Kevin Re: [SunRay-Users] Application that Record IP address

Craig Bender Craig.Bender at Sun.COM
Sun Jan 28 18:55:29 EET 2007 

Usually you can dictate a client name to the OS.  Why not make the 
client name the MAC of the DTU?  Seems a bit silly to correlate security 
to a DHCP enabled environment with spoofing and all.  If need be you can 
go back and correlate DHCP to MAC, but what will that tell you about the 
user?  Absolutely nothing.  What kind of app server doesn't have user 
based controls?

fitra budi anggoro wrote:
> Eureka,
> Look section number 2 will be apropriate solution But it looks 
> complicated :-) What I have in mind before is having a mapping table 
> from Sun Ray Server (using utwho) and log from Application Server. I am 
> not sure about the application behaviour, but I thing it can see from 
> one IP address. (in Section 2, the application can not see from one IP 
> right?) The only purpose of mr customer is security issue using IP address.
> I will look into detail in the aplication side to decide which will be 
> apropriate solution for them
> 
> THanks Kevin
> 
> */Kevin Mescher <kevin.mescher at gmail.com>/* wrote:
> 
>     Fitra,
> 
>     You are in luck. There may be a way you can record the IP
>     address:
> 
>     If you are doing the recording on the SunRay server, you can
>     record the SunRay DTU's IP address. See section 1.
> 
>     If the application is sitting on another system, and you are
>     connecting to it via the network, skip to section 2.
> 
>     Section 1:
> 
>     The utwho command can give you the IP address of each DTU,
>     whether logged in or not.
> 
>     I was planning on using it to assign certain variables based
>     on the IP of the unit, but I found a different solution.
>     Anyway...
> 
>     I don't have my sunray's here, but you can do something like
>     this:
> 
>     /opt/SUNWut/bin/utwho -c |grep $SUN_SUNRAY_TOKEN
> 
>     This will give you the display number, session token, logged
>     in user, IP address, SunRay model, and MAC address.
>     (grepped by token)
> 
>     You can use awk to get just the IP address from the output.
> 
>     This will only work if you are actually logged into the
>     SunRay itself, since it relies on the SUN_SUNRAY_TOKEN
>     environment variable.
> 
>     If you want to get a list of all of the DTU's from the
>     server, you can add -a to the command. You won't be able
>     to grep on the token, but you can get a complete list of
>     all the DTU's connected to that server.
> 
>     Check the man page for utwho for more info.
> 
> 
>     SECTION 2:
> 
>     If you are looking to have a single IP for each DTU
>     represented outside the SunRay environment, it's a much
>     trickier problem.
> 
>     Since the DTU's IP address is only known to the server (and
>     nowhere else), you would have to connect to your network
>     application in a special way.
> 
>     You will have to set up an alias address on your SunRay
>     server for each DTU. Then you will have to force the
>     application to connect from that alias address.
> 
>     I had to do it for an application where I had no source. I
>     forced the application to do a bind syscall (using my alias
>     address to bind to) before running a connect syscall. This
>     effectively set the source address to one of the aliases I
>     had set up. Since I didn't have the source code to the
>     application, I spent a long time running truss to diagnose
>     the behavior, then wrote a interposer library to override
>     the default system calls.
> 
>     Now when I run my application multiple times from the SunRay
>     server, the remote system thinks I'm connecting from a
>     different address for each connection.
> 
>     This approach is doable, but not recommended if you can
>     avoid it. See the bind and connect man pages if you want
>     to take this route.
> 
> 
>     On Monday 22 January 2007 23:39, fitra budi anggoro wrote:
>      > Dear All,
>      > A very nice request from future customer :).
>      > They have an application that record the IP address of
>      > its users. So from application log, they can see any
>      > activity was done by this user/ip address in this
>      > application. They're planning replacing their PCs, the
>      > question is, how sun ray can replace this metodology? we
>      > dont have Static IP, only Sunray Server IP. any idea?
>      > Thanks,
>      > Fitra
>      >
>      >
>      > ---------------------------------
>      > Finding fabulous fares is fun.
>      > Let Yahoo! FareChase search your favorite travel sites to
>      > find flight and hotel bargains.
>     _______________________________________________
>     SunRay-Users mailing list
>     SunRay-Users at filibeto.org
>     http://www.filibeto.org/mailman/listinfo/sunray-users
> 
> 
> ------------------------------------------------------------------------
> Finding fabulous fares is fun.
> Let Yahoo! FareChase search your favorite travel sites 
> <http://farechase.yahoo.com/promo-generic-14795097;_ylc=X3oDMTFtNW45amVpBF9TAzk3NDA3NTg5BF9zAzI3MTk0ODEEcG9zAzEEc2VjA21haWx0YWdsaW5lBHNsawNxMS0wNw-- 
>  > to find flight and hotel bargains.
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> SunRay-Users mailing list
> SunRay-Users at filibeto.org
> http://www.filibeto.org/mailman/listinfo/sunray-users

More information about the SunRay-Users mailing list