[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why not include the workstations with auto dhcp IPs per default into the LDAP?

Andreas Schockenhoff skrev:
> Hi,
> Am Donnerstag, den 17.05.2007, 20:11 +0200 schrieb Petter Reinholdtsen:
>> [Andreas Schockenhoff]
>>> If install a workstation it boots become a IP and connect to tjener
>>> but if I want to login as user I must go into lwat an add a
>>> workstation.  Why?
>> This is done because of security issues with NFS.  See for example
>> <URL:https://init.linpro.no/pipermail/skolelinux.no/admin-discuss/2006-March/000251.html>
>> for background information.
> Thats not really a solution for this problem. Because I can hijack a IP
> and this is not really difficult. 

Yes you can. That's why you should assign specific macaddress to a
staticXX address, and scan your network, and maybe scan for other things
than mac-address (maybe use ths ssh-hosts-keys?)

> The other problem is that I must include all the automatic assigned IPs
> in the DHCP range because I can not guarantee the old IP. 

No, you should once again, assign on staticXX to your workstations, and
add staticXX to you workstation-hosts netgroup.

> Use of static IPs in DHCP only can be a solution, make the security
> problem smaller but do not solve it. 

That's right, please implement, test, and include in debian-edu a better

> But a mass import of workstations with ldap should also be nice. 

Yes, maybe a wishlist-bug.

> I think in this moment a network administrator in a skolelinux network
> can not accept other computer in his network where someother is root. 

At least not for them to use nfs.

Finn-Arne Johansen
faj@bzz.no http://bzz.no/
EE2A71C6403A3D191FCDC043006F1215062E6642 062E6642

Reply to: