On Fri, May 18, 2007 at 11:36:02AM -0700, Partington, David R Mr (NGIT) USAIC&FH wrote: > Ivar, > The Pop-up gui has been enabled in Tadpole Laptops since they came > out. We have 45 Tadpoles in a classroom enviroment and I don't know of any > student that has ever discovered the feature. I applaud Sun for making this > capability available. The benefits far exceed the risk. There are many ways > to control firmware delivery to DTU's. Also if you read the Admin guide. You > can remotely load all the configuration data. Below is a snippet from the > Admin and Installation Guide. Looks like Sun did their homework. > > To help avoid error-prone manual entry of configuration data for deployments > where pre-configuration is required, you can use the Pop-up GUI to download > a configuration to a Sun Ray DTU from a file on a server via TFTP, as > indicated in FIGURE?7-7. > The following keywords correspond to configuration values that can be set > from Pop-up GUI menus (see "Pop-up GUI" on page?113). To group items that > are logically related, some of the keywords take the form <family>.<field>. > TABLE?7-4 ?Pop-up GUI Menu Configuration Values > VPN/IPsec Submenu > vpn.enabled > enable toggle > vpn.peer > remote gateway name/IP address > vpn.group > VPN group > vpn.key > VPN key > vpn.user > Xauth user > vpn.passwd > Xauth password > vpn.pin > PIN lock for use of user/passwd > vpn.dhgroup > Diffie-Hellman group to use > vpn.lifetime Hm, well. Job done half, I would say: Hit Stop-c (if I remember correctly, no sunray reachable to veryfy at the moment) and select "reset to factory settings" and all those carefully configured settings are gone! No password needed. I did a test this afternoon asking a student to "hack" and reset my 170. She tried "Stop" first, I ashured her beeing on the right track and around 15 minutes later the sunray had "factory settings". I can understand there are deployment scenarios where the Pop-up gui is needed. But in environments with a lot of "inquiring minds" with lots of time and no supervising personnel around unsecured setup features _are_ used!
Kurt _______________________________________________ SunRay-Users mailing list [email protected] http://node1.filibeto.org/mailman/listinfo/sunray-users
