From owner-freebsd-hackers@FreeBSD.ORG Tue Dec 19 16:38:13 2006 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 75EEB16A412 for ; Tue, 19 Dec 2006 16:38:13 +0000 (UTC) (envelope-from wmoran@collaborativefusion.com) Received: from mx00.pub.collaborativefusion.com (mx00.pub.collaborativefusion.com [206.210.89.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id A2A8043CBA for ; Tue, 19 Dec 2006 16:38:08 +0000 (GMT) (envelope-from wmoran@collaborativefusion.com) Received: from vanquish.pgh.priv.collaborativefusion.com (vanquish.pgh.priv.collaborativefusion.com [192.168.2.61]) (SSL: TLSv1/SSLv3,256bits,AES256-SHA) by wingspan with esmtp; Tue, 19 Dec 2006 10:55:38 -0500 id 00056416.45880B7A.0000EA5B Date: Tue, 19 Dec 2006 10:55:38 -0500 From: Bill Moran To: "Devon H. O'Dell" Message-Id: <20061219105538.b0b1f342.wmoran@collaborativefusion.com> In-Reply-To: <9ab217670612190719r4d72c1d5tcf793aca5c781401@mail.gmail.com> References: <4587F6F1.1050000@metro.cx> <9ab217670612190719r4d72c1d5tcf793aca5c781401@mail.gmail.com> Organization: Collaborative Fusion X-Mailer: Sylpheed version 2.2.10 (GTK+ 2.10.6; i386-portbld-freebsd6.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-hackers@freebsd.org Subject: Re: unique hardware identification X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Dec 2006 16:38:13 -0000 In response to "Devon H. O'Dell" : > 2006/12/19, Koen Martens : > > Hi All, > > > > I was wondering, if something like a unique hardware identification > > would be possible on FreeBSD. > > > > I'd like a machine to authenticate to a server, for which it will > > need a unique identification. Problem is, it should be generated > > automatically and not easy to fake / detect without already having > > root access to the box. > > > > I'm thinking of something like combining serial numbers from > > CPU/disks for example, but there does not seem to be a clear way to > > obtain these (not all cpu's even have a serial number in there). > > > > I am just inquiring if someone on this list has an idea that might > > help with this problem. Missed the original post on this. Kerberos does this reliably and securely. Part of the point of Kerberos is that machines must authenticate themselves to each other. Another option is SSL certificates. Although, since you don't describe the goal you're trying to accomplish, it's difficult to know if either of those will work for you. -- Bill Moran Collaborative Fusion Inc.