[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] NIS (or other) authentication



The problem with doing this is that you also block students from viewing their own files. Suppose I'm at grandma's house and want to do my homework. Your server notices I'm trying to get in from a different computer and, even though I have the right password, blocks me.

You can't really use IP addresses to verify, because lots of ISPs assign them dynamically and they change each time the student logs in. I know ethernet cards and ethernet equipped computers have unique MAC addresses, but do modems for kids who use a dial-up connection?

If you want to be pretty safe, have the kids authenticate using a DSA public/private key. Give each of them a floppy disk at the beginning of the year with their very own private key whose public mate is stored on your server. Since these are incredibly long, it's not likely someone else could steal it easily, without stealing the whole disk, or copying it off the kid's computer.

On the other hand, if you make passwords reasonably secure (require both capital and lower-case letters, and at least 1 non-alphabetic character), then it's the kids' own faults if they let them fall into someone else's hands. Stress password security, and run periodic backups so that if someone does something malicious you can minimize damage...

Todd

On Wednesday, July 30, 2003, at 04:11 PM, John McQuilliams wrote:


Gentlemen
We are in the planning stages of having all student homework done via the net ( as of this year all students must have a computer or access to one in their home ) The school will have control of all computers allowed into the student network. A question was asked, how can we best maintain an adequate security that would eliminate students accessing to others files given the proper password.
Is there a circuit on the computer that can be configured to identify the sending computer that is reasonable tamper proof. I:E adjustable only by qualified personell either at time of installation or via the web. The idea being the router filter would not allow access if both id's did not match ( personal ID & computer ID.
Any suggestions welcome


John McQuilliams



John McQuilliams


_______________________________________________ K12OSN mailing list K12OSN redhat com https://www.redhat.com/mailman/listinfo/k12osn For more info see <http://www.k12os.org>




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]