LDM_DIRECTX=yes by default?
Steven Santos
steven at simplycircus.com
Thu Jul 3 19:55:12 UTC 2008
I can see reasons for both, but given the facts you present, I would default
to yes.
_____
Steven Santos
Director, Simply Circus, Inc.
Email: Steven at SimplyCircus.com
Mail: 14 Pierrepont Road
Newton, MA 02462
Phone: 617-527-0667
Web: www.SimplyCircus.com <http://www.SimplyCircus.com>
> -----Original Message-----
> From: k12linux-devel-list-bounces at redhat.com
> [mailto:k12linux-devel-list-bounces at redhat.com]On Behalf Of Warren
> Togami
> Sent: Thursday, July 03, 2008 1:16 PM
> To: Development discussion of K12Linux
> Subject: LDM_DIRECTX=yes by default?
>
>
> The current default of LTSP5 is to tunnel *everything* from the ldm
> login session through an ssh tunnel. This increases security a lot, but
> decreases usability of the default configuration since it scales very
> poorly. For example, a server that might be able to handle 40 clients
> with LDM_DIRECTX=yes might handle only ten with everything through the
> ssh tunnel. (These are made up numbers.)
>
> If lts.conf has LDM_DIRECTX=yes, then the login and password is
> encrypted by ssh, but X is unencrypted over the network. This makes the
> desktop performance a little better, but more importantly it allows the
> LTSP server to scale to a similar number of simultaneous clients as the
> old XDMCP-based LTSP4.2.
>
> This is bad for security, but if our goal is to have something usable
> out-of-the-box in a similar fashion to how K12LTSP was, then perhaps we
> should do it?
>
> How do people feel about this?
>
> Warren Togami
> wtogami at redhat.com
>
> _______________________________________________
> K12Linux-devel-list mailing list
> K12Linux-devel-list at redhat.com
> https://www.redhat.com/mailman/listinfo/k12linux-devel-list
>
>
More information about the K12Linux-devel-list
mailing list