| *** Roman__ has quit (Quit: Page closed) | 00:55 | |
| *** nowen (~nowen@adsl-74-176-163-56.asm.bellsouth.net) has joined #wikid | 12:58 | |
| laszlof | nowen: yeah, saw that article.. did you read the doc in there about the cpanel security policy plugins? | 13:03 |
|---|---|---|
| laszlof | short answer, its completely undocumented | 13:04 |
| laszlof | and the "pluggable authentication" has been "in development" since 2008 | 13:04 |
| nowen | yeah, I glanced at the doc | 13:09 |
| nowen | "require a known IP address" | 13:09 |
| nowen | lol | 13:09 |
| laszlof | not to mention I have to code in perl to make it work | 13:09 |
| laszlof | either way, its something to look at when I get to that point | 13:09 |
| laszlof | funny no one mentioned it until now | 13:09 |
| laszlof | the doc is dated 2010 | 13:10 |
| nowen | lol | 13:10 |
| laszlof | however, I've been pushing for this since at least that time, and never seen it | 13:10 |
| laszlof | including being in direct contact with their integration peoplee | 13:10 |
| laszlof | heh, i found your post on the cP forum. presumably when I originally told you about my plan to integrate cpanel with wikid | 13:13 |
| laszlof | http://forums.cpanel.net/f185/two-factor-authentication-admins-124141.html | 13:14 |
| nowen | HA | 13:14 |
| nowen | yes, and zero response | 13:15 |
| laszlof | you dont have a cpanel partner tag | 13:15 |
| laszlof | thats why | 13:15 |
| laszlof | heh | 13:15 |
| laszlof | if I can ever gain access to my forum account again I planned on bumping all those 2FA threads | 13:15 |
| nowen | did you forgot your password? | 13:15 |
| laszlof | yes | 13:15 |
| laszlof | and its linked to my ASO email | 13:16 |
| laszlof | i use random passwords for everything | 13:16 |
| laszlof | for some reason that one wasnt in my password manager | 13:16 |
| *** Bart_ (d57e804a@gateway/web/freenode/ip.213.126.128.74) has joined #wikid | 13:52 | |
| Bart_ | The Nabble forums are "over capacity" so it's essentially unavailable | 13:53 |
| nowen | oh | 13:54 |
| Bart_ | But, I was wondering if I could store two different user keys on my iPhone | 13:54 |
| nowen | hmm | 13:54 |
| laszlof | i doubt it | 13:54 |
| nowen | I don't know. it's possible on a system where you can store the keys in a different directory | 13:55 |
| Bart_ | So did I (the doubting) | 13:55 |
| nowen | what's the use case? | 13:55 |
| laszlof | yeah, you cant do that on the iphone | 13:55 |
| Bart_ | If there would be an option to select a differnt profile somewhere, it could be done. | 13:55 |
| Bart_ | The case is that people are logging in with different "profiles". E.g. I can login as myself (Bart or as a Systems Administrator) | 13:56 |
| nowen | hmm, yeah, I was just wondering if two domains would work | 13:57 |
| nowen | but I don't think so | 13:57 |
| Bart_ | I tried that as well I believe (with a different IP, but ran into some trouble with somethng, can't remember clearly. | 13:57 |
| Bart_ | Might be the radius server | 13:57 |
| nowen | you can't use two domains for the same network client | 13:58 |
| laszlof | nowen: you guys still doing that meeting today? | 14:00 |
| nowen | yes, 2:00 | 14:01 |
| laszlof | cool | 14:02 |
| *** Bart_ has quit (Quit: Page closed) | 15:27 | |
| *** nowen has quit (Quit: Leaving.) | 16:57 | |
| *** nowen (~nowen@adsl-74-176-163-56.asm.bellsouth.net) has joined #wikid | 20:01 | |
| laszlof | nowen: how'd it go? | 20:09 |
| nowen | good, drafting you an email shortly | 20:10 |
| laszlof | cool | 20:10 |
| laszlof | got your email. If I understand what you're saying, you're suggesting just posting to the HTTP admin interface for adding/removing domains? | 20:27 |
| laszlof | I've actually done this before to work around API limitations :) | 20:28 |
| nowen | yes - mainly to start simple and not make us into a bottleneck for you ;) | 20:28 |
| laszlof | yeah, thats totally understandable | 20:32 |
| laszlof | I should be able to build out a simple class to be able to handle that kind of thing | 20:32 |
| laszlof | then just IP restrict the admin area to my server | 20:32 |
| laszlof | which, btw, you should build into wikid 4 :) | 20:33 |
| laszlof | having the ability to IP restrict admin logins would be useful | 20:33 |
| nowen | hmm, yeah, I assume this will be running on a box somewhere in the cloud | 20:33 |
| laszlof | yeah, I have a test server setup right now. The end box will obviously be firewalled and only allow external access for token clients | 20:33 |
| laszlof | I really wish the token clients authed on a separate port | 20:34 |
| laszlof | rather than 443 | 20:34 |
| nowen | tokens are on 80 | 20:34 |
| laszlof | or 80, whatever | 20:34 |
| laszlof | hm, admin is on 443 | 20:34 |
| laszlof | so I could technically restrict 443 to my network via firewall | 20:34 |
| nowen | yes. you can easily change the admin port | 20:34 |
| laszlof | for some reason I thought tokens were on the same port as the admin | 20:35 |
| nowen | you just can't rewrite the tokens do use a different port | 20:35 |
| nowen | I would restrict it to the localhost and then connect via an ssh tunnel | 20:35 |
| laszlof | for the admin port? | 20:35 |
| nowen | depends on how you want to do it | 20:36 |
| nowen | I guess there is not much difference between ssh and ssl | 20:36 |
| laszlof | the website/backend is going to be on a separate server from the wikid box | 20:36 |
| laszlof | though, proxying the tokens through another server might be a good idea | 20:36 |
| laszlof | it would mask the real IP of the token box | 20:36 |
| nowen | you can do that too | 20:37 |
| laszlof | i wouldnt want the token box open to any kind of potential ddos attack | 20:37 |
| laszlof | ok. next thing, with the domain ID's. do those HAVE to be 12 digit numeric right now? | 20:38 |
| nowen | yes | 20:38 |
| nowen | but we can give you a block | 20:38 |
| laszlof | right | 20:39 |
| laszlof | might be worthwhile to have some kind of interface to allocate them dynamically. | 20:39 |
| laszlof | it'd have to be some kind of unused space though | 20:39 |
| laszlof | i suppose anything higher than 255000000000 | 20:40 |
| laszlof | wont be usable space | 20:40 |
| nowen | yes | 20:40 |
| laszlof | cool. This gives me something to finish up the backend with. I'll get with you sometime soon to see what we can workout with the server codes. If its easier just to assign a block for now thats fine, I can store the acceptable range in a DB and assign them. | 20:43 |
| nowen | I just need to see what blocks are available | 20:44 |
| laszlof | dont need much to start with | 20:45 |
| laszlof | just something for testing | 20:45 |
| laszlof | once we go live you can give me like 100K of them or something :P | 20:45 |
| nowen | HA! | 20:46 |
| nowen | fine by me ;) | 20:46 |
| laszlof | and once all those are gone, we can do the happy dance | 20:46 |
| nowen | ok - gotta run | 21:30 |
| nowen | later peeps | 21:30 |
| *** nowen has quit (Quit: Leaving.) | 21:30 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!