[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: encrypted root fs on a slug and crypto-modules

On Mon, 2008-02-25, at 07:08:35 +0100, Rick Thomas wrote:
> I don't know how much load you're going to put on your proposed
> Kerberos KDC, but the extra CPU load placed on it by encrypting the
> filesystem may make it unresponsive, given the Slug's not-very-fast CPU.

My production environment is a home network with five users. So the
kdc load is not very big. Some would say kerberos is overkill there,
and I might agree. But it is fun to use kerberos, ldap (on another
server) etc.

Anyway my goals for a KDC are:

* separate computer for security
* low power (I'd like to use my carbon footprint and money
  for other things)
* possibility to log in through a console (serial port ok)
  then sshd would not be needed and remote access more difficult
* preferrably low cost
* while high availability is good I'm ready to trade that
  for low power in this application
* ethernet

I did look at some other single board computers. One idea was to use a
SBC like a colibri or similar, mount it inside the chassi of my normal
file/ldap/... server, which would provide shelter and electricity, and
then have eth and serial/USB console available on the back where all
PCI-card connectors are. Such a solution would meet many of the above

My experiment with encrypted file system was initiated simply see if
it is possible to rasie security even higher, but mainly as a geek
thing. If I get it installed and performance is to low, I will fall
back to a normal ext3.


Reply to: