LDM_DIRECTX=yes by default?
Warren Togami
wtogami at redhat.com
Thu Jul 3 17:16:21 UTC 2008
The current default of LTSP5 is to tunnel *everything* from the ldm
login session through an ssh tunnel. This increases security a lot, but
decreases usability of the default configuration since it scales very
poorly. For example, a server that might be able to handle 40 clients
with LDM_DIRECTX=yes might handle only ten with everything through the
ssh tunnel. (These are made up numbers.)
If lts.conf has LDM_DIRECTX=yes, then the login and password is
encrypted by ssh, but X is unencrypted over the network. This makes the
desktop performance a little better, but more importantly it allows the
LTSP server to scale to a similar number of simultaneous clients as the
old XDMCP-based LTSP4.2.
This is bad for security, but if our goal is to have something usable
out-of-the-box in a similar fashion to how K12LTSP was, then perhaps we
should do it?
How do people feel about this?
Warren Togami
wtogami at redhat.com
More information about the K12Linux-devel-list
mailing list