-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I have configured everything needed to boot using PXE using NFS as root-filesystem at home some months ago: http://dpa.li/pxeboot.mp4
I export the root filesystem of an lxc container read only using NFS. It's really convenient, I can install and remove anything I want in my lxc container, and all Systems I booted using PXE will have the new programs immediately. At the same time, the PCs can't make any changes on the root file systems. But I don't actually use it, I just created that system because I can. I guess it would be pretty useful for large companies, if it weren't so slow and insecure. I don't think I could use kerberos in that case, but even if I could, I wouldn't want to use it. It's just so overcomplicated, if I could just use it over TLS or SSH directly, without any tricks, it would be so much easier. I don't even need encryption in my case, a simple way to check if the datas came from the correct place and weren't altered would be sufficient, but the only thing there is to secure NFS is kerberos, the same thing used to secure all MS stuff, the thing best used together with Active Directory, I don't like that. I think what NFS really needs now are simpler alternatives to kerberos. But I don't think mounting just /usr using NFS is a good idea, not because of NFS, but because it's technically a removable media, it may not always be there, even worse, in this case, it may be used and changed by other machines. I think the main problem here is that the current package managers can't handle installing some parts of a software on a removable media. It would be cool to be able to just install some software on some usb sticks or something, and to add and remove them when the software is needed, without the package manager and possibly the rest of the system freaking out. -----BEGIN PGP SIGNATURE----- iQFIBAEBCAAyFiEEZT8xKpcJ1eXNKSM1cASjafdLVoEFAlooKZYUHG1lQGRhbmll bGFicmVjaHQuY2gACgkQcASjafdLVoH2DAf+MBqFuxsQC7AN2jaUW4s4QAZchZma We2qXOd9x/zoeN15/Mt/pmTviYS0u3H9LGZAApmXEkk/mwXw1rYgmhQdV8XmtRgE YOP3cbzfqlRb3YJlKmW53wLMupZr9/FmO3YIpQyaBx2ZkWxF1HRTUCwYFapQJ+l4 0oRZMiX/bKIDbJckiCkKNkeyPHjR74SNsb722G5i7UiaS9wQ/AeZkjNGQbXTt3Zw 9H9lwz4Erf5LLVL//6Smp/mRqBHLYU4iCG2TYZo4YlSDkioFnqLmBrhQQlL/JqDU jkBQrRQY2Y9W7JsBGUwr33TS9ASAVGBhAJgnyf1hJfuxl7+GZcn6Hdih9Q== =1hmx -----END PGP SIGNATURE----- _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
