I’ve been thinking about a hybrid thin linux architecture for some time. More or less a bootable ISO, with a lightweight X, some VPN utilities and thats about it.
Rather than netboot, the ISO would boot normally, then interrogate sda1 (a usb key) for a configuration file, and then mount /home and /usr over a ppp/ssh vpn. All server side applications can then be wrapped in a utility that checks the client side usb stick creds before running.
The point being, that an administrator could hand a user a CD and a usb stick with creds, and send him out the door, knowing that every application execution was authenticated to the usb key, and that 100% of LAN traffic was ciphered 100% of the time. You wouldn’t need passwords. The ssh pub/key pair would be removable (on the usb stick) and would act like a brass key.
Essentially all the good from thin client land, in a way that is a bit more secure than is typically done in thin client installs, and WAY less grabastic than is typically done on the average corporate LAN.
Anybody heard of anybody doing anything like this in FOSS?