On Mon, 2008-02-25, at 07:08:35 +0100, Rick Thomas wrote: > I don't know how much load you're going to put on your proposed > Kerberos KDC, but the extra CPU load placed on it by encrypting the > filesystem may make it unresponsive, given the Slug's not-very-fast CPU.
My production environment is a home network with five users. So the kdc load is not very big. Some would say kerberos is overkill there, and I might agree. But it is fun to use kerberos, ldap (on another server) etc. Anyway my goals for a KDC are: * separate computer for security * low power (I'd like to use my carbon footprint and money for other things) * possibility to log in through a console (serial port ok) then sshd would not be needed and remote access more difficult * preferrably low cost * while high availability is good I'm ready to trade that for low power in this application * ethernet I did look at some other single board computers. One idea was to use a SBC like a colibri or similar, mount it inside the chassi of my normal file/ldap/... server, which would provide shelter and electricity, and then have eth and serial/USB console available on the back where all PCI-card connectors are. Such a solution would meet many of the above goals. My experiment with encrypted file system was initiated simply see if it is possible to rasie security even higher, but mainly as a geek thing. If I get it installed and performance is to low, I will fall back to a normal ext3. Anders -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
