT] DHCP auth&auth software

Mon Oct 19 07:05:39 UTC 2009
Amos Shapira <amos.shapira at gmail.com>

2009/10/19 Marko Vojinovic <vvmarko at gmail.com>:
> with a form the user is supposed to fill in and send. After he does so, an
> administrator does a sanity check of the data the user provided, and grants or
> denies access. If access is granted, the user gets a new, unrestricted dhcp
> lease, which provides him with a normal access to local network.

Just be aware that, as far as I hear the experts, MAC addresses can be
sniffed off the air even on "protected"/"encrypted" WiFi networks and
so an intruder can find authorised ones. So trusting the MAC address
for authentication is not secure.

The way I hear that this is usually done is to create a VPN tunnel
over the WiFi connection. Legitimate users still have to authenticate
over that VPN tunnel and therefore even a fake sniffed MAC address
won't help an intruder. The VPN also enhances protection of legitimate
traffic.

I never implemented this (neither the WiFi protection nor the MAC
sniffing) so can't testify from personal experience.

Cheers,

--Amos