[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Floppy

Jonas Smedegaard skrev:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 30-08-2004 20:18, Ragnar Wisloff wrote:
| Petter Reinholdtsen skrev:
|
|> [Hilaire]
|>
|>
|>> There is a ltsp-floppyd package for Skolelinux to help for the set
|>> up.
|>> Not sure it is included in the cd-rom however, but it is in the
|>> Skolelinux apt repository.
|>>
|>
|>
|> It is included on the CD, but not installed by default.  I believe
|> Ragnar have a reason for not installing it by default, but have
|> forgotten the arguments.
|>
|
| My arguments are mostly security based.
|
| There is no way to authenticate users when accessing local devices on
| the thin clients using the floppyd method. This means that the floppy is
| open for reading and writing by anybody on any machine. By all means,
| install the package, but be aware of the security risks involved.

Would it make sense with a Kerberos-enabled floppyd, when (or if)
Skolelinux switches to using Kerberos?
Any method of authentication. I am not at all confident it is a simple task to enable that, though. LDAP would probably be a good choice. 



As I understand Kerberos, the core logic is to authenticate _both_ user
and service against a third party (the ticket server). So even services
on a thin client should be able to trust if done properly, right?


Don't know.




| In addition, Konqueror's floppy:/ kio is not very reliable.

What has that to do with it (I am honestly interested for other reasons:
I have recently poked with getting KDE3.3 to work sanely with autofs4,
and is curious if there's a better way).
It has nothing to do with security. It is a practical consideration. If it is known not to work, then I don't think it is wise to use it. 


--
Med vennlig hilsen
Ragnar Wisløff
-------------
Life is a reach. Then you gybe.
Reply to: