[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Floppy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 31-08-2004 14:12, Ragnar Wisloff wrote:
| Jonas Smedegaard skrev:
|
|> -----BEGIN PGP SIGNED MESSAGE-----
|> Hash: SHA1
|>
|> On 30-08-2004 20:18, Ragnar Wisloff wrote:
|> | Petter Reinholdtsen skrev:
|> |
|> |> [Hilaire]
|> |>
|> |>
|> |>> There is a ltsp-floppyd package for Skolelinux to help for the set
|> |>> up.
|> |>> Not sure it is included in the cd-rom however, but it is in the
|> |>> Skolelinux apt repository.
|> |>>
|> |>
|> |>
|> |> It is included on the CD, but not installed by default.  I believe
|> |> Ragnar have a reason for not installing it by default, but have
|> |> forgotten the arguments.
|> |>
|> |
|> | My arguments are mostly security based.
|> |
|> | There is no way to authenticate users when accessing local devices on
|> | the thin clients using the floppyd method. This means that the
|> floppy is
|> | open for reading and writing by anybody on any machine. By all means,
|> | install the package, but be aware of the security risks involved.
|>
|> Would it make sense with a Kerberos-enabled floppyd, when (or if)
|> Skolelinux switches to using Kerberos?
|
|
| Any method of authentication. I am not at all confident it is a simple
| task to enable that, though. LDAP would probably be a good choice.

Hmmm - not _any_ method, I think: You access an untrusted machine, so
shouldn't feed it your personal password!

Sure, you assume the machine you access is your own workstation, but how
do you know for sure?


|> As I understand Kerberos, the core logic is to authenticate _both_ user
|> and service against a third party (the ticket server). So even services
|> on a thin client should be able to trust if done properly, right?
|
|
| Don't know.

Fair enough. I know only fractions myself.

Andreas - have you become clever on these parts with your poking around
with AFS lately?


|> | In addition, Konqueror's floppy:/ kio is not very reliable.
|>
|> What has that to do with it (I am honestly interested for other reasons:
|> I have recently poked with getting KDE3.3 to work sanely with autofs4,
|> and is curious if there's a better way).
|
|
| It has nothing to do with security. It is a practical consideration. If
| it is known not to work, then I don't think it is wise to use it.

Sorry - I didn't make myself clear: I have poked with getting KDE 3.3
and autofs to work nicely together on a _fat_ machine, not a thin
client, and not using floppyd.

I was curious about maybe needing to configure som KIO stuff somehow. I
failed locating anything useful about floppy configuration at the KDE
website.

Currently I have autofs and /etc/fstab configured to point to same mount
point (to avoid KDE showing one - and one only - mount point for the
device) but could only make autofs mount as root and thus have world
write access to the device :-(

Without autofs KDE automatically attempts to mount the floppy but does
not unmount again.


~ - Jonas

- --
* Jonas Smedegaard - idealist og Internet-arkitekt
* Tlf.: +45 40843136  Website: http://dr.jones.dk/

~ - Enden er nær: http://www.shibumi.org/eoti.htm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBNHSKn7DbMsAkQLgRAhZyAJ9pncLcaYALfeVEFc+uX619SAFcDgCghlNZ
aO846XmR/gs7JloWPlz1VCE=
=L8De
-----END PGP SIGNATURE-----
Reply to: