What we have to work with: Users have full control over their workstations Users should be able to use any workstation Users should be able to get all their files from any workstation
What this means is we cannot trust the authentication of the clients; the servers must perform some level of authentication themselves. This is the problem Kerberos was designed to solve -- resources on a given server need a valid authentication ticket from a ticket granting server, which performs password-based challenge-response authentication of the user at the keyboard. While the workstation's roots can install trojans to gather a kerberos password from a user, that is a new level of distrust for the problem; that can only be solved by not level them have root access. (Which in a computer lab setting is probably a wise idea; on developer workstations, is probably a pretty poor idea.) Another option, perhaps easier than kerberos, is users can use gpg's symmetrical encryption support, and encrypt the files they care about most. This won't solve the trojan problem. But learning to use gpg is a lot easier than learning to setup kerberos. :) (Maybe SMB-style shares would solve this problem too, as they can require authentication before granting access to users.) -- "There's an old saying in Tennessee, i know it's in Texas, probably in Tennessee, that says, 'Fool me once... shame on ... shame on .. you; but fool--you can't get fooled again.'" -- Commander in Chief of the US Military
msg00548/pgp00000.pgp
Description: PGP signature