on sending a kerberos keytab to the client machine

Michał Dwużnik michal.dwuznik at gmail.com
Mon Sep 24 23:07:35 CEST 2012


Hi,



> At the end of the day, if you need to really be secure, you need to have
> some kind of state on the client machine (Kerberos password, 802.1x
> credentials, etc.)--which generally doesn't exist on a clean image.
>
>
>
'Clean image' runs on a particular machine which, it seems to me, can be
fingerprinted before. For some machines there will be the vendor
serial/service tag available, for some
there will be e.g. memory module serial or disk serial number.

Combination of e.g. service tag, disk serial number and memory module
serials seems reasonably close to being unique and immutable.


Regards
Michal
Michal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.uni-koeln.de/pipermail/linux-fai/attachments/20120924/aa6d14cd/attachment.html>


More information about the linux-fai mailing list