Version 1 (modified by Robin Jones, 13 years ago)

MAC Blacklisting Design Doc

Blacklisting a MAC address from your network

The changes needed for basic functionnality in the auth server are:

  • Add a network_had_blacklist and blacklist table in the db. The latter would (for now) only have a guid, MAC address, and a ban reason field.
  • Add a UI for it. This implied writing a very simple "Blacklist" object that inherits from generic object, and hooking it in from Network::getAdminUI() and Network::processAdminUI()
  • Actually use the blacklist during login attempt (at the token creation stage. This should be authenticator independent.
  • Optionally, also prevent creating an account from that computer. This MUST somehow be done within the AuthenticatorLocalUser? code even if additional hooks have to be written), not in the general auth or signup code.

The above should be fairly simple, and fairly future proof (in the future there will be much more complicated use case than static, persistent MAC based blacklists).