mab@mentor.cc.purdue.edu (Mike Brown) (04/11/90)
We have a number of campus departments that want to attach their
AppleTalk networks via Kinetics FastPath boxes to the campus IP
backbone, for connectivity with other campus AppleTalk networks and
with the internet. Some of these departments don't have Unix systems
and/or expertise to run atalkad, so I've added entries to my atalkatab
file for their K-boxes.
This causes a problem because every K-box in an atalkatab file knows
about every other K-box in the file. Some departments are concerned
about potential security problems and want to limit this global view of
the world. They want to restrict interdepartmental access to a
specific subset of foreign K-boxes. Normal AppleTalk/K-box zone
security won't cut it because some of departments already have several
internal zones.
I want to add the capability to atalkad to have it tell K-boxes about
subsets of the entries in the atalkatab file. For example, assume I
have an atalkatab file with 9 entries. Department A uses K-boxes 1-3,
department B uses K-boxes 4-5, department C uses K-boxes 6-9, and
interdepartmental connectivity is required between users of K-boxes 2
and 4. Each K-box should know about the K-boxes in it's own department
and only the other K-boxes it has to communicate with. So we could
describe this with a list of partitions:
1 2 3 (dept A)
4 5 (dept B)
6 7 8 9 (dept C)
2 4
where each K-box needs to know about the K-boxes in any partition list
it's a member of. Thus:
1 3 know about 1 2 3
2 knows about 1 2 3 4
4 knows about 2 4 5
5 knows about 4 5
6 7 8 9 know about 6 7 8 9
I'd likely do this by keeping the partition data in a separate file in
more-or-less the above conceptual format (list of partitions), though
I'd use IP addresses instead of ordinal numbers to identify the
K-boxes. This would allow preserving the current atalkatab file
format.
Has anyone out there already done something like this? I'd love to
find out that someone has done the dirty work...
--
Mike Brown, Network Systems Programmer Internet: mab@cc.purdue.edu
Purdue University Computing Center Bitnet: xmab@purccvm
Mathematical Sciences Building Phone: (317) 494-1787
West Lafayette, IN 47907-2003, USA Fax: (317) 494-0566
--
Mike Brown, Network Systems Programmer Internet: mab@cc.purdue.edu
Purdue University Computing Center Bitnet: xmab@purccvm
Mathematical Sciences Building Phone: (317) 494-1787
West Lafayette, IN 47907-2003, USA Fax: (317) 494-0566