[Freedombox-discuss] FBX Setup with Debconf Web-Frontend: Difficult
-----BEGIN PGP SIGNED MESSAGE-----
Hi folks, I've reviewed the debconf web-frontend a little with an eye to
using it for the initial configuration of an FBX. My idea was that we
could use the web-frontend to do initial configuration during the setup
process, from a remote computer (like a laptop that joined the
DreamPlug's wireless network).
I've found that the system could work, but isn't well suited for that
The biggest issue is that the server accepts connections only from the
localhost and does no authentication at all. So, there's no way
(without hacking on it) to use that frontend for remote management. The
connection also isn't encrypted in any way (HTTP only, no HTTPS), which
is bad when you're doing remote management over a wireless network.
Secondly, even if that could be fixed, there's no automatic way to make
the administration login process transparent to the user. I originally
assumed we could use Monkeysphere for this process, but there are a
couple hurdles. Monkeysphere currently only handles identifying the
server to the client. It won't identify the client to the server. So,
even if we could generate, sign, and correctly exchange keys during the
login process, the user would still need to log into their new box with
a password. Yeah, not a really big deal, but still something we should
be able to improve on.
So, if anyone's looking for open coding-related tasks, here are two:
1. Allow secured, remote logins to Debconf's web-frontend. Remote
logins are fine, but since we're (presumably) sending a user's
password, cleartext password transmission is unacceptable.
2. Make Monkeysphere work the othe way (identifying clients to servers).
I'll get to both of these ...someday but, if anybody else is both
interested and has the time, consider yourself asked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
-----END PGP SIGNATURE-----