LDM_DIRECTX=yes by default?

Darryl Bond dbond at nrggos.com.au
Thu Jul 3 21:42:51 UTC 2008 

I agree, Most LTSP applications are on a protected LAN (or should be).
Encrypting X is a great idea if the traffic has to travel over an
uncontrolled network and should be available but need not be the default.

Losing the local devices is more of an issue.


Regards
Darryl Bond

Warren Togami wrote:
> The current default of LTSP5 is to tunnel *everything* from the ldm
> login session through an ssh tunnel.  This increases security a lot, but
> decreases usability of the default configuration since it scales very
> poorly.  For example, a server that might be able to handle 40 clients
> with LDM_DIRECTX=yes might handle only ten with everything through the
> ssh tunnel.  (These are made up numbers.)
>
> If lts.conf has LDM_DIRECTX=yes, then the login and password is
> encrypted by ssh, but X is unencrypted over the network.  This makes the
> desktop performance a little better, but more importantly it allows the
> LTSP server to scale to a similar number of simultaneous clients as the
> old XDMCP-based LTSP4.2.
>
> This is bad for security, but if our goal is to have something usable
> out-of-the-box in a similar fashion to how K12LTSP was, then perhaps we
> should do it?
>
> How do people feel about this?
>
> Warren Togami
> wtogami at redhat.com
>
> _______________________________________________
> K12Linux-devel-list mailing list
> K12Linux-devel-list at redhat.com
> https://www.redhat.com/mailman/listinfo/k12linux-devel-list
>

The contents of this electronic message and any attachments are intended only for the addressee and may contain legally privileged, personal, sensitive or confidential information. If you are not the intended addressee, and have received this email, any transmission, distribution, downloading, printing or photocopying of the contents of this message or attachments is strictly prohibited. Any legal privilege or confidentiality attached to this message and attachments is not waived, lost or destroyed by reason of delivery to any person other than intended addressee. If you have received this message and are not the intended addressee you should notify the sender by return email and destroy all copies of the message and any attachments. Unless expressly attributed, the views expressed in this email do not necessarily represent the views of the company.

More information about the K12Linux-devel-list mailing list