On Mon, 2002-10-07 at 23:38, David Johnston wrote: > 1. Ideally, we could use IPSec to authenticate each *workstation* long > before we ask for names or passwords. However, each workstation starts > up without a key every time it starts (it either builds one, or gets it > from a central server somehow). I think this means that we cannot use > the IPSec keys to authenticate the workstation. How can we prove that > the workstation isn't an outsider trying to get into our network? > > 2. How can we prevent man-in-the-middle attacks? Is it possible without > workstation authentication?
But surely we do have some form of workstation authentication, the DHCP server can be configured to respond only to known MACs, and do nothing for others. -- Dave Cotton Directeur Linux Autrement ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.openprojects.net
