FAI and sensitive installation data
luzian.scherrer at id.unizh.ch
luzian.scherrer at id.unizh.ch
Fri Apr 11 12:18:41 CEST 2003
Hello,
How do you handle the installation of sensitive data with FAI? With
sensitive data I mean for example programms that must contain password
to authenticate against others or private keys to be installed on a
host. The way FAI works, this data is available "freely" to everyone
that can describe as client to be installed, isn't it? It becomes a
problem if you are installing clients that are then used by different
people with different accesses (root etc.).
My proposal is this: extend fcopy with a `--secure' switch. When called
this way, it first reads the hosts private key and then decrypts the
data to be copied before actually installing it. This per host private
key is stored on a floppy or CD-ROM residing in the clients drive. I
think this would be the only way to be able to really authenticate FAI
clients. (This assumes of course, that those using the clients do not
have physical access to the machines).
What do you think about it?
Thanks,
-Luzian
--
University of Zurich, Central Computing <luzian.scherrer at id.unizh.ch>
Tel: +41 1 63 56778 -- Fax: +41 1 63 54505 -- Office: Y11-F-76
More information about the linux-fai
mailing list