2016-02-15 - Re: [GRASE-Hotspot] Re: Limit voucher login to single device
Header Data
From: Reflex INKY <re***y@gmail.com>
Message Hash: 5eaeba57a2ff7822d850daee38d002366062943f863aea262c608d70401ff980
Message ID: <CAASt=XQAFw=tFGv65RkH_2n6++pkkASrT98NGHnFVVHrJ9T9nQ@mail.gmail.com>
Reply To: <5dc932ed-0b56-43a5-82dc-ec8616c3cf50@grasehotspot.org>
UTC Datetime: 2016-02-15 03:41:36 UTC
Raw Date: Mon, 15 Feb 2016 06:41:36 -0400
Raw message
Thank you Tasyo. I figured that this is what I would have to do except I do
not know how. I wanted to do this at the point of login as any other way
would mean a cron job( I think). I am seeing the info in the radius
database but don't know where in the code to modify. For example, I am
seeing a dologin() function in config.local.sh that I want to change to
check for the username-mac address combination. I would then do the steps
in 2 outlined in your response but against the radius database. Now trying
to go through the code to understand how chilli works.
On Mon, Feb 15, 2016 at 4:45 AM, Pilosopong Tasyo <
pi***7@gmail.com> wrote:
> Hi,
>
> You can use *chilli_query* to extract the username-MAC address pair of
> all logged-in users and make a comparison if each pair matches the one on
> file. A shell script should foot the bill nicely. Basically, the script
> does the following:
>
>
> 1. Use *chilli_query list* to extract the username and MAC address of
> all logged-in users. You'll need to filter the list using *grep* and
> *cut* (you only need *USERNAME* and *MAC_ADDRESS*) and save it
> *"ACTIVE_USERS_FILE"* for processing.
> 2. For every USERNAME and MAC_ADDRESS in the *ACTIVE_USERS_FILE*, make
> a comparison:
> - *USERNAME* doesn't exist on file yet -> first time log-in, create
> *USERNAME* with *MAC_ADDRESS* as it's content
> - *USERNAME* already exist and *MAC_ADDRESS* matches the one on
> file -> no action, the credentials matches the one on file
> - *USERNAME* already exist but *MAC_ADDRESS* doesn't match the one
> on file -> unauthorized device (i.e., *USERNAME* is being used with
> another device that has a different *MAC_ADDRESS*), use *chilli_query
> logout* to kick out the *USER_NAME*
> 3. Repeat the entire procedure.
>
> So even if the there's a successful login, it won't take long for the user
> to get logged out. Very effective in deterring users from sharing their
> credentials with someone else (or preventing users from using their
> credentials on another device even if they own it).
>
> Hope this helps. Cheers.
>
> --
> This mailing list is for the Grase Hotspot Project http://grasehotspot.org
> ---
> You received this message because you are subscribed to the Google Groups
> "Grase Hotspot" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to gr***e@grasehotspot.org.
> To post to this group, send email to gr***t@grasehotspot.org.
> Visit this group at
> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
> To view this discussion on the web visit
> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/5dc932ed-0b56-43a5-82dc-ec8616c3cf50%40grasehotspot.org
> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/5dc932ed-0b56-43a5-82dc-ec8616c3cf50%40grasehotspot.org?utm_medium=email&utm_source=footer>
> .
>
Thread
-
Return to February 2016
- Return to “wegejo <jo***r@jwer.de>”
- Return to “mohammed farouk <mf***g@gmail.com>”
- Return to “Pilosopong Tasyo <pi***7@gmail.com>”
- Return to “Reflex INKY <re***y@gmail.com>”
-
Return to “Timothy White <ti***8@gmail.com>”
- 2016-02-14 (Sun, 14 Feb 2016 12:46:38 -0800) - Limit voucher login to single device - Reflex INKY <re***y@gmail.com>
- 2016-02-14 (Sun, 14 Feb 2016 14:00:23 -0800) - Re: Limit voucher login to single device - wegejo <jo***r@jwer.de>
- 2016-02-14 (Sun, 14 Feb 2016 20:49:51 -0400) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Reflex INKY <re***y@gmail.com>
- 2016-02-14 (Mon, 15 Feb 2016 08:34:22 +0200) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - mohammed farouk <mf***g@gmail.com>
- 2016-02-14 (Sun, 14 Feb 2016 20:49:51 -0400) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Reflex INKY <re***y@gmail.com>
- 2016-02-15 (Mon, 15 Feb 2016 00:45:34 -0800) - Re: Limit voucher login to single device - Pilosopong Tasyo <pi***7@gmail.com>
- 2016-02-15 (Mon, 15 Feb 2016 06:41:36 -0400) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Reflex INKY <re***y@gmail.com>
- 2016-02-15 (Mon, 15 Feb 2016 21:10:54 +1000) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Timothy White <ti***8@gmail.com>
- 2016-02-15 (Mon, 15 Feb 2016 21:16:09 -0400) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Reflex INKY <re***y@gmail.com>
- 2016-02-17 (Wed, 17 Feb 2016 22:10:07 +1000) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Timothy White <ti***8@gmail.com>
- 2016-02-17 (Wed, 17 Feb 2016 05:06:35 -0400) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Reflex INKY <re***y@gmail.com>
- 2016-02-17 (Wed, 17 Feb 2016 07:24:36 -0400) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Reflex INKY <re***y@gmail.com>
- 2016-02-21 (Sun, 21 Feb 2016 07:50:30 -0400) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Reflex INKY <re***y@gmail.com>
- 2016-02-21 (Sun, 21 Feb 2016 22:03:45 +1000) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Timothy White <ti***8@gmail.com>
- 2016-02-21 (Sun, 21 Feb 2016 08:09:08 -0400) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Reflex INKY <re***y@gmail.com>
- 2016-02-21 (Sun, 21 Feb 2016 22:03:45 +1000) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Timothy White <ti***8@gmail.com>
- 2016-02-15 (Mon, 15 Feb 2016 21:16:09 -0400) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Reflex INKY <re***y@gmail.com>
- 2016-02-15 (Mon, 15 Feb 2016 21:10:54 +1000) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Timothy White <ti***8@gmail.com>
- 2016-02-15 (Mon, 15 Feb 2016 06:41:36 -0400) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Reflex INKY <re***y@gmail.com>
- 2016-02-14 (Sun, 14 Feb 2016 14:00:23 -0800) - Re: Limit voucher login to single device - wegejo <jo***r@jwer.de>