How to prevent new installations when I have already installed my client through LAN boot?

[Thomas Neumann]

> Any kind of automated installation is unsecure. [...]
[...]
> Since PXE (and tftp) is insecure, FAI does not have special options for
> making completely insecure things more secure.

That's totally fine. But why isn't that part of the documentation? Why not
state that there are architectural issues related to pxe, tftp and
fai-chboot/fai-mond that may be worth considering?

> You may want to resrict the LOGUSER account to only execute fai-chboot
> or scponly. You may want to use faimond -i instead of remote calling
> fai-chboot, but this is also not really secure.

What do you think about the token/otp idea from my other mail?

> IMO this all is not a problem for FAI. FAI is used since a long time
> in very different environment, and I never heard of anyone not using
> FAI because of security concerns.

I totally agree it's not a problem for FAI. What I don't agree with is to
advice users to use features which may harm them in non-obvious ways. I'm
fine with either fixing the tools or documenting the issues. Blaming the
user for not thinking things through hard enough is rather cheesy.

fai-guide chapter 5.10 could be changed to:

-To skip booting from network card, you can use the command fai-chboot(8)
to enable localboot.
+It is possible to remotely execute 'fai-chboot ...' on the fai server to
switch the installed client to localboot after the installation has
completed. Warning: This may open up the fai installation environment to
exploits if the remote login account is not properly secured.