>I need some informations, if it's possible to let FlexLM interact
>with a PC dongle on a parallel port. Reason: under Solaris 2.5 the
>hostid isn't relieable anymore and uniq for a machine, because one
>could mirror equal scsi disks using dd - Linux or FreeBSD dd, because
>Solaris dd doesn't start reading sector 0 ;-)
Either go back to the drawing board on everything (i.e. Solaris on all
machines including SPARC machines) or nothing. Here's why...
On x86 machines the code to generate the hostid is in
/kernel/misc/sysinit. This little kernel module does nothing other
than fill in hw_serial with the hostid. There is a little code in
this to try to prevent tampering, but you can just copy hostids on
x86 machines by copying the /kernel/misc/sysinit module from one
machine to another. There is no need to do anything as cumbersome as
dd of disk slices. In fact, I provide code for generating a new
/kernel/misc/sysinit with any hostid you want in my change-sun-hostid
package.
On pretty well all modern SPARC machines the hostid is stored in an
NVRAM chip. There are built in commands to program in a new hostid
from the PROM monitor, namely mkp and mkpl. Anyone can program in a
new hostid in a couple of minutes.
Changing the NVRAM or /kernel/misc/sysinit is probably not the best
way to go about this sort of thing, there are various ways to just
make sure sysinfo returns whatever hostid you want, and I provide a
toolkit for changing the real and/or apparent hostid on a Sun
workstation or Solaris machine. You can get it from
ftp://ftp.netcom.com/pub/he/henderso/change-sun-hostid.tar.gz
ftp://ftp.wimsey.com/pub/crypto/sun-stuff/change-sun-hostid.tar.gz
http://www.squirrel.com/squirrel/sun-stuff/change-sun-hostid.tar.gz
So the hostid is virtually useless.
(Aside: I should say that I do think that providing more secure
licence control software is an interesting problem - but the current
commonly used licence managers provide minimal security for the
application, mostly because the licence management component of the
software is not tightly bound into the application - but just sits
off as a separate component and gets called once in a while. Because
of this it is generally easy to arrange for the licence management
routines not to get called. The lack of a "secure hostid" is only a
small part of the problem of licence control in software. Perfectly
secure licence control is intractable anyway - if anyone wants to
discuss this, send me email)
End result...
You have two choices.
1. You need to put dongles on everything. Your users won't tolerate
it. You'll go out of business. Of course, dongles can be spoofed, and
the hooks into the dongle code can be removed from your code.
2. You need to have some sort of rudimentary trust in your customers.
Consider the following not-so-hypothetical situation
- Developers need to work on weekend to meet deadline.
- Main licence server dies on Friday evening.
- Sysadmin gets replacement machine swapped in - but the applications
the developers need won't work because the new machine has a different
hostid. Can't just swap NVRAM chips because machines are of a different
type.
- What does sysadmin do?
- Tell developers to go home. No way to get licence servers working
so that they can do their jobs. Vendors don't give out new keys
on weekends. Deadline missed. Senior management and user community
are unhappy.
- Fix things so that the replacement machine appears to have the
same hostid as the original, so that the developers can work.
Call vendors on Monday morning to request new keys. Users
celebrate "we love the sysadmin day" :-) Senior management doesn't
notice anything happened until they get the bill to repair the original
licence server.
I'm a working sysadmin, and I know what I believe the right course
of action is.
Now some might argue that all this would have been unecessary if I
had the machines on contract. But I've certainly had machines on 7x24
2hr response contracts for which the folks at the service organisation
took a few days to resolve the problem (not their fault - computers
are tricky beasts, especially when problems are intermittent). Service
contracts are not a panacea.
Redundant licence servers are another alternative supported by, at least,
FLEXlm and Elan. However,
- not all vendors with licence control software support redundant licence
servers
- it is not always possible to implement redundant licence servers in
a reasonable way due to financial or other constraints. (I don't
like running licence servers on machines with users - machines without
users logged into them are usually more reliable)
Have you ever requested a new key (for a different hostid) from a
vendor? Some vendors will turn them around more or less immediately
during business hours. Some require faxing paperwork back and forth,
that needs to be signed by various people, and take two or three DAYS
to get back to the customer with a new key.
So you may wonder, what am I really saying in this long rambling article.
I know that I'm beginning to wonder ;-)
- Don't lock your licences to particular machines. It will cause your
customers grief.
- Going to a dongle is one step worse, because the usual model for a
licence server is to have one machine serving up all licences for a
workgroup, department, or a company. This machine might have a couple
dozen licence servers running on it. If every one of these came with
a dongle, one would certainly have an interesting hardware
configuration. There is a general syndrome with software developers
where they seem to assume that their's is the only application their
users are running. This often causes lots of interesting installation
issues.
- licence control is a hard problem.
A nice alternative model is the one used by the licence server in
Framemaker 4.0 and 5.0. The Frame licence servers are not node
locked, but broadcast to find other frame licence servers on the
network. If they find another licence server making the same key
available, one of them will shut down. Elegant and not a problem when
the server needs to be moved. Of course, people can subvert this
by having servers on different networks, etc. - but it is a more
reasonable consideration of the needs of the customer.
Of course, this all comes down to the question of balancing the needs
of the customer for availability against the needs of the developer
for the security that they'll get paid for the software that is used.
People who have worked with me will testify that I feel _very_ strongly
that developers should get paid for the software that is used. I
realise that finding the right compromise is not an easy thing, but
if you make things too hard for your customers, they'll likely take
their business somewhere else. Dongles are almost certain to scare
off many potential UNIX based customers.
--
ViaCrypt PGP Key Fingerprint: 21 F6 AF 2B 6A 8A 0B E1 A1 2A 2A 06 4A D5 92 46
unstrip for Solaris, Wimsey crypto archive, TECO, computer security links,
change-sun-hostid, Sun NVRAM/hostid FAQ - http://www.squirrel.com/squirrel/
by