Setting Up Your Own Diskless Workstations with LTSP - page 5
The Whys and Wherefores of LTSP
System administrators, when finished configuring the diskless workstations, need to take care about security. Services used in such networks (NFS, X Window) are rather weak, and they have rather insecure tools for restricted access.
This is why a aystem administrator needs:
- to make DHCP allocates IP addresses with attachments to real MAC addresses of network cards.
- to configure the firewall to allow access to ports 514/udp (syslog), 7100/tcp (font server), 2049/tcp/udp (nfs) for local workstations only.
- to restrict access to xdm.
This last requirement is handled in the /etc/X11/xdm/Xaccess file, where you can define a list of local diskless workstations and allow access only for them by commenting out the lines:
* #any host can get a login window * CHOOSER BROADCAST #any indirect host can get a chooser
and creating a list of actual workstations:
ws001 ws002 %hostlist ws001 ws002 * CHOOSER %hostlist
- 1Linux Top 3: Fedora 24, Peppermint 7 and Solus 1.2
- 2Linux Top 3: Alpine Linux 3.4, deepin 15.2 and Linux Lite 3.0
- 3Linux 4.7 Set to Boost Live Patching, Security and Power Management
- 4Linux 4.6 Charred Weasel adds USB 3.1 Support
- 5Linux Top 3: OpenIndiana 2016.04, Ubuntu 16.04 and Debian's New Leader