Re: Why not include the workstations with auto dhcp IPs per default into the LDAP?
Andreas Schockenhoff skrev:
> Am Donnerstag, den 17.05.2007, 20:11 +0200 schrieb Petter Reinholdtsen:
>> [Andreas Schockenhoff]
>>> If install a workstation it boots become a IP and connect to tjener
>>> but if I want to login as user I must go into lwat an add a
>>> workstation. Why?
>> This is done because of security issues with NFS. See for example
>> for background information.
> Thats not really a solution for this problem. Because I can hijack a IP
> and this is not really difficult.
Yes you can. That's why you should assign specific macaddress to a
staticXX address, and scan your network, and maybe scan for other things
than mac-address (maybe use ths ssh-hosts-keys?)
> The other problem is that I must include all the automatic assigned IPs
> in the DHCP range because I can not guarantee the old IP.
No, you should once again, assign on staticXX to your workstations, and
add staticXX to you workstation-hosts netgroup.
> Use of static IPs in DHCP only can be a solution, make the security
> problem smaller but do not solve it.
That's right, please implement, test, and include in debian-edu a better
> But a mass import of workstations with ldap should also be nice.
Yes, maybe a wishlist-bug.
> I think in this moment a network administrator in a skolelinux network
> can not accept other computer in his network where someother is root.
At least not for them to use nfs.