blog/draft/2012-03-skolelinux-wheezy.txt

   1 Title: Debian Edu/Wheezy - some ideas
   2 Tags: english, debian edu
   3 Date: 2012-02-23 14:30
   4
   5 <p>During my work on Debian Edu based on Squeeze, I came across some
   6 issues that should be addressed in the Wheezy release.  I finally
   7 found time to wrap up my notes and provide quick summary of what I
   8 found, with a bit explanation.</p>
   9
  10 <p><ul>
  11
  12 <li>We need to rewrite our package installation framework, as tasksel
  13 changed from using tasksel tasks to using meta packages (aka packages
  14 with dependencies like our education-* packages), and our installation
  15 system depend on tasksel tasks in
  16 /usr/share/tasksel/debian-edu-tasks.desc for package
  17 installation.</li>
  18
  19 <li>Enable Kerberos login for more services.  Now with the Kerberos
  20 foundation in place, we should use it to get single sign on with more
  21 services, and avoiding unneeded password / login questions.  We should
  22 at least try to enable it for these services:
  23 <ul>
  24
  25   <li>CUPS for admins to add/configure printers and users when using
  26     quotas.</li>
  27
  28   <li>Nagios for admins checking the system status.</li>
  29   <li>GOsa for admins updating LDAP and users changing their passwords.</li>
  30   <li>LDAP for admins updating LDAP.</li>
  31   <li>Squid for users when exam mode / filtering is active.</li>
  32   <li>ssh for admins and users to save a password prompt.</li>
  33 </ul></li>
  34
  35 <li>Merge debian-edu-config and debian-edu-install.  The split made
  36 sense when d-e-install did a lot more, but these days it is just an
  37 inconvenience when we update the debconf preseeding values.</li>
  38
  39 <li>Fix partman-auto to allow us to abort the installation before
  40 touching the disk if the disk is too small.  This is
  41 <ahref="http://bugs.debian.org/653305">BTS report #653305</a> and the
  42 d-i developers are fine with the patch and someone just need to apply
  43 it and upload.</li>
  44
  45 <li>Adjust to new LTSP framework (boot time config instead of install
  46 time config).  LTSP changed its design, and our hooks to install
  47 packages and update the configuration is most likely not going to work
  48 in Wheezy.
  49
  50 <li>Consider switching to NBD instead of NFS for LTSP root, to allow
  51 the Kernel to cache files in its normal file cache, possibly speeding
  52 up KDE login on slow networks.</li>
  53
  54 <li>Make it possible to create expired user passwords that need to
  55 change on first login.  This is useful when handing out password on
  56 paper, to make sure only the user know the password.  This require
  57 fixes to the PAM handling of kdm and gdm.</li>
  58
  59 <li>Make GUI for adding new machines automatically from sitesummary.
  60 The current command line script is not very friendly to people most
  61 familiar with GUIs.  This should probably be integrated into GOsa to
  62 have it available where the admin will be looking for it..</li>
  63
  64 <li>We should find way for Nagios to check that the DHCP service
  65 actually is working (as in handling out IP addresses).  None of the
  66 nagios checks I have found so far have been working for me.</li>
  67
  68 <li>We should switch from libpam-nss-ldapd to sssd for all profiles
  69 using LDAP, and not only on for roaming workstations, to have less
  70 packages to configure and consistent setup across all profiles.</li>
  71
  72 <li>We should configure Kerberos to update LDAP and Samba password
  73 when changing password using the Kerberos protocol.  The hook was
  74 requested in <ahref="http://bugs.debian.org/588968">BTS report
  75 #588968</a> and is now available in Wheezy.  We might need to write a
  76 MIT Kerberos plugin in C to get this.</li>
  77
  78 <li>We should clean up the set of applications installed by default.
  79 <ul>
  80
  81 <li>reduce the number of chemistry visualizers</li>
  82 <li>consider dropping xpaint</li>
  83 <li>and probably more?</li>
  84 <ul></li>
  85
  86  - remove/limit ldap bind authentication
  87
  88 <li>Some hardware need external firmware to work properly.  This is
  89 mostly the case for WiFi network cards, but there are some other
  90 examples too.  For popular laptops to work out of the box, such
  91 firmware need to be installed from non-free, and we should provide
  92 some GUI to do this.  Ubuntu already have this implemented, and we
  93 could consider using their packages.  At the moment we have some
  94 command line script to do this (one for the running system, another
  95 for the LTSP chroot).</li>
  96
  97
  98  - Complete exam mode support by adding Squid filtering
  99
 100  - Provide surf board / touch screen desktop
 101
 102 <li>In Squeeze, we provide KDE, Gnome and LXDE as desktop options.  We
 103 should extend the list to Xfce and Sugar, and preferably find a way to
 104 install several and allow the admin or the user to select which one to
 105 use.</li>
 106
 107 <li>The golearn tool from the goplay package make it easy to check out
 108 interesting educational packages.  We should work on the package
 109 tagging in Debian to ensure it represent all the useful educational
 110 packages, and extend the tool to allow it to use packagekit to install
 111 new applications with a simple mouse click.</li>
 112
 113  - add out of the box setup for italc/controlaula/epoptes
 114 </li>