PreAuth Option

Overview

PreAuth is an implementation of FAS without the resource utilisation of a separate web server, particularly useful for legacy devices with limited flash and RAM capacity.

PreAuth is a pre-authentication process that enables NDS to directly serve dynamic web content generated by a script or executable program, using its own built in Web server.

Note

PreAuth is the underlying method used by Themespec scripts.

A custom PreAuth script can be enabled by configuring openNDS FAS to point to a virtual URL in the openNDS webserver root instead of an independent FAS server. The location of the PreAuth script or program is configured in the config file.

The PreAuth script can be a shell script or any other script type that an interpreter is available for (for example, PHP-cli, Python etc.).

It can even be a compiled executable binary program if desired, for example, a compiled program written in C or any other language that has a compiler available for the platform.

The PreAuth script or program will parse the url encoded command line (query string) passed to it and output html depending on the contents of the query string it receives from openNDS. In turn, openNDS will serve this html to the client device that is attempting to access the Internet.

Configuring a Custom PreAuth

A custom PreAuth is set up using the standard NDS configuration for FAS (See the Forwarding Authentication Service (FAS) section of this documentation).

In addition a single PreAuth configuration option is required to inform NDS of the location of the PreAuth script or program.

In summary, the following configuration options should be set:
  1. fasport. This enables FAS and must be set to the same value as the gateway port.
  2. faspath. This must be set to the PreAuth virtual url, “/opennds_preauth/” by default.
  3. preauth. This the path to the PreAuth script.

The remaining FAS configuration options must be left unset at the default values.

ie:
  1. fasremoteip. Not set (defaults to the gateway ip address).
  2. fasremotefqdn. Not set.
  3. fas_secure_enable. Not set (defaults to enabled).

What Does the Default PreAuth Login Script Do?

It generates html output for openNDS to serve as a dynamic series of splash pages. The html it outputs can dynamically change according to the inputs received from a client in the html forms it generates.

Writing A PreAuth Script

A Preauth script can be written as a shell script or any other language that the system has an interpreter for. It could also be a complied program.

openNDS calls the PreAuth script with a b64 encoded argument containing the equivalent of an html query string but with “, ” (comma space) in place of “&” (ampersand).

Full details of programming a custom PreAuth script can be found by reading and following the login flow in the libopennds script and accompanying ThemeSpec files.

Custom Parameters, Variables, Images and Files

Custom Parameters, Variables, Images and Files, defined in the config and the definitions are passed to PreAuth in the b64 encoded query string as well as being cached in a local database file for each client.