Re: An Idea

[Casey Harkins <caseyharkins gmail com>]

On Wed, 2008-08-13 at 12:43 +0100, The Holy ettlz wrote:
> On Wed, 2008-08-13 at 14:36 +0300, Tambet Ingo wrote:
> > This can (and should) be done easily with dispatcher scripts. There's
> > a lot of things that might need to be changed depending on location
> > (things like printers, browser proxies, SMTP server, firewall, ...)
> 
> I've been thinking about this recently --- is there an established,
> medium-neutral way of securely identifying a network? I was thinking of
> doing something like adding an extra option to DHCP that gave clients a
> HTTPS URL which they could use to identify and authenticate a network
> (triggered by an NMD hook), and then configure themselves according to a
> local database.
> 
> James


The approach we've taken is to use separate private subnets for various
networks, avoiding the commonly used ones (192.168.0.0/24,
192.168.1.0/24, 192.168.100.0/24). From this we can deduce which subnet
we are on (never hit an airport/hotel/coffee shop that uses any of our
subnets). One of the things we do with this (which gets back to the
original poster's idea) is to automatically add/remove printers based on
the subnet using a dispatcher script. Our script even pops up a
libnotify message letting you know when printers were added/removed and
which one it set as the system default. As we add new printers at
various offices, we just drop a ppd file and simple config file into our
package, push out an updated rpm, and all machines will support the new
printer if they are connected to that subnet. I can think of better ways
to handle this, but this is a simple low-tech solution that has worked
well for a few years now.


-casey