What is a “trusted client?” A trusted client is a client machine that is in a lab or used for a faculty/staff workstation that is administrated by an NCSU systems administrator. Trusted clients have a secret key that allows them access to certain specific updates that may contain sensitive information. An untrusted clients is any machine that is set up in an unsupported way or is maintained by someone that is not an NCSU systems administrator. Basically, trusted clients have access to data that may be a security risk if the data were publicly available.

As of this writing the infrastructure for “trusted clients” is now completely implemented. The issue at stake here is that the method of pushing updated user lists (such as /root/.klogin, /etc/users.local, and friends) and updated root passwords (actually, the MD5 hash stored in /etc/shadow) requires that each client have a secret decryption key. This key must be local and only readable by root. Unfortunately, due to the nature of the Open Source model this is made difficult. At this time, Realm Linux uses an XMLRPC client to authenticate and receive this information from the back end systems in a secure manner.

This method has been devised to use the Web-Kickstart system. (Hence the push to use Web-Kickstart.) This system will assign each client a unique GPG public/private key that will facilitate safe transmission of sensitive data across the network. This can only be done using the unique features that the Web-Kickstart system gives us. Which are NCSU system administrator approval of clients combined with install tracking. Please watch Sysnews and the Realm Linux email lists for upcoming information.