on sending a kerberos keytab to the client machine

Toomas Tamm tt-fai at kky.ttu.ee
Tue Sep 25 09:02:49 CEST 2012


On Mon, 2012-09-24 at 23:07 +0200, Michał Dwużnik wrote:

> 
> Combination of e.g. service tag, disk serial number and memory module
> serials seems reasonably close to being unique and immutable.

Getting all this data into machine-readable form and onto your FAI
server may well involve a lot more manual labour than typing an unique
secret into each machine at install time...

On the other hand, if you are performing frequent re-installs in remote
locations, you may want to automatically collect the data *after* the
first install (which would involve a manual key entry step) and use it
subsequently or a completely automated setup.

Another option which I have contemplated (but never implemented) would
involve inserting a removable media (USB stick, CD, etc) into the host
being installed, which contains the required unique key(s). These can be
removed and locked up (or even destroyed) afterwards to prevent
unauthorized access in the future.

Toomas



More information about the linux-fai mailing list