-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 31-08-2004 14:12, Ragnar Wisloff wrote: | Jonas Smedegaard skrev: | |> -----BEGIN PGP SIGNED MESSAGE----- |> Hash: SHA1 |> |> On 30-08-2004 20:18, Ragnar Wisloff wrote: |> | Petter Reinholdtsen skrev: |> | |> |> [Hilaire] |> |> |> |> |> |>> There is a ltsp-floppyd package for Skolelinux to help for the set |> |>> up. |> |>> Not sure it is included in the cd-rom however, but it is in the |> |>> Skolelinux apt repository. |> |>> |> |> |> |> |> |> It is included on the CD, but not installed by default. I believe |> |> Ragnar have a reason for not installing it by default, but have |> |> forgotten the arguments. |> |> |> | |> | My arguments are mostly security based. |> | |> | There is no way to authenticate users when accessing local devices on |> | the thin clients using the floppyd method. This means that the |> floppy is |> | open for reading and writing by anybody on any machine. By all means, |> | install the package, but be aware of the security risks involved. |> |> Would it make sense with a Kerberos-enabled floppyd, when (or if) |> Skolelinux switches to using Kerberos? | | | Any method of authentication. I am not at all confident it is a simple | task to enable that, though. LDAP would probably be a good choice.
Hmmm - not _any_ method, I think: You access an untrusted machine, so shouldn't feed it your personal password!
Sure, you assume the machine you access is your own workstation, but how do you know for sure?
|> As I understand Kerberos, the core logic is to authenticate _both_ user |> and service against a third party (the ticket server). So even services |> on a thin client should be able to trust if done properly, right? | | | Don't know.
Fair enough. I know only fractions myself.
Andreas - have you become clever on these parts with your poking around with AFS lately?
|> | In addition, Konqueror's floppy:/ kio is not very reliable. |> |> What has that to do with it (I am honestly interested for other reasons: |> I have recently poked with getting KDE3.3 to work sanely with autofs4, |> and is curious if there's a better way). | | | It has nothing to do with security. It is a practical consideration. If | it is known not to work, then I don't think it is wise to use it.
Sorry - I didn't make myself clear: I have poked with getting KDE 3.3 and autofs to work nicely together on a _fat_ machine, not a thin client, and not using floppyd.
I was curious about maybe needing to configure som KIO stuff somehow. I failed locating anything useful about floppy configuration at the KDE website.
Currently I have autofs and /etc/fstab configured to point to same mount point (to avoid KDE showing one - and one only - mount point for the device) but could only make autofs mount as root and thus have world write access to the device :-(
Without autofs KDE automatically attempts to mount the floppy but does not unmount again.
~ - Jonas
- -- * Jonas Smedegaard - idealist og Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/
~ - Enden er n�r: http://www.shibumi.org/eoti.htm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBNHSKn7DbMsAkQLgRAhZyAJ9pncLcaYALfeVEFc+uX619SAFcDgCghlNZ aO846XmR/gs7JloWPlz1VCE= =L8De -----END PGP SIGNATURE-----

