[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Diskless and Kerberos



Hi,

last night I got a half a cent idea for Diskless stations Kerberization.

What about exporting the chroot / file sistem containing a single /etc/krb5.keytab
containing all the nfs/disklessclients entries...

The single diskless unit should get its hostname via dhcp (assigned from MAC)
and then could pick the correct TGT key and preauthenticate.

The only problem would be to play a little with the boot sequence, so that
Kerberos TGT challenge will happen with correct timing.

The basic Idea is thus to protect exported homedirs and leave the rest as
cleartext filesystem.

Probably I was too tired and this idea is just bull****. At the moment
I have no testing time / hardware.

Best Regards

Giorgio


-- 
Giorgio Pioda - Sysadmin SPSE-Tenero
Cell +41 79 629 20 63
Uff. +41 91 735 62 48


Reply to: