[ixpmanager] Separation of internal and external usage

Rob Lister rob at lonap.net
Mon Aug 18 17:43:49 IST 2014



I don't think we have a particular problem with admin / user logins via
the same instance, although perhaps we could enforce some different /
stronger password policy for IXP Admin users.

When adding new user accounts it's very easy to accidentally add
them as Superuser rather than Customer Superuser, so if it had some
little warning box that popped up when selecting the "Customer
Superuser" option, that would be good.

Also a better log of who changed what for important changes like adding
and deleting ports, users etc would be very useful for us.

Rob


On Wed, Aug 13 at 7:43:31 PM, Barry O'Donovan wrote:
> On 12/08/2014 13:17, Bernhard Hahn wrote:
>> after installing IXP Manager I'm now wondering if it's possible to
>> separate the customer public access from the internal users access.
>>
>> I want to avoid to have my internal management login interface to be
>> available public, which seems to be the same to me.
>
> No, that's not possible.
>
> It would be fairly easy to hack in various ways such as:
>
>   - two IXP Manager instances with one (public facing) not permitting 
> logins for admin users (user.privs = 3);
>
>   - one IXP Manager instance (public facing) but only allowing admin 
> users to log in from 'known good' IP addresses.


-- 
Rob Lister
rob at lonap.net
LONAP Ltd
+44 20 3137 8330



More information about the ixpmanager mailing list