LDM_DIRECTX=yes by default?

roger depreeuw rogdepre at skynet.be
Sun Jul 6 08:08:23 UTC 2008

Warren Togami wrote:
> The current default of LTSP5 is to tunnel *everything* from the ldm 
> login session through an ssh tunnel.  This increases security a lot, but 
> decreases usability of the default configuration since it scales very 
> poorly.  For example, a server that might be able to handle 40 clients 
> with LDM_DIRECTX=yes might handle only ten with everything through the 
> ssh tunnel.  (These are made up numbers.)
> If lts.conf has LDM_DIRECTX=yes, then the login and password is 
> encrypted by ssh, but X is unencrypted over the network.  This makes the 
> desktop performance a little better, but more importantly it allows the 
> LTSP server to scale to a similar number of simultaneous clients as the 
> old XDMCP-based LTSP4.2.
> This is bad for security, but if our goal is to have something usable 
> out-of-the-box in a similar fashion to how K12LTSP was, then perhaps we 
> should do it?
> How do people feel about this?
> Warren Togami
> wtogami at redhat.com
> _______________________________________________
> K12Linux-devel-list mailing list
> K12Linux-devel-list at redhat.com
> https://www.redhat.com/mailman/listinfo/k12linux-devel-list
LDM_DIRECTX=yes makes a big difference in speed on my test system. A 
simple test, to see the difference, i do by launching a youtube video in 
firefox. But making this the default may conflict with the general 
phylosophy of fedora and K12 on how secure a system should be, ie 
firewall is also running by default and needs to be reconfigured to open 
up certain ports or services. As long as the admin can control it i 
don't see an issue.
I do have 2 other issues that puzzle me.
What happened to NBDSWAPD. Did i miss something along the line?
And also, i need lts.conf in both places if i want a shell on one screen 
and ldm on another. I need the default setting and client specific 
setting in the tftpboot download area and a deault only seeting in 
chroot /optltsp/i386/etc. Is this correct?


More information about the K12Linux-devel-list mailing list