Re: question.....[VERY LONG AND INVOLVED]
Re: question.....[VERY LONG AND INVOLVED]
- Subject: Re: question.....[VERY LONG AND INVOLVED]
- From: Gnarlodious <email@hidden>
- Date: Thu, 20 May 2004 11:42:40 -0600
Entity John C. Welch spoke thus:
>
>>> 2) Is there a way to turn off Rendezvous?
>
>>
>
>> It's complicated and not guaranteed to work, and if you totally shut it off,
>
>> you cripple DHCP functionality as well.
>
>>
>
>> *why* do you want to do this
>
>
>
>
>
> TIGHTEN DOWN THE SYSTEM.... WE ARE NOT ALLOWED TO USE RENDEZVOUS...
>
>
Well, for one, Rendezvous is no more or less secure than DHCP or DNS.
>
Whomever thinks it isn't doesn't understand how it works.
>
>
Anyway, as far as COMPLETELY disabling Rendezvous...that's impossible...let
>
me explain why:
>
>
Rendezvous is a marketing name for Zeroconf.
>
>
Zeroconf consists of three things:
>
>
Link-Local IPv4 addressing, aka LLv4.
>
Multicast DNS
>
DNS Service Discovery, aka DNS-SD
>
>
Now, by the numbers:
>
>
1) To disable LLv4, you have to disable DHCP. That's because LLv4 is also a
>
part of DHCP. (ever wonder where that address you get when you can't find a
>
DHCP server comes from? LLv4. It's a part of the DHCP spec. So, to disable
>
this, you have to disable all DHCP services. I'm going to guess that's not
>
an option.
>
>
2) MDNS has been around for a while, and is only now being used. However,
>
when people talk about "disabling Rendezvous", this is what they mean most
>
often. If you look at the Web Setup for any newer HP printer, you'll see an
>
mDNS entry. That's their zeroconf support. All this does is allow machines
>
on the local link to see available services without needing a central
>
unicast/"regular" DNS server. To disable this you have to do two things:
>
>
1) disable the "Rendezvous" plugin in the Directory Access Application
>
2) move the "mDNSResponder" folder out of /System/Library/StartupItems/
>
>
Note...after doing this, you will essentially kill the abilty to do things
>
like easy printer discovery, etc. If you do this on a laptop, warn people
>
that this service is disabled for all logins and all locations. Period. If
>
they were using it, they aren't anymore. This kills a LOT of stuff.
>
>
Note: this is no more or less secure than any form of DNS. It just doesn't
>
need a central server, and isn't routable.
>
>
3) DNS-SD; To kill this would require the complete banning of
>
unauthenticated DNS at your location. Why? Because it's a part of standard
>
DNS. No, really.
>
>
So, if they want complete disabling of Rendezvous, that means:
>
>
No DHCP
>
No mDNS
>
No DNS at all
>
>
Which I'm guessing isn't what they mean.
Whew!
And I thought it was as simple as disable it in Directory Access!
set XMLfile to
":Library:Preferences:Directory
Service:DirectoryService.plist";
set keyName to "Rendezvous"
-- read value
do shell script "sudo sed -n '/" & keyName &
"/{n;s/[^t]<string>\\(.*\\)<\\/string>/\\1/p;}' " & POSIX path of XMLfile
I was attemptin go change it with
do shell script "sudo sed -n '/" & keyName &
"/{n;s/\\(.*\\)Inactive\\(.*\\)/\\1Active\\2/p;}' "
but couldn't get the sed right.
Even if you could turn it off this way, I don't know if or how you could
verify it or if the service would update automagically.
-- Gnarlie
Finally! Change your "Computer" icon from that boring iMac:
<
http://www.Gnarlodious.com/Mac/AppleScript/Finder-ChangeComputerIcon.sit>
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.