ADSM-L

Re: ADSM's lack of knowledge of IP addresses

1996-12-02 16:02:31
Subject: Re: ADSM's lack of knowledge of IP addresses
From: Melinda Varian <[email protected]>
Date: Mon, 2 Dec 1996 16:02:31 EST
On Mon, 2 Dec 1996 at 14:38:49 -0600, Kelly Root said:

> We are going to start using DHCP also. So I would plead with IBM NOT
> to record the IP address. This would cause ALL kinds of problems.

Kelly,  I asked that IBM display the IP address in the session start
message and record the last IP address used for each node.  Could you
explain, please, what kinds of problems that could possibly cause for
anybody?  I'll grant that it might make your database larger by a few
bytes for each client, but I can't see any cost other than that.

Obviously, this function wouldn't be useful with DHCP, but I don't
see how it could do any harm.  And I can see all sorts of benefit.

We have 2600 ADSM clients now and expect that number to continue
growing rapidly.  These users are spread over a large area in a very
decentralized environment, so I often need a clue to help me get in
touch with a user; the IP address would do that.

For example, we use open registration here and I often see someone trying
to connect with a bad node name (such as none at all).  If the session
start message included the IP address, I could get in touch with the user
and help him fix his options or preferences file.  I've had situations
in which two users used the same node name; if the IP addresses had been
recorded, those situations would have been much easier to straighten out.
And I've had many other situations in which I just couldn't tell who the
user was, but I needed to get in touch with him.

I also asked for an option (which would, of course, need to be settable
for the installation as a whole, with overriding options settable for
each client) to limit access to a given IP address.  And, yes, of course,
I know only too well that IP addresses can be spoofed.  (I work at a
university, after all.)  And, of course, I agree that the users should
be using good passwords for ADSM.  However, I have no control over the
users, nor even much influence.  The primary function I envision the
IP address check giving is a message the first time somebody tries to
break into somebody else's ADSM backup using the nodename and a password
but the wrong IP address.  Yes, they'd then guess that they needed to
spoof the IP address, too, but we'd have been warned that mischief was
afoot.

I can well imagine that many folks don't think this requirement would
be useful in their environments.  I am quite sure it would be beneficial
here, and I hope I made it clear in my original request that it would
have to be optional.  Even here, we couldn't tie users dialling in to
back up their home machines to a specific IP address.

However, the requirement I *really* care about is getting the IP address
displayed each time a client connects.  I will assert that that will
not harm any other installation and I know it would be a boon for large
decentralized installations where the users are not necessarily known
to the administrator.

Melinda Varian,
Office of Computing and Information Technology
Princeton University
<Prev in Thread] Current Thread [Next in Thread>