[Server-devel] Filtering and authentication

Reuben K. Caron reuben at laptop.org
Mon Apr 27 11:54:28 EDT 2009

John Watlington wrote:
> On Apr 27, 2009, at 11:18 AM, Reuben K. Caron wrote:
>> Anna wrote:
>>> On Sun, Apr 26, 2009 at 10:51 AM, Reuben K. Caron
>>> <reuben at laptop.org> wrote:
>>> As far as limiting the internet connection to authorized XOs, that's an
>>> issue we're probably going to run into at some point once we broaden
>>> the XS
>>> deployment.  So far at the pilot school, the staff members connect
>>> to the
>>> internet with their personal laptops and iPhones, but I haven't
>>> really heard
>>> any complaints of abuse yet.
>>> If your deployment is relatively small, it should be easy enough to
>>> add the
>>> hardware addresses of the trusted XOs to dhcpd.conf and disallow
>>> unknown
>>> machines (or play pranks on them as suggested at
>>> http://www.ex-parrot.com/~pete/upside-down-ternet.html).
>>> Anna Schoolfield
>>> Birmingham
>> While not all encompassing you could also attempt to drop dhcp requests
>> that do not come from 00:17:c4 using something similar to:
>> http://ubuntuforums.org/showthread.php?p=4191756
> Please do not take this approach.   It sounds quick, easy, and foolproof,
> but will lead to problems in the future.    (I almost suggested it,
> but decided
> the cons outweighted the pros.)
I agree it is fraught with peril; however, do we have a better solution
until: "Tie internet access to registration," is implemented:

> For example, what if you get an XO-1.5 in the mix ?
I would assume XO 1.5 will have a similar unique identifier that could
be added to the list.

While more complex to implement, perhaps something like NetReg would be



More information about the Server-devel mailing list