[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: unencrypted LDM sessions

On Tue, Jul 03, 2007 at 10:34:54PM +0200, Petter Reinholdtsen wrote:
> [Holger Levsen]
> > But if I use ssh in that session, the password goes over the wire in
> > clear text?
> Yes.  This patch tell programs to use the normal $DISPLAY TCP
> connection to the server.  I'm not convinced it is complete, though,
> as the xauth cookie need to be passed on to the users ~/.Xauthority
> file, and the X server need to be told to listen on the TCP socket as
> well as the unix socket in /tmp/.

i tested the patch, and it needed no modification, aside from enabling
it in lts.conf:


works as intended, as best i can tell.

> The problem is that some schools are not willing to sacrifise
> performance for security, and they will either set up XDMCP manually
> or use K12LTSP or Edubuntu and enable LDM without encrypted sessions.
> I suspect we are better of by providing an easily alternative to
> enable.

indeed. this is the motivation behind it- to attempt to give a
security/performance trade-off, while still keeping all of the features
that come with LDM. local devices and sound support, namely.
> > Also I am not soo comfortable with such changes at this point of
> > time. We have never formally frozen etch-test, to only allow
> > bugfixes in, but I'm thinking maybe we should do so. (And please go
> > ahead with this change now, but maybe this could be the last?

well, i've tested it personally, and it appears to work, so i uploaded a
new ltsp package and it awaits your fine testing skills in etch-test. :)

live well,

Reply to: