-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, Apr 30, 2009 at 05:36:21AM -0700, Vagrant Cascadian wrote: >On Wed, Apr 29, 2009 at 01:27:22AM +0200, Knut Yrvin wrote: >> Skolelinux 3.0 is running LDM as a login manager on thin clients with >> LTSP. This is slower than KDM. >> >> You can replace LDM with KDM, and speed things up a little. > >do you still see a speed improvement using KDM vs. LDM with >LDM_DIRECTX=True ? this feature still uses ssh for the initial >connection (i.e. namely, the password negotiation), but plain X11 >protocol for the rest of the session, and still should work with most >of the other features of LDM (local devices, sound, and in newer >versions, local applications). > >> But you'll miss the secure ssh tunnel which has some security >> benefits clients connected to a network hub. When running a switch, >> package sniffing is not as easy. > >as i understand it, it is actually trivial to packet sniff on switches, >and provides no real security benefit. all you have to do is enable >promiscuous mode on your ethernet device, no?
In april 2003 we discussed this exact thing on the norwegian list, with Herman Robak providing most details: https://init.linpro.no/pipermail/skolelinux.no/linuxiskolen/2003-April/009945.html Back then Knut claimed that I blew it out of proportions when insisting that LTSP 3.0 (i.e. no SSH) is insecure. Very much usable but insecure. Before this thread grows too much, I suggest that the scandinavians among us reread that old thread, and perhaps provide an english summary. I am baffled that Knut still consider switches a security measure now 6 years later. - Jonas - -- * Jonas Smedegaard - idealist og Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkn5sbIACgkQn7DbMsAkQLhaGwCfYDk9aeJxXBQrWjhoLEoBE1vF sB8An3IKDobI/zi5M8XJ3G1TKWNbYr6f =8+5Z -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
