[ixpmanager] Separation of internal and external usage
Barry O'Donovan
barry.odonovan at inex.ie
Wed Aug 13 19:43:31 IST 2014
On 12/08/2014 13:17, Bernhard Hahn wrote:
> after installing IXP Manager I'm now wondering if it's possible to
> separate the customer public access from the internal users access.
>
> I want to avoid to have my internal management login interface to be
> available public, which seems to be the same to me.
No, that's not possible.
It would be fairly easy to hack in various ways such as:
- two IXP Manager instances with one (public facing) not permitting
logins for admin users (user.privs = 3);
- one IXP Manager instance (public facing) but only allowing admin
users to log in from 'known good' IP addresses.
The authentication system is built on Zend Framework 1:
http://framework.zend.com/manual/1.12/en/zend.auth.introduction.html
To be honest, better options here would be the addition (and requirement
for admin users) of two factor authentication (Google Authenticator [1]
is on our nice-to-have list as we use it for GitHub and other services
also).
- Barry
[1] http://en.wikipedia.org/wiki/Google_Authenticator
More information about the ixpmanager
mailing list