[Giorgio Pioda] > Well, if an alien machine sniff it, the attacker is well blocked at > level of user auth. In principle machine auth is not so important as > user auth since we are protecting homedirs and not services.
Yes, the home directory mount would be easier if only the user auth was needed. Note that there is no need to sniff the keytab file. All an attacker would need to do was to mount the LTSP root and read the file. > In itself, it would be rather easy to use ssh-fuse homedir mounts > instead of kerberized NFS obtaining a good protections of users > data. But in that case the disadvantage would be to loose the single > sign on and a substantial reduction in data transmission speed. Except that ssh-fuse is not usable as a home directory. rename is not atomic, and umask is not properly handled. Both can cause problems. :) -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2fl4nr237yu....@diskless.uio.no
