[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Locking the Clients down



They already are.  Remember, the only thing actually running on the thin client is (basically) the kernel, a shell, and X11.  Everything else runs on the server and merely displays on the thin client.  You don't even need a hard disk in the thin client--yes, you can actually pull it out (I have).  What you want to focus on is locking down your servers.

However, there is one area in which "client" security could be improved, and that's with X11.  It's pretty easy to hijack an X11 session and do what you want to it, say, if you're on a hub-based architecture (switched networks make it a bit more difficult).  Tunneling X11 across SSH is a great way to secure it, and it's very easy.  However, it would currently require, to my knowledge, folks logging in via a CLI first, which will put off most teachers and other decision-makers.  While it would be nice to have that built in already, I'd say that, with LTSP the way it currently is, the risk is acceptable in most environments, certainly in mine.

--TP

On Tue, 2003-10-07 at 09:33, Gavin Spurgeon wrote:
Hi List, Me again...

After getting all of the old units running on my network,
i was wondering if there is any way of locking the client
computer down... Is there any Docz people could point me to...

The 1st thing that i want to do is Lock the clients / directory
to the directory in /opt/ltsp/i386
Is this possible ?



_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>
--TP
Do you GNU!?
The "GNU" Free Software Revolution - With Improved Freedoms for All

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]