On Thu, 2002-03-07 at 19:34, Hans Ekbrand wrote:
> On Thu, Mar 07, 2002 at 10:19:52AM -0600, Jason A. Pattie wrote:
> > John Cuzzola wrote:
> >
> > >*** A possible solution may be to create a VPN(IPSEC) betweeen the client
> > >and the server. Allow the home directory to be mounted only through the
> > >VPN.
> > >
> > A very good solution and one that is not too hefty to implement.
> > However, how to you store "securely" the secret keys for each
> > workstation?
>
> That would not be necessary. The workstations never mounts /home
> (unless we are speaking of local apps here, but that is another
> story).
Agreed. The only way to be secure is to simply let anyone boot, but all
you get is an X server. If you want more, type a password.
>
> So only the LTSP servers need to be involved in the VPN/secret-key
> thingy.
>
> AFS or Samba has been suggested as superior alternatives to NFS and
> NFS over VPN sounds more difficult to implement, though I haven't
> tried any of them.
Samba has stronger authentication, but there are two drawbacks:
- where do you store the Samba password.
- Samba doesn't support the full Unix permission model. This isn't such
a big deal for workstations.
> --
>
> Hans Ekbrand
--
Berend De Schouwer
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.openprojects.net
