[prev in list] [next in list] [prev in thread] [next in thread] 

List:       debian-user
Subject:    Re: USB key requirement.
From:       Emanoil Kotsev <deloptes () yahoo ! com>
Date:       2011-01-12 12:46:41
Message-ID: 43634.99072.qm () web161208 ! mail ! bf1 ! yahoo ! com
[Download RAW message or body]



--- On Tue, 1/11/11, Dan Serban <dserban@lodgingcompany.com> wrote:


> 
> I figured that after the root partition is mounted (nfs), I
> would have
> an init.d script that would work its magic.. if it's there,
> allow the
> continuation of the boot sequence (load gdm and other
> non-essential
> services).  All I would require is to match against an
> encrypted key
> without user intervention.

In fact if using PXE you don't really pay attention on security - I'm wondering what \
good means the usb key in this case.

I would put a customized initrd file on the usb and boot from there

> 
> > Q: Do you have a keyboard and is it desirable to use
> it on boot time?
> > Or you want just to plugin and if the right usb is
> inside the boot
> > will go on. you can do this after the system has
> already booted and
> > you can access the usb from the diskless station.
> 
> Second option, no keyboard interaction is required in my
> mind.  If you
> miss having the usb stick inserted, then to move forward,
> hit the reset
> button.

In your mind or in the specific case?


> > Q: have you heard of security
> > dongles
> > "http://www.naturela-bg.com/index.php?categ=&page=itm&lang=en&id=45&pid=&p="
> > 
> 
> I have heard of them, but I don't personally understand the
> actual
> difference of a specialized key, versus a usb block device
> with an
> encryption file on it.

Well this is exactly what you are trying to do - the one link I posted I was the \
first that popped up in google and supports linux.

This is not a USB stick but a piece of hardware you plug in on the usb slot. You can \
do much more (programs can be banned from starting etc)

anyway over PXE (TFTP) everything is open and security is pretty week - I don't think \
a USB stick is really necessary to secure something. What happens if the user plug \
ins instead your USB stick a normal live USB ubuntu i.e. It will boot, the NFS shares \
can be mounted (cause you authenticate on system level) and the sense of some \
security is gone.

With PXE boot you have to use other security methods I think. 

regards


      


-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/43634.99072.qm@web161208.mail.bf1.yahoo.com


[prev in list] [next in list] [prev in thread] [next in thread]