LDM_DIRECTX=yes by default?

Warren Togami wtogami at redhat.com
Thu Jul 3 17:16:21 UTC 2008

The current default of LTSP5 is to tunnel *everything* from the ldm 
login session through an ssh tunnel.  This increases security a lot, but 
decreases usability of the default configuration since it scales very 
poorly.  For example, a server that might be able to handle 40 clients 
with LDM_DIRECTX=yes might handle only ten with everything through the 
ssh tunnel.  (These are made up numbers.)

If lts.conf has LDM_DIRECTX=yes, then the login and password is 
encrypted by ssh, but X is unencrypted over the network.  This makes the 
desktop performance a little better, but more importantly it allows the 
LTSP server to scale to a similar number of simultaneous clients as the 
old XDMCP-based LTSP4.2.

This is bad for security, but if our goal is to have something usable 
out-of-the-box in a similar fashion to how K12LTSP was, then perhaps we 
should do it?

How do people feel about this?

Warren Togami
wtogami at redhat.com

More information about the K12Linux-devel-list mailing list