I’ve developed a backend with all the bells and whistles allowing users to self manage.
However I’m considering the best method to use when redirecting the user back to the MT Router. I don’t like passing passwords in cleartext, what is the best method to encrypt the password without using SSL on the hotspot?
Reasons being that I don’t want to have certs at each location ($$$ pa), and I don’t want the user calling up about the ‘invalid certificate’ warning when using a self-signed cert.
Can I use the existing password encryption (md5.js, %main% etc) with the remote login? If so, how?
Should I investigate using the RADIUS write feature? Or should I just leave it until the 2.10 version comes out and look at the new automation possibilities?
For a bit of security I’ve made it so that a random password is generated and used to log the user into the hotspot, it changes each time a user logs in. Hopefully I can figgure out a way to remove it upon login so that it doesn’t hang around until their next session. Should be able to do so using rlm_perl or something.