mån 2003-01-20 klockan 11.00 skrev Marc Elsen:
> An example : at our site , some people use vmware, already meaning
> that a pc which runs a virtual machine, is on the network
> with more then one hw address (!). This already poses a kind of
> a problem in your scheme, let alone that we invent some of these
> addresses ourselves.
> Luckily the users can not do this...
Most OS:es allows the sysadmin to change the MAC address at will..
almost all flavors of UNIX, Windows, most likely MacOS also..
Another argument against MAC based access controls is that it only works
for stations on the same Ethernet segment as Squid. If there is a router
in-between the clients and Squid then Squid will only see the MAC
address of the router as the packets have been routed. Routing is an IP
layer operation while MAC addresses only exists in Ethernet below the IP
layer..
Regards
Henrik
-- Henrik Nordstrom <hno@squid-cache.org> MARA Systems AB, SwedenReceived on Mon Jan 20 2003 - 13:14:40 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:44 MST