[Mike Gabriel] > Another error in reasoning... A diskless machine doesn't probably have > any values/assets to protect, so why deploy the LDAP server cert at > all to the diskless chroot? It is sufficient (and fully works) to > retrieve the LDAP cert during the diskless machine's boot process.
The LDAP server cert is placed inside diskless chroots to protect the users (for example their passwords) from man-in-the-middle attacks on the LDAP directory. The point is not to keep the read only files safe, but the users logging into them. -- Happy hacking Petter Reinholdtsen
