John,
        i think you overstate the difficulty and understate the importance
of secure connect. the very idea of clear text passwords floating on the
network gives me nightmares.
        the simple and somewhat secure solution would be to add encryption
capability to the downloaded kernel. the kernel would use the server's
public key to encrypt all the traffic from the keyboard until the user
would select different keys or encryption methods. the advantage is
obvious - no clear text on the network and to decrypt you need root level
access to the server. this suggestion is not a panaceum, since it doesn't
address the m-i-t-m attack, but it is a lot better than what we have now.
julius

On Wed, 9 Oct 2002, John McCreesh wrote:

> There's been much discussion on this list about using secure connections
> - it's on a good few people's wishlists, but the concensus is it's
> non-trivial to implement and certainly isn't available 'out of the box'
> from LTSP yet. Remember that 'trusted user community' bit.
>
> In the default mode of operation with LTSP, the applications run on the
> server, and the terminal handles the GUI - which is why the terminal can
> be a very humble box. There is a huge architectural difference between
> MS-Windows and LTSP. MS-W was written to run on a self-contained PC;
> applications are built on that assumption (even client-server). So
> Citrix, MTS, etc are fighting an uphill battle from day one - they just
> weren't designed to do terminal/server. Unices (like Linux) developed
> down a different route - when GUIs came along, they were implemented
> through having an XServer on a terminal handle all the GUI stuff, and
> then XClients (Mozilla, OpenOffice.org, whatever) doing the actual work.
> It makes little difference if you decide to run the XServer on a
> terminal and a heap of XClients on a different box - that's what it was
> designed to do. That's how applications expect to work.
>
> So when you compare Citrix and LTSP, you're comparing something that's
> trying to do something it wasn't designed to do - a fish on a bike -
> with something that's working doing what comes naturally - a dolphin in
> the ocean.
>
> John
>
> On Tue, 8 Oct 2002 11:16:27 -0700
> "Billy McFarland" <[EMAIL PROTECTED]> wrote:
>
> > Thanks for the reply.
> >
> > Can the connection be run inside of a secure connection between client
> > and server (SSH or something similar)?
> >
> > I am trying to get a conceptual handle on how the client and the
> > server are interacting.  Is the application running on the server with
> > only keystrokes and pixel plots being passed between the client and
> > the server, or, is the application code actually being passed from the
> > server to the client with the application then running on the client
> > using its resources?
> >
> > ----- Original Message -----
> > From: "John McCreesh" <[EMAIL PROTECTED]>
> > To: "Billy McFarland" <[EMAIL PROTECTED]>
> > Cc: <[EMAIL PROTECTED]>
> > Sent: Tuesday, October 08, 2002 10:34 AM
> > Subject: Re: [Ltsp-discuss] Bandwidth Requirements
> >
> >
> > LTSP is designed to run over a LAN with a trusted user community. If
> > you run it over the net hackers would have a great time. Bandwidth is
> > application dependent - like all sizing questions, your best bet is to
> > set up a small proof of concept and so some measurements. This is
> > open-source - you don't have to spend zillions on licences to do a
> > trial!



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_____________________________________________________________________
Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
      https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help,   try #ltsp channel on irc.openprojects.net

Reply via email to