On Tue, 30 Apr 2002, Michael O'Donnell wrote:
> So, educate me - how would you go about using
> something algorithmic like MD5 or an asymmetrical
> key-pair to solve this problem?  Is it a requirement
> that a GUID be the same from boot to boot?  If a
> system reboots with a different GUID do things break?
> If GUID generation is algorithmic how do you know
> it's unique?  Would use of an asymmetrical key-pair
> (please assume I don't know what I'm talking about)
> imply that each machine would have a different GUID
> for every other machine it communicated with?

Unfortunately, I don't know enough about exactly what he's trying to do.  
All I know is he wants a unique identifier on a per system basis.  
Asymmetrical keypairs could do the job, but so could a number of things - 
it really depends on exactly what's going on.  Are they all calling home 
at some point and checking in with a centralized box?  Is it for asset 
management?  How exactly this would be done is pretty difficult to say 
without knowing the project.  Providing ideas about unique identifiers was 
all that was asked for... but.. lets take the mothership scenario..

Create an asymmetrical keypair for each machine, make a decision of which 
place you'd rather store the private key (distributed or centralized).  
Have the machine contact the mothership every hour on the hour (machines 
synced to ntp) with the private key - or have the mothership contact the 
machine hourly with the machine's private key.  Run the check to insure 
the box is, in fact, the box and give it a green light.  

Lets take another example... syslog checkin.  Have the box send its MAC 
with a timestamp saying that it was alright at the time.  You know that 
the boxes check in with their MAC in syslog every hour.  You have a list 
of MAC addresses to watch for, if you don't see X MAC, you send an email 
to sysadmin.  If you lose a box in the field, you can have it swapped with 
a hot spare and forge the MAC for a short term solution.

Just a couple of ideas.

Ben

-- 

Better to do a good deed near at home than go far away to burn incense. 


*****************************************************************
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*****************************************************************

Reply via email to