[mythtv-users] Has anyone configured a "semi"-diskless frontend?

Brad Templeton brad+myth at templetons.com
Fri Jan 7 04:00:27 EST 2005


On Fri, Jan 07, 2005 at 08:36:43AM -0000, mythtv-users at fastdruid.co.uk wrote:
> Better than that why not do it by MAC address recognition, first time a
> machine
> pops up the backend asks if you want to allow it, if you say yes that
> MAC/IP
> is stored. Next time it pops up it will go oh yes I grant access to that
> one.

Unfortunately the MAC address is totally insecure.  You really want
the remote computer to have some way of remembering something to
authenticate itself.   It would be nice, actually, if there were an
official way to make use of some of the unusued flash space the bios
sits in, for example.

There are some tricks you can play, which are not super secure but
much better than the MAC.   For example, you can calculate a signature
of sorts for the hardware of the machine in some fashion (pulling out
non-public things like identifiers of all the non-removable PNP hardware,
anything with serial numbers etc.)  It doesn't have to be portable, as
long as you can get something non-guessable that will remain the same
boot to boot.  (If it changes you have to re-auth.)

Then you have a secret number you can use to prove you're the same
machine that authenticated last time.

Short of all this, the user can type in a password of course.  And that's
actually not that dreadful really.   Client boots, user enters password,
and you're up.   No IP addresses or any of that stuff.   This is
easy to implement and modestly secure against random attempts to
screw up your systems.



More information about the mythtv-users mailing list