If it doesn't cause any problems using DHCP, I have NO agruments about
IBM adding this function.
At 04:02 PM 12/2/96 EST, you wrote:
>On Mon, 2 Dec 1996 at 14:38:49 -0600, Kelly Root said:
>
>> We are going to start using DHCP also. So I would plead with IBM NOT
>> to record the IP address. This would cause ALL kinds of problems.
>
>Kelly, I asked that IBM display the IP address in the session start
>message and record the last IP address used for each node. Could you
>explain, please, what kinds of problems that could possibly cause for
>anybody? I'll grant that it might make your database larger by a few
>bytes for each client, but I can't see any cost other than that.
>
>Obviously, this function wouldn't be useful with DHCP, but I don't
>see how it could do any harm. And I can see all sorts of benefit.
>
>We have 2600 ADSM clients now and expect that number to continue
>growing rapidly. These users are spread over a large area in a very
>decentralized environment, so I often need a clue to help me get in
>touch with a user; the IP address would do that.
>
>For example, we use open registration here and I often see someone trying
>to connect with a bad node name (such as none at all). If the session
>start message included the IP address, I could get in touch with the user
>and help him fix his options or preferences file. I've had situations
>in which two users used the same node name; if the IP addresses had been
>recorded, those situations would have been much easier to straighten out.
>And I've had many other situations in which I just couldn't tell who the
>user was, but I needed to get in touch with him.
>
>I also asked for an option (which would, of course, need to be settable
>for the installation as a whole, with overriding options settable for
>each client) to limit access to a given IP address. And, yes, of course,
>I know only too well that IP addresses can be spoofed. (I work at a
>university, after all.) And, of course, I agree that the users should
>be using good passwords for ADSM. However, I have no control over the
>users, nor even much influence. The primary function I envision the
>IP address check giving is a message the first time somebody tries to
>break into somebody else's ADSM backup using the nodename and a password
>but the wrong IP address. Yes, they'd then guess that they needed to
>spoof the IP address, too, but we'd have been warned that mischief was
>afoot.
>
>I can well imagine that many folks don't think this requirement would
>be useful in their environments. I am quite sure it would be beneficial
>here, and I hope I made it clear in my original request that it would
>have to be optional. Even here, we couldn't tie users dialling in to
>back up their home machines to a specific IP address.
>
>However, the requirement I *really* care about is getting the IP address
>displayed each time a client connects. I will assert that that will
>not harm any other installation and I know it would be a boon for large
>decentralized installations where the users are not necessarily known
>to the administrator.
>
>Melinda Varian,
>Office of Computing and Information Technology
>Princeton University
>
>
|