System administrators, when finished configuring the diskless workstations, need to take care about security. Services used in such networks (NFS, X Window) are rather weak, and they have rather insecure tools for restricted access.

This is why a aystem administrator needs:

• to make DHCP allocates IP addresses with attachments to real MAC addresses of network cards.
• to configure the firewall to allow access to ports 514/udp (syslog), 7100/tcp (font server), 2049/tcp/udp (nfs) for local workstations only.
• to restrict access to xdm.

This last requirement is handled in the /etc/X11/xdm/Xaccess file, where you can define a list of local diskless workstations and allow access only for them by commenting out the lines:

    *                                       #any host can get a login window
    *               CHOOSER BROADCAST       #any indirect host can get a chooser

and creating a list of actual workstations:

    ws001
    ws002
    %hostlist ws001 ws002
    *               CHOOSER %hostlist

Next: Wrapping Up »