March 25, 2019

Setting Up Your Own Diskless Workstations with LTSP - page 5

The Whys and Wherefores of LTSP

  • October 2, 2002
  • By Alexander Prohorenko

System administrators, when finished configuring the diskless workstations, need to take care about security. Services used in such networks (NFS, X Window) are rather weak, and they have rather insecure tools for restricted access.

This is why a aystem administrator needs:

  • to make DHCP allocates IP addresses with attachments to real MAC addresses of network cards.
  • to configure the firewall to allow access to ports 514/udp (syslog), 7100/tcp (font server), 2049/tcp/udp (nfs) for local workstations only.
  • to restrict access to xdm.

This last requirement is handled in the /etc/X11/xdm/Xaccess file, where you can define a list of local diskless workstations and allow access only for them by commenting out the lines:

    *                                       #any host can get a login window
    *               CHOOSER BROADCAST       #any indirect host can get a chooser

and creating a list of actual workstations:

    %hostlist ws001 ws002
    *               CHOOSER %hostlist

Most Popular LinuxPlanet Stories