|> >
|> >One solution I can think of is getting a machine that has a password protected
|> >BIOS, and allows the change in the boot order with the hard drive first. I would
|> >love to hear other ideas, if any do exist.
|> >

There is the school of thought that it is impossible to make a pubically
accessable machine secure.  The solution that has been proposed and implemented
is to have 1 or more file servers in a physically secure place (locked room).
The public machines then download the files they need from the file server
after the user at the public machine has been authenticated to the file server.
It is possible to do this authentication in a manner that does not need to 
assume that the public machine has not been compromised, and in a manner that
avoids sending passwords over networks.  Even with this method, it is not
possible to guard against a person writing a program that looks like the login
program and steeling passwods.

The reason I mention this, is this system has been implemented at MIT.  It
is called Project Athena, and I believe that all of the software that they 
developed for it is public domain (there is a /pub/athena directory on tsx-11).
We use this system at here also, and I would love to be able to be able to
connect a linux machine(s) into the system.  I have no idea how much work
porting the software to linux would be (after tcp/ip gets into the kernel).
I would appreciate any information about this that anyone might have.

Thanks,
Jim Nance