Hi, last night I got a half a cent idea for Diskless stations Kerberization.
What about exporting the chroot / file sistem containing a single /etc/krb5.keytab containing all the nfs/disklessclients entries... The single diskless unit should get its hostname via dhcp (assigned from MAC) and then could pick the correct TGT key and preauthenticate. The only problem would be to play a little with the boot sequence, so that Kerberos TGT challenge will happen with correct timing. The basic Idea is thus to protect exported homedirs and leave the rest as cleartext filesystem. Probably I was too tired and this idea is just bull****. At the moment I have no testing time / hardware. Best Regards Giorgio -- Giorgio Pioda - Sysadmin SPSE-Tenero Cell +41 79 629 20 63 Uff. +41 91 735 62 48 -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120523072633.ga25...@macchianera.pioderia.lan
