Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!rutgers!tut.cis.ohio-state.edu!ucbvax!hoptoad!tim
From: tim@hoptoad.uucp (Tim Maroney)
Newsgroups: comp.sys.mac.programmer
Subject: Re: Locking the "chooser" user name?
Keywords: chooser username appletalk
Message-ID: <7680@hoptoad.uucp>
Date: 16 Jun 89 20:55:40 GMT
References: <835@unocss.UUCP>
Reply-To: tim@hoptoad.UUCP (Tim Maroney)
Organization: Eclectic Software, San Francisco
Lines: 27

In article <835@unocss.UUCP> dent@unocss.UUCP (Dave Caplinger) writes:
>Can anyone suggest a way to set the "chooser" username once and then prevent
>it from being changed in the future?

No.  Macs are not secure machines.  Anyone would be able to defeat your
scheme by booting from a floppy disk or throwing away the INIT file you
use to implement this scheme.  The only somewhat feasible possibility
is to put special code in your hard disk boot blocks which enforces
this, and then it would be very likely to break under future OS
revisions.  Macs are not secure and you'll have to plan around that
fact.

However, you can detect which Appletalk network a Macintosh is
connected to simply by checking the network number of its address.  Not
what node it is on the network, but the network is no problem.  This is
also rather difficult to defeat because it is enforced by the gateways
and bridges.  Still, an after hours user would be able to remotely
reconfigure some gateways and bridges without raising any immediate
alarms; so you still can't absolutely rule out masquerading.
-- 
Tim Maroney, Mac Software Consultant, sun!hoptoad!tim, tim@toad.com
Postal: 424 Tehama, SF CA 94103; Phone: (415) 495-2934

"I was brought up in the other service; but I knew from the first that the
 Devil was my natural master and captain and friend.  I saw that he was in
 the right, and that the world cringed to his conqueror only from fear."
    - Shaw, "The Devil's Disciple"