opsi Version 3.3.1 - opsi Download - uib
opsi Version 3.3.1 - opsi Download - uib
opsi Version 3.3.1 - opsi Download - uib
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
9.5. Boot files<br />
9. <strong>opsi</strong> data storage (backend)<br />
'/tftpboot/linux' contains the boot files needed for the system start with the PXE-<br />
Bootproms.<br />
9.6.<br />
Securing the shares with encrypted passwords<br />
The installation software '<strong>opsi</strong> preLoginLoader' accesses the shares provided by the<br />
depot server in order to install software and to write configuration information and log<br />
files. This is done with the privileges of the system user 'pcpatch'. Securing these<br />
shares and therefore the authentification data of 'pcpatch' is important for two reasons:<br />
● general system security and data integrity<br />
● meet the license agreements of special software packets<br />
To give the client task 'preLoginLoader' access to authentication data, the server task<br />
'reInstallationManager' creates a specific key when preparing a client re-installation<br />
request. This key is stored in the file '/etc/pckeys' and is passed to the PC with the<br />
reinstallation request. The client PC will store this key in the local file<br />
'c:\<strong>opsi</strong>\cfg\locked.cfg' during system installation (access rights limited to the<br />
administrators). Also, on the server, the file '/etc/pckeys' is only accessible by user root.<br />
This way every PC has got an unique key only known to the client itself and the depot<br />
server, not accessible by client standard users. The key is used to encrypt the password<br />
of the user 'pcpatch'. The encrypted password will be transferred to the client at boot<br />
time via webservice. Hence the servers 'pcpatch' password can be changed any time.<br />
The new encrypted password will be sent to every client at the next reboot.<br />
123