Hey everyone, I was wondering how other people handle logging teams in to domjudge during their competitions? We’ve always have volunteers go around to the team computers and manually log them in before the contest started, but I’ve always found that to be a bit tedious. We never liked the idea of giving the teams their own passwords since they could easily share them with each other.
Since we control the contest environment, I found a way to use a local squid proxy to log teams in automatically, without revealing the credentials to the team. I thought I’d share this since someone else might be interested. You can read about it here:
http://icpc-environment.github.io/2015/10/24/domjudge-autologin.html
I don’t know if there is any interest in merging a feature like this into the main DOMjudge tree though, any thoughts? It’s a relatively small patch, but it’s such a narrow use case I don’t know if it’s worth supporting generally.
-Keith Johnson US Southeast Region
Hi Keith,
I'm no expert on this stuff. I suppose you cannot let squid generate post-data with the user/pass, or you would have done so, right?
The patch seems small and inobtrusive enough that we can easily include it, and it doesn't hurt anyone. Is it generic enough that it could be made to work with other proxies/tools too? Then I'd say: include it.
Jaap
On 24-10-15 17:12, kjohns07 wrote:
Hey everyone, I was wondering how other people handle logging teams in to domjudge during their competitions? We’ve always have volunteers go around to the team computers and manually log them in before the contest started, but I’ve always found that to be a bit tedious. We never liked the idea of giving the teams their own passwords since they could easily share them with each other.
Since we control the contest environment, I found a way to use a local squid proxy to log teams in automatically, without revealing the credentials to the team. I thought I’d share this since someone else might be interested. You can read about it here:
http://icpc-environment.github.io/2015/10/24/domjudge-autologin.html
I don’t know if there is any interest in merging a feature like this into the main DOMjudge tree though, any thoughts? It’s a relatively small patch, but it’s such a narrow use case I don’t know if it’s worth supporting generally.
-Keith Johnson US Southeast Region _______________________________________________ DOMjudge-devel mailing list DOMjudge-devel@domjudge.org https://www.domjudge.org/mailman/listinfo/domjudge-devel
Hi Keith,
On Sat, October 24, 2015 20:12, kjohns07 wrote:
I was wondering how other people handle logging teams in to domjudge during their competitions? We've always have volunteers go around to the team computers and manually log them in before the contest started, but I've always found that to be a bit tedious. We never liked the idea of giving the teams their own passwords since they could easily share them with each other.
In the past we've mostly solved this with using IP-address based logging in. This means that teams cannot lose their info and indeed not share it either. But it does require a good overview beforehand of which team will have which IP, obviously. As you mention, that is not an alternative for you.
Another nice approach could be to generate an X.509 client certificate on each team machine, configure that in their browser, and use that to authenticate to Apache. I think this should be possible with the current DOMjudge that supports reading the REMOTE_USER variable. Although teams could in theory share the certificate, that's much more difficult than sharing a password.
Your approach seems like a nice way of handling this too. I wouldn't mind adding the support for that to DOMjudge.
Cheers, Thijs
-
Jaap Eldering -
kjohns07 -
Thijs Kinkhorst