Re: Why not include the workstations with auto dhcp IPs per default into the LDAP?

To: debian-edu@lists.debian.org
Subject: Re: Why not include the workstations with auto dhcp IPs per default into the LDAP?
From: Finn-Arne Johansen <faj@bzz.no>
Date: Thu, 17 May 2007 21:16:13 +0200
Message-id: <464CA9FD.5010104@bzz.no>
In-reply-to: <1179427584.12884.20.camel@demohost1.intern>
References: <1179423444.12285.6.camel@demohost1.intern> <20070517174735.GB21430@saruman.uio.no> <1179424621.12884.2.camel@demohost1.intern> <20070517181105.GC21430@saruman.uio.no> <1179427584.12884.20.camel@demohost1.intern>

Andreas Schockenhoff skrev:
> Hi,
> 
> Am Donnerstag, den 17.05.2007, 20:11 +0200 schrieb Petter Reinholdtsen:
>> [Andreas Schockenhoff]
>>> If install a workstation it boots become a IP and connect to tjener
>>> but if I want to login as user I must go into lwat an add a
>>> workstation.  Why?
>> This is done because of security issues with NFS.  See for example
>> <URL:https://init.linpro.no/pipermail/skolelinux.no/admin-discuss/2006-March/000251.html>
>> for background information.
> Thats not really a solution for this problem. Because I can hijack a IP
> and this is not really difficult. 

Yes you can. That's why you should assign specific macaddress to a
staticXX address, and scan your network, and maybe scan for other things
than mac-address (maybe use ths ssh-hosts-keys?)

> The other problem is that I must include all the automatic assigned IPs
> in the DHCP range because I can not guarantee the old IP. 

No, you should once again, assign on staticXX to your workstations, and
add staticXX to you workstation-hosts netgroup.

> Use of static IPs in DHCP only can be a solution, make the security
> problem smaller but do not solve it. 

That's right, please implement, test, and include in debian-edu a better
solution.

> But a mass import of workstations with ldap should also be nice. 

Yes, maybe a wishlist-bug.

> I think in this moment a network administrator in a skolelinux network
> can not accept other computer in his network where someother is root. 

Correct.
At least not for them to use nfs.

-- 
Finn-Arne Johansen
faj@bzz.no http://bzz.no/
EE2A71C6403A3D191FCDC043006F1215062E6642 062E6642

Reply to:

References:
- Why not include the workstations with auto dhcp IPs per default into the LDAP?
  - From: Andreas Schockenhoff <asc@gmx.li>
- Re: Why not include the workstations with auto dhcp IPs per default into the LDAP?
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: Why not include the workstations with auto dhcp IPs per default into the LDAP?
  - From: Andreas Schockenhoff <asc@gmx.li>
- Re: Why not include the workstations with auto dhcp IPs per default into the LDAP?
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: Why not include the workstations with auto dhcp IPs per default into the LDAP?
  - From: Andreas Schockenhoff <asc@gmx.li>

Prev by Date: Re: Why not include the workstations with auto dhcp IPs per default into the LDAP?
Next by Date: Re: Why not include the workstations with auto dhcp IPs per default into the LDAP?
Previous by thread: Re: Why not include the workstations with auto dhcp IPs per default into the LDAP?
Next by thread: Re: Why not include the workstations with auto dhcp IPs per default into the LDAP?
Index(es):
- Date
- Thread