[Server-devel] Filtering and authentication
Reuben K. Caron
reuben at laptop.org
Mon Apr 27 11:54:28 EDT 2009
John Watlington wrote:
>
> On Apr 27, 2009, at 11:18 AM, Reuben K. Caron wrote:
>
>> Anna wrote:
>>> On Sun, Apr 26, 2009 at 10:51 AM, Reuben K. Caron
>>> <reuben at laptop.org> wrote:
>>>
>>> As far as limiting the internet connection to authorized XOs, that's an
>>> issue we're probably going to run into at some point once we broaden
>>> the XS
>>> deployment. So far at the pilot school, the staff members connect
>>> to the
>>> internet with their personal laptops and iPhones, but I haven't
>>> really heard
>>> any complaints of abuse yet.
>>>
>>> If your deployment is relatively small, it should be easy enough to
>>> add the
>>> hardware addresses of the trusted XOs to dhcpd.conf and disallow
>>> unknown
>>> machines (or play pranks on them as suggested at
>>> http://www.ex-parrot.com/~pete/upside-down-ternet.html).
>>>
>>> Anna Schoolfield
>>> Birmingham
>>
>> While not all encompassing you could also attempt to drop dhcp requests
>> that do not come from 00:17:c4 using something similar to:
>>
>> http://ubuntuforums.org/showthread.php?p=4191756
>
> Please do not take this approach. It sounds quick, easy, and foolproof,
> but will lead to problems in the future. (I almost suggested it,
> but decided
> the cons outweighted the pros.)
I agree it is fraught with peril; however, do we have a better solution
until: "Tie internet access to registration," is implemented:
http://wiki.laptop.org/go/User:Martinlanghoff/XS_0.6_plan#Not_in_the_plan
> For example, what if you get an XO-1.5 in the mix ?
I would assume XO 1.5 will have a similar unique identifier that could
be added to the list.
While more complex to implement, perhaps something like NetReg would be
viable:
http://netreg.sourceforge.net/
Regards,
Reuben
More information about the Server-devel
mailing list