[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: unencrypted LDM sessions

[Holger Levsen]
> But if I use ssh in that session, the password goes over the wire in
> clear text?

Yes.  This patch tell programs to use the normal $DISPLAY TCP
connection to the server.  I'm not convinced it is complete, though,
as the xauth cookie need to be passed on to the users ~/.Xauthority
file, and the X server need to be told to listen on the TCP socket as
well as the unix socket in /tmp/.

The problem is that some schools are not willing to sacrifise
performance for security, and they will either set up XDMCP manually
or use K12LTSP or Edubuntu and enable LDM without encrypted sessions.
I suspect we are better of by providing an easily alternative to

> Also I am not soo comfortable with such changes at this point of
> time. We have never formally frozen etch-test, to only allow
> bugfixes in, but I'm thinking maybe we should do so. (And please go
> ahead with this change now, but maybe this could be the last?

Well, we are slowing down on major changes, so it is at least a
slush. :)

> - Which reminds me that for the last three weeks or so we failed to
> hold a meeting - any takers for proposing a new date?)

I'm very interested in an IRC meeting, as I am back online again. :)

> I'm all for lesser restrictions (again & compared to now and to
> Debian) when preparing debian-edu etch r1 though.

It might be an option for r1, yes.  Adding the simple patch seem safe
enough, but if it is incomplete it will not give us the advantage we
want and perhaps only generate more confusion instead of helping those
in need of less overhead for the X trafic.

Happy hacking,
Petter Reinholdtsen

Reply to: