On Fri, 7 Jun 2002 [EMAIL PROTECTED] wrote: > In the past, some people have suggested just copying the > servers /etc/passwd file to /opt/ltsp/i386/etc, but I can > tell you very clearly that will NEVER be part of a > standard LTSP package.
Beyond the obvious 'least privilege argument' in not releasing /etc/shadow across plain text NFS, (where the crypt lives), did you have other issues in mind? -- a certificate based ssl or keyed ssh-tunnelled, tcp based NFS for /etc and for swap (to avoid plucking plaintext passphrases and so on) seem both urgent, and to solve the issue. > Creating a special-purpose daemon to handle this, in my > opinion, is just reinventing the wheel. Use what is already > there, and spend your time solving other more important > problems. ummm. If not LDAP authorization bits, how about - Radius for individual user auth? Most applications in Linux and certainly in Red Hat which require authentication are PAM-ified, and a Radius plug in exists. > But, I also invite you to challenge me on this. Maybe you've > got a better way. > > server on all workstations. It could also be done by > > creating a special-purpose daemon just for this task. Then > > we could implement our own style of security measures in > > the controlling daemon. or push the PUBLIC keychain authorised_keys, etc of root around to all hosts, and retain the private key on the servers -- locked with passphrase as desired, and with ssh-agent running to hold the unlock rights. -- Russ Herrold _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.openprojects.net
