Op do 27-05-2004, om 11:33 schreef Andrew Bartlett: > On Thu, 2004-05-27 at 18:58, Tarjei Huse wrote: > > Hi, this is from a discussion I had with Samba developer Andrew > > Bartlett. We were discussing usage of the Heimdal kerberos module > > hdb-ldap when it turned out that both of us have the same idea on what > > to use for - LTSP. > > What do you guys think of the ideas presented here? Has anyone used LTSP > > and kerberos together?
Could it be an idea to throw out NFS altogether in favor of samba? At least we can have our needed authenticated mounting back. (apart from all the other excellent tweaks that samba has up its sleeve) I don't now how well this would work on the "unix side" in terms of fileserving in an LTSP environment, but I thought samba scales pretty well and has outstanding performance. But sure enough it can be made a hell of lot more secure then NFS. Another thing we are looking at is secure LDAP+Kerberos+TLS authentication. They als integrate nicely into samba. Immanuel > > The basic purpose of this proposal is to protect LTSP from a passive > attack on the plaintext passwords being sent over the network. > > I think it is possible to create a system using SSH, Kerberos and the > existing Kerberos-compatible password databases provided by Samba. > > The basic idea is that we run GDM locally, rather than on the server. > GDM then authenticates the user with KRB5, and obtains a ticket. > > This ticket then used for a secure SSH login to the server, which > invokes 'gnome-session' (or whateve), forwarding the results back over > SSH's X forwarding. > > This ensures the encryption of passwords, and the user's session. If > the attacker does *not* modify the NFS traffic, it should be secure. > (If they do, then all bets are off, as they have already installed > pam_pwdsniff ;-) > > Now, there is still the problem of 'local applications'. > > As I understand it, these are applications that do not access the user's > home directory, but are computationally expensive (such as a screensaver > ;-). The reverse SSH leg needs to be secured, and we need to know we > are talking to the right workstation, and the workstations needs to know > it's only talking to the right user. > > This can be done again by the use of SSH. Instead of using a fixed > private key on the workstation, common to all images, we can generate > that key during the boot process, and give it to the server (for > placement in the user's .ssh/known_hosts) as part of the login process. > > Similarly, the user's public key can be copied from their .ssh/ > directory, and placed into the temporary authorized_keys file on the > workstation. > > How does this sound to people? The only particularly fancy bit here is > the fact that we use the 'single sign on' capability of kerberos, to > avoid extra password prompts. > > Andrew Bartlett ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
