Path: utzoo!utgpu!watmath!clyde!att!rutgers!sunybcs!ugbernie
From: ugbernie@sunybcs.uucp (Bernard Bediako)
Newsgroups: comp.sys.next
Subject: Re: diskless NeXT? (was Re: Announcement vs reality)
Keywords: Next
Message-ID: <2993@cs.Buffalo.EDU>
Date: 1 Dec 88 04:56:11 GMT
References: <17846@glacier.STANFORD.EDU> <3638@pt.cs.cmu.edu> <28185@tut.cis.ohio-state.edu> <267@aber-cs.UUCP> <28493@tut.cis.ohio-state.edu> <13977@cisunx.UUCP> <28659@tut.cis.ohio-state.edu>
Sender: nobody@cs.Buffalo.EDU
Reply-To: ugbernie@sunybcs.UUCP (Bernard Bediako)
Distribution: eunet,world
Organization: SUNY/Buffalo Computer Science
Lines: 60

In article <28659@tut.cis.ohio-state.edu> romig@stegosaur.cis.ohio-state.edu (Steven M. Romig) writes:
>cmf@cisunx.UUCP (Carl M. Fongheiser) writes:
>> Why do you need root access to get people's passwords?  It hardly even
>> makes it easier! 
	[ stuff deleted]
>There are two cases - either you have a local disk of some sort, or
>you boot diskless (with the possibility that you may boot remotely,
>but swap to a local disk).  In the case of a local disk of some sort,

I don't really understand this point.  I thought that each user would have
his OWN optical disk; meaning it did contain an /etc/passwd.
The disk wouldn't contain anyone else's acct. infomation.
	It should work close to the same way as a 'partially diskless
workstation' where the user loads up with his disks, but runs mosts
of the desired commands (commands that shouldn't be controlled by the
user, btu kept in the traditonal way on the main disk server) off the 
remote computer/drive.  This way some the commands on his disk are
either the equivalents of a /usr/local/bin or the users personal bin.
I'm not really certain what kinds of progs. should be kept on the
user's disks though.  Maybe things like the editor, or progams in 
general that could be used normally on a single user system (basically
enough to advantadge of that extra space) I'm sure most people using
them wont need 100+ Megs for their own personal disk space (but maybe :-)
 
>In the case of a diskless workstation, I've got to deal with network
>services to boot and mount file systems and all that - I have a flying
>chance of maintaining some semblance of security using something like
>Kerberos.  Someone may still choose to bring an optical disk and boot
>off of that, but they can probably be prevented from futzing with the
>system software across the network.  That means that the next user to
>come along can boot the workstation and can be "guaranteed" to have a
>correct copy of the system to work with.
	[stuff deleted]
>The point isn't that people can spoof other folks out of their
>passwords - of course they can, even without root access.  The point I
>was making is that using local disks puts the software in the hands of
>the user.  Some people may choose to do that - I would rather not, but
>I won't have any choice about it if NeXT doesn't support diskless
>workstations.
>
	If the person loads up with his disk, and has to log onto
the remote server/drive, security could be kept up to the point of
having the remote machine not give root (or anything similar) to the
user;to that machine I would just be a user with access to whatever
root of that machine determines I can have.  And keeping people off
the remote is as simple as locking it somewhere safe!

>--- Steve Romig				romig@cis.ohio-state.edu
>    CIS Dept., The Ohio State University

			bernie

------------------------------------------------------------------------
Bernard Bediako                           SUNY/Buffalo Computer Science
UUCP:          	  ..!{ames,boulder,decvax,rutgers}!sunybcs!ugbernie
Internet: ugbernie@cs.Buffalo.EDU         BITNET: ugbernie@sunybcs.BITNET
------------------------------------------------------------------------
Bernard Bediako                           SUNY/Buffalo Computer Science
UUCP:          	  ..!{ames,boulder,decvax,rutgers}!sunybcs!ugbernie
Internet: ugbernie@cs.Buffalo.EDU         BITNET: ugbernie@sunybcs.BITNET