Hi Andi, On Fr 07 Jan 2011 10:41:41 CET "Andreas B. Mundt" wrote:
Take a look at <URL:http://svn.debian.org/wsvn/debian-edu/trunk/src/debian-edu-config/cf/cf.homes>,i.e. our exports file. If a machine want's to mount the home directories, it first has to be added to a netgroup that allows mounting the share. So if you walk into the school with your Laptop to fake an identity on the net, it will not work the first time, because your MAC address will be differerent from the machines in the netgroup you need the membership of. The next day you walk into school you will be better prepared, you modified the Laptop's MAC. Now, just plug off the machine you got the MAC from and use your Laptop instead with the nice user ID. I guess that's how current security is thought to be.
This setup is not really secure. If you have access to one of the school computers (Skolelinux clients) you boot it, use ifconfig and look up its IP. Then you shut the Skolelinux client down, take over its IP (static IP, not DHCP) and then you can mount the NFS share(s) on tjener.
And if you ask me: I would be quite happy about service principals on each client. With service principal and user principal you gain NFS access, without... you do not get access...
So using sec=sys in NFS4 is the same as using NFS3 now. It doesn't help with the netgroups, but it also doesn't hurt.
Netgroups are not too special... but you may be right about Netgroup integration in WebGUI tools...Yes, the GUI administration is the problem right now.
For a flexible system having netgroups available (and configurable) is always an advantage!!! So, if there is some work to be done, we should try to include netgroups into the effort.
Do you have access to a debian-edu setup? Maybe if you want to take a look, try a virtual setup with virt-manager + KVM (rsync the DVD image): <URL:http://wiki.debian.org/DebianEdu/HowTo/TestCDinstall> You need about a 25GiB image for Tjener+LTSPserver.
My friend Andreas (www.logo-edv.de) in Kiel has provided me an 8 core, 16gb Virt-Server that hums (well, it really hums quite hummingly) in my home. There currently is a Debian Edu (lenny) setup installed on it and I also tried a Debian Edu (squeeze) which, however, partially failed. I used one of the nightly built ISOs which might not be appropriate, though. If there are any ISO recommendations for squeeze, I'll be happy to use those for setting up a Debian squeeze Skolelinux.
Cheers, Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 GnuPG Key ID 0x1943CA5B mail: m.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
Attachment:
pgpgdcXGPajc8.pgp
Description: Digitale PGP-Unterschrift