A colleague and I were recently debating whether it's an OK policy to allow wireless access based on users MAC addresses. He has a small office where most people are wired, but a few are wireless and are part of that notorious gang that can't be bothered with passwords.
He also said that basing authentication on MAC address gets rid of network misidentification problems on the client end.
I say malarky, and whatever benefits he's seeing aren't worth the security risks if a spoofer comes in and sees what's going on.
Am I just old fashioned, or is he opening up a hole the size of a barn?