[prev in list] [next in list] [prev in thread] [next in thread]
List: ltsp-discuss
Subject: Re: [Ltsp-discuss] Securing X on terminals
From: David Kennel <dkennel () lanl ! gov>
Date: 2006-12-22 17:12:43
Message-ID: 58E2FE76-A5F1-40BF-820F-AC2B0ECE85A4 () lanl ! gov
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
With the NX client setup as described on the wiki and a user logged
in an Nmap scan on the clients show port 6000 and 6001 open. 6001
requires authorized access but 6000 does not. I'm not sure if it's
exploitable like this but it shows up on our vulnerability scans.
David Kennel
On Dec 21, 2006, at 9:26 PM, Todd Shoemaker wrote:
> David-
>
> By default the X server should not allow unauthorized access
> without the
> magic cookie. In other words, another user on another terminal logged
> into the same server can't just export DISPLAY=my_terminal:0.0 and run
> an application on my terminal. If I ran xhost +server they could, but
> that's just asking for trouble. Does the company policy require that
> you can't even scan the port?
>
> If so, the only solution is to get ip_tables running; download the
> kernel source and copy in the .config file used from the LTSP kernel.
> You can then make xconfig and enable the ip_tables module, then 'make
> modules'. You shouldn't have to install the kernel, just copy the
> module into the kernel tree. IIRC, you'll also need to update the
> module map with something like:
>
> depmod -b /opt/ltsp4/i386/lib/modules 2.6.17.8-ltsp-1
>
> If you've never built a kernel and none of that made sense, let me
> know
> and I can walk you through it. Building a kernel is pretty easy once
> you've done it once or twice.
>
> -Todd
>
> David Kennel wrote:
>> I used the instructions located on the LTSP wiki to install the NX
>> client into the root for the LTSP clients and add the appropriate
>> screen script to start the NX client on boot. That portion of the
>> setup is relatively straightforward and appears to be working
>> beautifully. The instructions are
>> here http://wiki.ltsp.org/twiki/bin/view/Ltsp/
>> WorkInProgress#LTSP_via_OpenVPN
>>
>>
>> I have tried limiting access via hosts.allow with no success. I tried
>> iptables but the 2.6.17.8-ltsp-1 kernel does not have iptables. I get
>> the following error when trying to do # /sbin/iptables -L I get the
>> following error:
>> modprobe: FATAL: Module ip_tables not found.
>>
>> iptables v1.2.11: can't initialize iptables table 'filter': iptables
>> who? (do you need to insmod?)
>> Perhaps iptables or your your kernel needs to be upgraded.
>>
>> Due to company security restrictions we are not allowed to have X on
>> the network without encryption. Nor can we have Xservers listening to
>> the network without access control.
>>
>> David Kennel
>>
>>
>> On Dec 20, 2006, at 7:12 AM, Todd Shoemaker wrote:
>>
>>> David Kennel wrote:
>>>> I am piloting an LTSP based solution. Due to our security
>>>> requirements
>>>> I have had to tweak the configuration quite a bit to harden the
>>>> system. I have moved the clients to encrypted connections based on
>>>> FreeNX but the clients are still opening their X11 servers to dog +
>>>> world. Does anyone know of a good way to shut this down or at least
>>>> verifiably limit the traffic to the server.
>>>>
>>>> I have considered moving all the traffic to an encrypted VPN but
>>>> cannot find good documentation on this process.
>>>
>>> David-
>>>
>>> I haven't tried this, but the terminal kernels should be able to
>>> use the
>>> built-in Linux firewall iptables to block all but expected
>>> traffic. You
>>> may have to copy the iptables utils into $LTSP/i386 so they can
>>> be run
>>> by the terminals. Once you get the rules you want (there are web
>>> sites
>>> that can build these for you), add a script to $LTSP/etc/rc.d and
>>> call
>>> it by adding a line to lts.conf like this: RC_FILE=myscript.sh .
>>>
>>> My next question is how you "moved the clients to encrypted
>>> connections
>>> based on FreeNX". Does LTSP come with a freenx client already
>>> installed
>>> now? Or do your clients log in to the terminal server and then run
>>> freenx from the server to the remote server? I would be curious to
>>> learn what heavy lifting you had to do to get freenx installed on
>>> the
>>> terminal as a default client (like we already have with X11,
>>> rdesktop,
>>> and telnet).
>>>
>>> Finally, LTSP is not necessarily intended to be a secure traffic
>>> solution, but a trusted LAN solution. Any time you have NFS,
>>> SMB, or
>>> any non-ssh file sharing such as we use for LTSP (to run the
>>> terminals),
>>> you need to place some trust on your physical LAN. You could
>>> adopt a
>>> fully encrypted solution for files and X11 traffic, but if you start
>>> encrypting the X11 traffic using SSH, freenx, RDP, etc, you
>>> introduce
>>> latency that can be felt by the user. It's not so bad when you
>>> use it
>>> over the Internet/WAN, but it can be felt on a LAN versus an
>>> unencrypted
>>> X11 session.
>>>
>>> -Todd
>>>
>>>
>>> --------------------------------------------------------------------
>>> -----
>>> Take Surveys. Earn Cash. Influence the Future of IT
>>> Join SourceForge.net's Techsay panel and you'll get the chance to
>>> share your
>>> opinions on IT & business topics through brief surveys - and earn
>>> cash
>>> http://www.techsay.com/default.php?
>>> page=join.php&p=sourceforge&CID=DEVDEV
>>> <http://www.techsay.com/default.php?
>>> page=join.php&p=sourceforge&CID=DEVDEV>
>>> ____________________________________________________________________
>>> _
>>> Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
>>> https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
>>> For additional LTSP help, try #ltsp channel on irc.freenode.net
>>
>> ---------------------------------------------------------------------
>> ---
>>
>> ---------------------------------------------------------------------
>> ----
>> Take Surveys. Earn Cash. Influence the Future of IT
>> Join SourceForge.net's Techsay panel and you'll get the chance to
>> share your
>> opinions on IT & business topics through brief surveys - and earn
>> cash
>> http://www.techsay.com/default.php?
>> page=join.php&p=sourceforge&CID=DEVDEV
>> ---------------------------------------------------------------------
>> ---
>>
>> _____________________________________________________________________
>> Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
>> https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
>> For additional LTSP help, try #ltsp channel on irc.freenode.net
>>
>
>
> ----------------------------------------------------------------------
> ---
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to
> share your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php?
> page=join.php&p=sourceforge&CID=DEVDEV
> _____________________________________________________________________
> Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
> https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
> For additional LTSP help, try #ltsp channel on irc.freenode.net
[Attachment #5 (unknown)]
<HTML><BODY style="word-wrap: break-word; -khtml-nbsp-mode: space; -khtml-line-break: \
after-white-space; "><DIV>With the NX client setup as described on the wiki and a \
user logged in an Nmap scan on the clients show port 6000 and 6001 open. 6001 \
requires authorized access but 6000 does not. I'm not sure if it's exploitable like \
this but it shows up on our vulnerability scans.</DIV><BR><DIV> <SPAN \
class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; \
color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; \
font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: \
normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; \
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; \
widows: 2; word-spacing: 0px; "><DIV>David Kennel</DIV><DIV><BR \
class="khtml-block-placeholder"></DIV><DIV><BR \
class="khtml-block-placeholder"></DIV><BR class="Apple-interchange-newline"></SPAN> \
</DIV><BR><DIV><DIV>On Dec 21, 2006, at 9:26 PM, Todd Shoemaker wrote:</DIV><BR \
class="Apple-interchange-newline"><BLOCKQUOTE type="cite"><DIV style="margin-top: \
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">David-</DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">By default the X server should not allow \
unauthorized access without the<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
">magic cookie.<SPAN class="Apple-converted-space"> </SPAN>In other words, another \
user on another terminal logged<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
">into the same server can't just export DISPLAY=my_terminal:0.0 and run<SPAN \
class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">an application on my \
terminal.<SPAN class="Apple-converted-space"> </SPAN>If I ran xhost +server they \
could, but<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: \
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">that's just asking \
for trouble.<SPAN class="Apple-converted-space"> </SPAN>Does the company policy \
require that<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: \
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">you can't even scan \
the port?</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">If so, the only solution \
is to get ip_tables running; download the<SPAN class="Apple-converted-space"> \
</SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">kernel source and copy in the .config file used from the LTSP \
kernel. <SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: \
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">You can then make \
xconfig and enable the ip_tables module, then 'make<SPAN \
class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">modules'.<SPAN \
class="Apple-converted-space"> </SPAN>You shouldn't have to install the kernel,<SPAN \
class="Apple-converted-space"> </SPAN>just copy the<SPAN \
class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">module into the kernel \
tree.<SPAN class="Apple-converted-space"> </SPAN>IIRC, you'll also need to update \
the<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">module map with something \
like:</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">depmod -b \
/opt/ltsp4/i386/lib/modules 2.6.17.8-ltsp-1</DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; \
"><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">If you've never built a kernel and none of that made sense, let \
me know<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">and I can walk you through \
it.<SPAN class="Apple-converted-space"> </SPAN>Building a kernel is pretty easy \
once<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">you've done it once or \
twice.</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">-Todd</DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">David Kennel wrote:</DIV> <BLOCKQUOTE \
type="cite"><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">I used the instructions located on the LTSP wiki to install the \
NX<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">client into the root for \
the LTSP clients and add the appropriate<SPAN class="Apple-converted-space"> \
</SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">screen script to start the NX client on boot.<SPAN \
class="Apple-converted-space"> </SPAN>That portion of the<SPAN \
class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">setup is relatively \
straightforward and appears to be working<SPAN class="Apple-converted-space"> \
</SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">beautifully. The instructions are<SPAN \
class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">here <A \
href="http://wiki.ltsp.org/twiki/bin/view/Ltsp/WorkInProgress#LTSP_via_OpenVPN">http://wiki.ltsp.org/twiki/bin/view/Ltsp/WorkInProgress#LTSP_via_OpenVPN</A> \
<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; \
"><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">I have tried limiting \
access via hosts.allow with no success. I tried<SPAN class="Apple-converted-space"> \
</SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">iptables but the 2.6.17.8-ltsp-1 kernel does not have iptables. I \
get<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">the following error when \
trying to do # /sbin/iptables -L<SPAN class="Apple-converted-space"> </SPAN>I get \
the<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">following error:</DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
">modprobe: FATAL: Module ip_tables not found.</DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; \
"><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">iptables v1.2.11: can't initialize iptables table 'filter': \
iptables<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: \
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">who? (do you need to \
insmod?)</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">Perhaps iptables or your your kernel needs to be \
upgraded.</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Due to company security \
restrictions we are not allowed to have X on<SPAN class="Apple-converted-space"> \
</SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">the network without encryption. Nor can we have Xservers \
listening to<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: \
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">the network without \
access control.<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">David Kennel</DIV><DIV style="margin-top: \
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; \
"><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">On Dec 20, 2006, at 7:12 \
AM, Todd Shoemaker wrote:</DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><BR></DIV> <BLOCKQUOTE \
type="cite"><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">David Kennel wrote:</DIV> <BLOCKQUOTE type="cite"><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">I \
am piloting an LTSP based solution. Due to our security requirements<SPAN \
class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">I have had to tweak the \
configuration quite a bit to harden the<SPAN class="Apple-converted-space"> \
</SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">system. I have moved the clients to encrypted connections based \
on<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">FreeNX but the clients are \
still opening their X11 servers to dog +<SPAN class="Apple-converted-space"> \
</SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">world. Does anyone know of a good way to shut this down or at \
least<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">verifiably limit the \
traffic to the server.</DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><BR></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">I \
have considered moving all the traffic to an encrypted VPN but<SPAN \
class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">cannot find good \
documentation on this process.<SPAN class="Apple-converted-space"> </SPAN></DIV> \
</BLOCKQUOTE><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">David-</DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">I haven't tried this, but the terminal \
kernels should be able to use the<SPAN class="Apple-converted-space"> \
</SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">built-in Linux firewall iptables to block all but expected \
traffic.<SPAN class="Apple-converted-space"> </SPAN>You<SPAN \
class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">may have to copy the \
iptables utils into $LTSP/i386 so they can be run<SPAN class="Apple-converted-space"> \
</SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">by the terminals.<SPAN class="Apple-converted-space"> \
</SPAN>Once you get the rules you want (there are web sites<SPAN \
class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">that can build these for \
you), add a script to $LTSP/etc/rc.d and call<SPAN class="Apple-converted-space"> \
</SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">it by adding a line to lts.conf like this: RC_FILE=myscript.sh \
.</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">My next question is how \
you "moved the clients to encrypted connections<SPAN class="Apple-converted-space"> \
</SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">based on FreeNX".<SPAN class="Apple-converted-space"> \
</SPAN>Does LTSP come with a freenx client already installed<SPAN \
class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">now?<SPAN \
class="Apple-converted-space"> </SPAN>Or do your clients log in to the terminal \
server and then run<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
">freenx from the server to the remote server?<SPAN class="Apple-converted-space"> \
</SPAN>I would be curious to<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
">learn what heavy lifting you had to do to get freenx installed on the<SPAN \
class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">terminal as a default \
client (like we already have with X11, rdesktop,<SPAN class="Apple-converted-space"> \
</SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">and telnet).</DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><BR></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
">Finally, LTSP is not necessarily intended to be a secure traffic<SPAN \
class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">solution, but a trusted \
LAN solution.<SPAN class="Apple-converted-space"> </SPAN>Any time you have NFS, SMB, \
or<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">any non-ssh file sharing \
such as we use for LTSP (to run the terminals),<SPAN class="Apple-converted-space"> \
</SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">you need to place some trust on your physical LAN.<SPAN \
class="Apple-converted-space"> </SPAN>You could adopt a<SPAN \
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic