At 04:11 11/7/2005, John Horne wrote: >Hello, > >We are using the ltspinfod process to allow our ltsp server to reboot >clients. Whilst this works, fine my concern is that there seems to be no >way (that I can think of) to restrict the shutdown/reboot commands to >only come from the server. As far as I can tell another user could >possibly install the relevant parts of ltspinfo on to a (non-ltsp) PC >and issue the reboot command to our clients - in effect performing a >DoS. > >Anyone know a way to secure ltspinfo commands to only come from a known >server? We are using LTSP version 4.1.
Aloha, If the LTSP clients are running inetd (or xinetd), then tcpwrapper should give you the control you need for connections to tcp/9200. See man tcpd. If ltspinfod is running as a full time daemon, perhaps someone could add xinetd support to LTSP clients to allow for finer grained access control. Regards, Ron >Many thanks, > >John. > >-- >--------------------------------------------------------------- >John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 >E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 Ronald L Fox E-mail: [EMAIL PROTECTED] Sr. Software Engineer Phone: (808) 589-5172 Diagnostic Laboratory Services Honolulu, Hawaii ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
