[mythtv-users] Has anyone configured a "semi"-diskless frontend?
    Brad Templeton 
    brad+myth at templetons.com
       
    Thu Jan  6 20:16:49 EST 2005
    
    
  
On Thu, Jan 06, 2005 at 06:11:22PM -0600, Kevin Kuphal wrote:
> It'd sure be nice if there was a way for a mythfrontend to discover all 
> the settings needed on a network.  Something like 
> Rendevous/ZeroConf/UPnP.  Does anyone who runs KnoppMyth in this way 
> know what all the settings are that are asked for on boot?  Is it just 
> the address of the master backend or are there more?
Strictly, it's the address of the database server, which then reveals
the address of the master backend and other backends.
Indeed, discovery and plug and play are very useful ideas, and no doubt
are on the feature list somewhere.
You can't really discover SQL servers without opening up their security
more than people like.   So what would make sense would be for the
master backend to listen for broadcast packets on a port, and respond
to them with config info for frontends and other backends.
Still, this is hard to keep secure.  For example, it means anybody
into your network would be able to ask the master back end for
the database password, where they could screw with it.  And they
could do just about anything to your myth system.   That includes
any malware downloaded by some windows user on your network.
Likewise, people could pretend to be myth servers but that is less
dangerous (unless you now type in the password and give it to them in
which case they can do the same things as above.)
But this, at least, can be spotted since 2 servers are responding.
The most secure way to do it and still be close to ZUI is as follows.
a) Client boots up.
b) Master backend prompts somebody (a trusted client, or a user on the
backend) saying, "1 and exactly 1 new clients have asked for access.
Grant it?"
c) You say yes, and you can be (generally) sure you're only giving access
to the machine you just brought up.
Ideally the front end machine is able to store something somewhere
(or have its own password as a key to data in the database) so it doesn't
have to follow this procedure every time in boots.
    
    
More information about the mythtv-users
mailing list