Re: unencrypted LDM sessions
On Tue, Jul 03, 2007 at 10:34:54PM +0200, Petter Reinholdtsen wrote:
> [Holger Levsen]
> > But if I use ssh in that session, the password goes over the wire in
> > clear text?
>
> Yes. This patch tell programs to use the normal $DISPLAY TCP
> connection to the server. I'm not convinced it is complete, though,
> as the xauth cookie need to be passed on to the users ~/.Xauthority
> file, and the X server need to be told to listen on the TCP socket as
> well as the unix socket in /tmp/.
i tested the patch, and it needed no modification, aside from enabling
it in lts.conf:
LDM_DIRECTX=True
works as intended, as best i can tell.
> The problem is that some schools are not willing to sacrifise
> performance for security, and they will either set up XDMCP manually
> or use K12LTSP or Edubuntu and enable LDM without encrypted sessions.
> I suspect we are better of by providing an easily alternative to
> enable.
indeed. this is the motivation behind it- to attempt to give a
security/performance trade-off, while still keeping all of the features
that come with LDM. local devices and sound support, namely.
> > Also I am not soo comfortable with such changes at this point of
> > time. We have never formally frozen etch-test, to only allow
> > bugfixes in, but I'm thinking maybe we should do so. (And please go
> > ahead with this change now, but maybe this could be the last?
well, i've tested it personally, and it appears to work, so i uploaded a
new ltsp package and it awaits your fine testing skills in etch-test. :)
live well,
vagrant
Reply to: