Path: utzoo!utgpu!watmath!clyde!att!rutgers!sunybcs!ugbernie From: ugbernie@sunybcs.uucp (Bernard Bediako) Newsgroups: comp.sys.next Subject: Re: diskless NeXT? (was Re: Announcement vs reality) Keywords: Next Message-ID: <2993@cs.Buffalo.EDU> Date: 1 Dec 88 04:56:11 GMT References: <17846@glacier.STANFORD.EDU> <3638@pt.cs.cmu.edu> <28185@tut.cis.ohio-state.edu> <267@aber-cs.UUCP> <28493@tut.cis.ohio-state.edu> <13977@cisunx.UUCP> <28659@tut.cis.ohio-state.edu> Sender: nobody@cs.Buffalo.EDU Reply-To: ugbernie@sunybcs.UUCP (Bernard Bediako) Distribution: eunet,world Organization: SUNY/Buffalo Computer Science Lines: 60 In article <28659@tut.cis.ohio-state.edu> romig@stegosaur.cis.ohio-state.edu (Steven M. Romig) writes: >cmf@cisunx.UUCP (Carl M. Fongheiser) writes: >> Why do you need root access to get people's passwords? It hardly even >> makes it easier! [ stuff deleted] >There are two cases - either you have a local disk of some sort, or >you boot diskless (with the possibility that you may boot remotely, >but swap to a local disk). In the case of a local disk of some sort, I don't really understand this point. I thought that each user would have his OWN optical disk; meaning it did contain an /etc/passwd. The disk wouldn't contain anyone else's acct. infomation. It should work close to the same way as a 'partially diskless workstation' where the user loads up with his disks, but runs mosts of the desired commands (commands that shouldn't be controlled by the user, btu kept in the traditonal way on the main disk server) off the remote computer/drive. This way some the commands on his disk are either the equivalents of a /usr/local/bin or the users personal bin. I'm not really certain what kinds of progs. should be kept on the user's disks though. Maybe things like the editor, or progams in general that could be used normally on a single user system (basically enough to advantadge of that extra space) I'm sure most people using them wont need 100+ Megs for their own personal disk space (but maybe :-) >In the case of a diskless workstation, I've got to deal with network >services to boot and mount file systems and all that - I have a flying >chance of maintaining some semblance of security using something like >Kerberos. Someone may still choose to bring an optical disk and boot >off of that, but they can probably be prevented from futzing with the >system software across the network. That means that the next user to >come along can boot the workstation and can be "guaranteed" to have a >correct copy of the system to work with. [stuff deleted] >The point isn't that people can spoof other folks out of their >passwords - of course they can, even without root access. The point I >was making is that using local disks puts the software in the hands of >the user. Some people may choose to do that - I would rather not, but >I won't have any choice about it if NeXT doesn't support diskless >workstations. > If the person loads up with his disk, and has to log onto the remote server/drive, security could be kept up to the point of having the remote machine not give root (or anything similar) to the user;to that machine I would just be a user with access to whatever root of that machine determines I can have. And keeping people off the remote is as simple as locking it somewhere safe! >--- Steve Romig romig@cis.ohio-state.edu > CIS Dept., The Ohio State University bernie ------------------------------------------------------------------------ Bernard Bediako SUNY/Buffalo Computer Science UUCP: ..!{ames,boulder,decvax,rutgers}!sunybcs!ugbernie Internet: ugbernie@cs.Buffalo.EDU BITNET: ugbernie@sunybcs.BITNET ------------------------------------------------------------------------ Bernard Bediako SUNY/Buffalo Computer Science UUCP: ..!{ames,boulder,decvax,rutgers}!sunybcs!ugbernie Internet: ugbernie@cs.Buffalo.EDU BITNET: ugbernie@sunybcs.BITNET