Given the load ssh encryption entails, the server would serve (my estimation) less than third of the users it is able to serve now. For this reason, I think XDMCP makes sense on LAN anyway, despite security issues. Anyway, we do not use LTSP (for historical reasons: local media support - there is PXES right now) and the scope of the argument is larger; for this reason, #49503 is a special case of this issue.
I don't know what rigorous criterion should be made for the permission to perform system actions; but the local display one seems rather simple and intuitive. For the XFCE, I foud about that a day later by an accident (yes, a DoS on the server) and I think it is hardcoded. I will file a separate bug for that in a few days. -- XDMCP user is allowed to hibernate the terminal server https://launchpad.net/bugs/62144 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs