Andrew, Excellent stuff. See my reply earlier to Targei regarding getting together on IRC to discuss all this. I'm VERY interested in seeing it all work.
Jim McQuillan [EMAIL PROTECTED] On Thu, 27 May 2004, Andrew Bartlett wrote: > On Thu, 2004-05-27 at 18:58, Tarjei Huse wrote: > > Hi, this is from a discussion I had with Samba developer Andrew > > Bartlett. We were discussing usage of the Heimdal kerberos module > > hdb-ldap when it turned out that both of us have the same idea on what > > to use for - LTSP. > > What do you guys think of the ideas presented here? Has anyone used LTSP > > and kerberos together? > > The basic purpose of this proposal is to protect LTSP from a passive > attack on the plaintext passwords being sent over the network. > > I think it is possible to create a system using SSH, Kerberos and the > existing Kerberos-compatible password databases provided by Samba. > > The basic idea is that we run GDM locally, rather than on the server. > GDM then authenticates the user with KRB5, and obtains a ticket. > > This ticket then used for a secure SSH login to the server, which > invokes 'gnome-session' (or whateve), forwarding the results back over > SSH's X forwarding. > > This ensures the encryption of passwords, and the user's session. If > the attacker does *not* modify the NFS traffic, it should be secure. > (If they do, then all bets are off, as they have already installed > pam_pwdsniff ;-) > > Now, there is still the problem of 'local applications'. > > As I understand it, these are applications that do not access the user's > home directory, but are computationally expensive (such as a screensaver > ;-). The reverse SSH leg needs to be secured, and we need to know we > are talking to the right workstation, and the workstations needs to know > it's only talking to the right user. > > This can be done again by the use of SSH. Instead of using a fixed > private key on the workstation, common to all images, we can generate > that key during the boot process, and give it to the server (for > placement in the user's .ssh/known_hosts) as part of the login process. > > Similarly, the user's public key can be copied from their .ssh/ > directory, and placed into the temporary authorized_keys file on the > workstation. > > How does this sound to people? The only particularly fancy bit here is > the fact that we use the 'single sign on' capability of kerberos, to > avoid extra password prompts. > > Andrew Bartlett > > ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
