Setting Up Your Own Diskless Workstations with LTSP - page 5
The Whys and Wherefores of LTSP
System administrators, when finished configuring the diskless workstations, need to take care about security. Services used in such networks (NFS, X Window) are rather weak, and they have rather insecure tools for restricted access.
This is why a aystem administrator needs:
- to make DHCP allocates IP addresses with attachments to real MAC addresses of network cards.
- to configure the firewall to allow access to ports 514/udp (syslog), 7100/tcp (font server), 2049/tcp/udp (nfs) for local workstations only.
- to restrict access to xdm.
This last requirement is handled in the /etc/X11/xdm/Xaccess file, where you can define a list of local diskless workstations and allow access only for them by commenting out the lines:
* #any host can get a login window * CHOOSER BROADCAST #any indirect host can get a chooser
and creating a list of actual workstations:
ws001 ws002 %hostlist ws001 ws002 * CHOOSER %hostlist