On Wed, Jul 10, 2019 at 02:50:19PM +0000, Mike Gabriel wrote: > On Mi 10 Jul 2019 15:15:53 CEST, Petter Reinholdtsen wrote: > > [Mike Gabriel] > > > Another error in reasoning... A diskless machine doesn't probably have > > > any values/assets to protect, so why deploy the LDAP server cert at > > > all to the diskless chroot? It is sufficient (and fully works) to > > > retrieve the LDAP cert during the diskless machine's boot process. > > > > The LDAP server cert is placed inside diskless chroots to protect the > > users (for example their passwords) from man-in-the-middle attacks on > > the LDAP directory. The point is not to keep the read only files safe, > > but the users logging into them. > > oh yeah, this is indeed a highly valid point. Without that, an attacker > could fake a TJENER on the network (or pseudo-rollout another Debian Edu > like network to clients) and collect login credentials. This is supposed to be a problem since the time LTSP uses NBD, but only for LTSP chroots that never got an update. For Buster we should make sure that the LDAP certificate gets copied into the LTSP chroot before the initial NBD image is built at installation time to avoid another NBD build just after the first reboot. This would require changes to /etc/ltsp/ltsp-build-client.conf and cf3/cf.finalize (building the client without NBD image generation, copying the certificate, then run ltsp-update-image). Any comments/suggestions/other hints? Wolfgang
Attachment:
signature.asc
Description: PGP signature