[prev in list] [next in list] [prev in thread] [next in thread]
List: debian-user
Subject: Re: USB key requirement.
From: Emanoil Kotsev <deloptes () yahoo ! com>
Date: 2011-01-12 12:46:41
Message-ID: 43634.99072.qm () web161208 ! mail ! bf1 ! yahoo ! com
[Download RAW message or body]
--- On Tue, 1/11/11, Dan Serban <dserban@lodgingcompany.com> wrote:
>
> I figured that after the root partition is mounted (nfs), I
> would have
> an init.d script that would work its magic.. if it's there,
> allow the
> continuation of the boot sequence (load gdm and other
> non-essential
> services). All I would require is to match against an
> encrypted key
> without user intervention.
In fact if using PXE you don't really pay attention on security - I'm wondering what \
good means the usb key in this case.
I would put a customized initrd file on the usb and boot from there
>
> > Q: Do you have a keyboard and is it desirable to use
> it on boot time?
> > Or you want just to plugin and if the right usb is
> inside the boot
> > will go on. you can do this after the system has
> already booted and
> > you can access the usb from the diskless station.
>
> Second option, no keyboard interaction is required in my
> mind. If you
> miss having the usb stick inserted, then to move forward,
> hit the reset
> button.
In your mind or in the specific case?
> > Q: have you heard of security
> > dongles
> > "http://www.naturela-bg.com/index.php?categ=&page=itm&lang=en&id=45&pid=&p="
> >
>
> I have heard of them, but I don't personally understand the
> actual
> difference of a specialized key, versus a usb block device
> with an
> encryption file on it.
Well this is exactly what you are trying to do - the one link I posted I was the \
first that popped up in google and supports linux.
This is not a USB stick but a piece of hardware you plug in on the usb slot. You can \
do much more (programs can be banned from starting etc)
anyway over PXE (TFTP) everything is open and security is pretty week - I don't think \
a USB stick is really necessary to secure something. What happens if the user plug \
ins instead your USB stick a normal live USB ubuntu i.e. It will boot, the NFS shares \
can be mounted (cause you authenticate on system level) and the sense of some \
security is gone.
With PXE boot you have to use other security methods I think.
regards
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/43634.99072.qm@web161208.mail.bf1.yahoo.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic