On Thu, 2002-03-07 at 19:34, Hans Ekbrand wrote: > On Thu, Mar 07, 2002 at 10:19:52AM -0600, Jason A. Pattie wrote: > > John Cuzzola wrote: > > > > >*** A possible solution may be to create a VPN(IPSEC) betweeen the client > > >and the server. Allow the home directory to be mounted only through the > > >VPN. > > > > > A very good solution and one that is not too hefty to implement. > > However, how to you store "securely" the secret keys for each > > workstation? > > That would not be necessary. The workstations never mounts /home > (unless we are speaking of local apps here, but that is another > story).
Agreed. The only way to be secure is to simply let anyone boot, but all you get is an X server. If you want more, type a password. > > So only the LTSP servers need to be involved in the VPN/secret-key > thingy. > > AFS or Samba has been suggested as superior alternatives to NFS and > NFS over VPN sounds more difficult to implement, though I haven't > tried any of them. Samba has stronger authentication, but there are two drawbacks: - where do you store the Samba password. - Samba doesn't support the full Unix permission model. This isn't such a big deal for workstations. > -- > > Hans Ekbrand -- Berend De Schouwer _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.openprojects.net