On Sonntag, 23. November 2014, Wolfgang Schweer wrote: > > diretly, if you release this under the GPL2 :) (easiest way to do so > > would be if you just do the edit ;-) > Yes \o/ > but some more things have to be considered if LTSP is used: > > The more complicated issue concerning LTSP clients could be solved (but > only for the dedicated thin client network) using PAM: > (1) enable pam_access.so in LTSP server's /etc/pam.d/sshd. > (2) configure /etc/security/access.conf to allow connections from > networks 192.168.0.0/24 and 192.168.1.0/24 (preconfigured in LDAP). > Note: someone pluging in his box into this network will gain ssh access > to the LTSP server as well. sounds copy+paste worthy to me as well, we can always improve later. but this is useful+accurate information already. :-) > If LTSP clients were attached to the backbone network 10.0.0.0/8 (combi > server or LTSP cluster setup) things would be even more cpmplicated and > maybe only a sophisticated DHCP setup (in LDAP) checking the > vendor-class-identifier together with apropriate PAM configuration would > do the trick, I suppose. I'd add this too, but just as a "note for more complex setups", because as you say, networks can be "arbitrarily" complicated so we will never document all use cases anyway. nor should we :-)
Attachment:
signature.asc
Description: This is a digitally signed message part.