ADSM-L

Re: ADSM's lack of knowledge of IP addresses

1996-12-04 17:28:34
Subject: Re: ADSM's lack of knowledge of IP addresses
From: Kelly Root <kroot1 AT TUELECTRIC DOT COM>
Date: Wed, 4 Dec 1996 16:28:34 -0600
If it doesn't cause any problems using DHCP, I have NO agruments about
IBM adding this function.

At 04:02 PM 12/2/96 EST, you wrote:
>On Mon, 2 Dec 1996 at 14:38:49 -0600, Kelly Root said:
>
>> We are going to start using DHCP also. So I would plead with IBM NOT
>> to record the IP address. This would cause ALL kinds of problems.
>
>Kelly,  I asked that IBM display the IP address in the session start
>message and record the last IP address used for each node.  Could you
>explain, please, what kinds of problems that could possibly cause for
>anybody?  I'll grant that it might make your database larger by a few
>bytes for each client, but I can't see any cost other than that.
>
>Obviously, this function wouldn't be useful with DHCP, but I don't
>see how it could do any harm.  And I can see all sorts of benefit.
>
>We have 2600 ADSM clients now and expect that number to continue
>growing rapidly.  These users are spread over a large area in a very
>decentralized environment, so I often need a clue to help me get in
>touch with a user; the IP address would do that.
>
>For example, we use open registration here and I often see someone trying
>to connect with a bad node name (such as none at all).  If the session
>start message included the IP address, I could get in touch with the user
>and help him fix his options or preferences file.  I've had situations
>in which two users used the same node name; if the IP addresses had been
>recorded, those situations would have been much easier to straighten out.
>And I've had many other situations in which I just couldn't tell who the
>user was, but I needed to get in touch with him.
>
>I also asked for an option (which would, of course, need to be settable
>for the installation as a whole, with overriding options settable for
>each client) to limit access to a given IP address.  And, yes, of course,
>I know only too well that IP addresses can be spoofed.  (I work at a
>university, after all.)  And, of course, I agree that the users should
>be using good passwords for ADSM.  However, I have no control over the
>users, nor even much influence.  The primary function I envision the
>IP address check giving is a message the first time somebody tries to
>break into somebody else's ADSM backup using the nodename and a password
>but the wrong IP address.  Yes, they'd then guess that they needed to
>spoof the IP address, too, but we'd have been warned that mischief was
>afoot.
>
>I can well imagine that many folks don't think this requirement would
>be useful in their environments.  I am quite sure it would be beneficial
>here, and I hope I made it clear in my original request that it would
>have to be optional.  Even here, we couldn't tie users dialling in to
>back up their home machines to a specific IP address.
>
>However, the requirement I *really* care about is getting the IP address
>displayed each time a client connects.  I will assert that that will
>not harm any other installation and I know it would be a boon for large
>decentralized installations where the users are not necessarily known
>to the administrator.
>
>Melinda Varian,
>Office of Computing and Information Technology
>Princeton University
>
>
<Prev in Thread] Current Thread [Next in Thread>