-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03.06.2015 06:26, ????? ???????????? wrote: > On Tue, 2 Jun 2015 at 15:39 Ivan Mincik <ivan.min...@gmail.com> > wrote: >> I was thinking that if we would use encrypted root, only system >> administrator would be able to boot client machines by manually >> entering password. Or, do you know any better solution ? > > If you're willing to go to each client and enter a > username/password, you might as well use a USB stick with a > kernel/initrd and the encryption key with it, and boot with that > (and of course remove it 5 seconds later, when the kernel/initrd > are loaded). > > To avoid that, read about multi-key encryption and also try to find > a way like dmidecode with which you can get a static seed from > each client, readable only by root.
Thank you very much Alkis, this brings a new ideas to my problem. - -- Ivan Min?ík ivan.min...@gmail.com GPG: 0x79529A1E http://imincik.github.io/0x79529A1E.key ivan.min...@gista.sk GPG: 0xD714B02C http://imincik.github.io/0xD714B02C.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJVbsrTAAoJEPfdLsR5UpoeSREH/01cDFpjJdJlb0pq0CgVO37K +Isp6HZO67yZRN25sZoiv6JyQR6256wvOIqtKY3Ljl950RlUKq5fy4dM+SWYyZuL IMSumXRLUJ1mtnMqXovIynG1zlhZtf3DYBDjzY9XKffxA7JcLflx+gEjwfqmtzJH 9scAWoS2vtHdYyyppyeay+XiNxRd/H7sHzahpMVKFdieWrSJh25qArGZLPCRZuOV bO6OZSWoGGbo71ah+9uzYL7OdHhd/Ad7Z+i7/Tys7Hx1ySbd66HfDZ5IpHLSHCDu 3AfvMlqfhdgsU+AzaimOH8b8EYPBRSqOJ8WOpm0QUly1GDd8phei23hWmg+T/Z4= =x34k -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
