|
|
In article <xoavd5s8bk5j.fsf@xxxxxxx>,
James Carlson <james.d.carlson@xxxxxxx> wrote:
>> I'm not convinced. One thing about MAC addresses is that they are
>> approximately globally unique, bu PCs with user passwords are not.
>> You're unlikely to make users type passwords every time their systems
>> need to renew a DHCP lease.
>
>Perhaps.
I remember a lot of agony at my employer of the time, a UNIX vendor,
about how to deal with the equivalent authentication & authorization
problem for diskless NFS clients. We never did find what seemed like
a slightly secure solution that even the spooky users in rooms with
steel walls would tolerate without complaining about having to type
too many passwords. (Years before marketoons in the Windows world
started yammering about "thin clients," keeping servers with spinning
disks in vaults was evidently more convenient than moving disks between
UNIX workstations to vaults every morning and night.)
>> DHCP authentication is good for preventing some largely innocent
>> mistakes such as connecting to the wrong network. It's more about
>> network hygiene than security.
>
>I think the target market is essentially the same as that for PANA: a
>minimal level of authentication necessary to connect to a hotel
>network and the like. Not guarding the gate at Fort Knox.
>
>(Though we're probably saying essentially the same thing ...)
I think so.
Vernon Schryver vjs@xxxxxxxxxxxx
|
|