Andreas Schockenhoff skrev: > Hi, > > Am Donnerstag, den 17.05.2007, 20:11 +0200 schrieb Petter Reinholdtsen: >> [Andreas Schockenhoff] >>> If install a workstation it boots become a IP and connect to tjener >>> but if I want to login as user I must go into lwat an add a >>> workstation. Why? >> This is done because of security issues with NFS. See for example >> <URL:https://init.linpro.no/pipermail/skolelinux.no/admin-discuss/2006-March/000251.html> >> for background information. > Thats not really a solution for this problem. Because I can hijack a IP > and this is not really difficult.
Yes you can. That's why you should assign specific macaddress to a staticXX address, and scan your network, and maybe scan for other things than mac-address (maybe use ths ssh-hosts-keys?) > The other problem is that I must include all the automatic assigned IPs > in the DHCP range because I can not guarantee the old IP. No, you should once again, assign on staticXX to your workstations, and add staticXX to you workstation-hosts netgroup. > Use of static IPs in DHCP only can be a solution, make the security > problem smaller but do not solve it. That's right, please implement, test, and include in debian-edu a better solution. > But a mass import of workstations with ldap should also be nice. Yes, maybe a wishlist-bug. > I think in this moment a network administrator in a skolelinux network > can not accept other computer in his network where someother is root. Correct. At least not for them to use nfs. -- Finn-Arne Johansen [EMAIL PROTECTED] http://bzz.no/ EE2A71C6403A3D191FCDC043006F1215062E6642 062E6642 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
