On Tue, 30 Apr 2002, Michael O'Donnell wrote: > So, educate me - how would you go about using > something algorithmic like MD5 or an asymmetrical > key-pair to solve this problem? Is it a requirement > that a GUID be the same from boot to boot? If a > system reboots with a different GUID do things break? > If GUID generation is algorithmic how do you know > it's unique? Would use of an asymmetrical key-pair > (please assume I don't know what I'm talking about) > imply that each machine would have a different GUID > for every other machine it communicated with?
Unfortunately, I don't know enough about exactly what he's trying to do. All I know is he wants a unique identifier on a per system basis. Asymmetrical keypairs could do the job, but so could a number of things - it really depends on exactly what's going on. Are they all calling home at some point and checking in with a centralized box? Is it for asset management? How exactly this would be done is pretty difficult to say without knowing the project. Providing ideas about unique identifiers was all that was asked for... but.. lets take the mothership scenario.. Create an asymmetrical keypair for each machine, make a decision of which place you'd rather store the private key (distributed or centralized). Have the machine contact the mothership every hour on the hour (machines synced to ntp) with the private key - or have the mothership contact the machine hourly with the machine's private key. Run the check to insure the box is, in fact, the box and give it a green light. Lets take another example... syslog checkin. Have the box send its MAC with a timestamp saying that it was alright at the time. You know that the boxes check in with their MAC in syslog every hour. You have a list of MAC addresses to watch for, if you don't see X MAC, you send an email to sysadmin. If you lose a box in the field, you can have it swapped with a hot spare and forge the MAC for a short term solution. Just a couple of ideas. Ben -- Better to do a good deed near at home than go far away to burn incense. ***************************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *****************************************************************
