Re: MMDVM User Authentication


Jon K1IMD <jon@...>
 

Cort,
As you pointed out not the original intention but I have seen numerous c-Bridges using HBlink for dongle/hotspot access.

I had a discussion with a couple c-Bridge ops 2 months ago and they were concerned and wishing for some sort of control of access.  So I get the problem as dongles & hotspots almost equals the number of DMR users so it seems and it would be pretty possible to overload a wimpy network connection.

Although not for really necessary for my own application, I will say "YES" it would be helpful for the sake of the couple c-Bridge ops I know.

However, Matthew 2E0SIP makes a very good point... VPN access could control the users as well.  I use a VPN called SoftEther that is very flexible and configurable.  Check it out!

73
Jon


On 7/6/2018 9:32 AM, Cort N0MJS via Groups.Io wrote:
First off, in your original post you said: "Is there a way to have an "authorized user" list in the MMDVM Server?”

I don’t know what an “MMDVM Server” is because I didn’t write any programs called that. I *think* what you want is a black/white list option for allowing clients to connect to hblink.py when it’s configured as a master. Is this what you’re asking for? I know you’re probably cussing me right now for being pedantic, but believe me, after 5 years on this project, I’ve learned we have to be accurate and explicit. If it is what you’re asking, here are my thoughts:

1) HBlink wasn’t written to be a hotspot aggregator, though I realize it’s become that to a number of users.
2) This sounds like a solution b/c systems operators are not adequately controlling their end-users – I know, it’s really hard to control some people.

So how would we go about doing this? IP address isn’t good because too many NAT addresses change too often. It would almost have to be by the radio ID of the client connecting. But if you have users tossing about the password, would they not do the same with the radio ID of their hotspot? The only reasonable way I can think of is by radio ID.

Adding the “feature” would not be complicated. I could kick it out in the next few days. My concern is whether or not it would adequately address the issue, or just push it off into yet another issue. Because there’s one thing I will not do, which is keep chasing solutions for problems that only exist because bad actors are passing around login credentials on one system out there.

I’d like more than one person to say “this would be really beneficial to me”, and all of you who say that to tell me that if the users just find another way to be bad, you won’t be back for another technical solution to an administrative problem – because using technology to continually solve an administrative (human) problem usually creates collateral damage and diminishing returns.

I’d like to see 5 YES votes before I proceed. I can make a poll for the group, but would rather just see some replies to this with one word “YES” or “NO”.

0x49 DE N0MJS


On Jul 6, 2018, at 8:12 AM, Rod - KC7AAD <kc7aad@...> wrote:

Anyone?? Ideas? Thoughts?

--
Cort Buffington
H: +1-785-813-1501
M: +1-785-865-7206






Join main@DVSwitch.groups.io to automatically receive all group messages.