- <div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Debian_Edu___some_ideas_for_the_future_versions.html">Debian Edu - some ideas for the future versions</a></div>
- <div class="date">11th June 2012</div>
- <div class="body"><p>During my work on
-<a href="http://www.debian.org/News/2012/20120311.nb.html">Debian Edu
-based on Squeeze</a>, I came across some issues that should be
-addressed in the Wheezy release. I finally found time to wrap up my
-notes and provide quick summary of what I found, with a bit
-explanation.</p>
-
-<p><ul>
-
-<li>We need to rewrite our package installation framework, as tasksel
-changed from using tasksel tasks to using meta packages (aka packages
-with dependencies like our education-* packages), and our installation
-system depend on tasksel tasks in
-/usr/share/tasksel/debian-edu-tasks.desc for package
-installation.</li>
-
-<li>Enable Kerberos login for more services. Now with the Kerberos
-foundation in place, we should use it to get single sign on with more
-services, and avoiding unneeded password / login questions. We should
-at least try to enable it for these services:
-<ul>
-
- <li>CUPS for admins to add/configure printers and users when using
- quotas.</li>
- <li>Nagios for admins checking the system status.</li>
- <li>GOsa for admins updating LDAP and users changing their passwords.</li>
- <li>LDAP for admins updating LDAP.</li>
- <li>Squid for users when exam mode / filtering is active.</li>
- <li>ssh for admins and users to save a password prompt.</li>
-
-</ul></li>
-
-<li>When we move GOsa to use Kerberos instead of LDAP bind to
-authenticate users, we should try to block or at least limit access to
-use LDAP bind for authentication, to ensure Kerberos is used when it
-is intended, and nothing fall back to using the less safe LDAP bind</li>
-
-<li>Merge debian-edu-config and debian-edu-install. The split made
-sense when d-e-install did a lot more, but these days it is just an
-inconvenience when we update the debconf preseeding values.</li>
-
-<li>Fix partman-auto to allow us to abort the installation before
-touching the disk if the disk is too small. This is
-<a href="http://bugs.debian.org/653305">BTS report #653305</a> and the
-d-i developers are fine with the patch and someone just need to apply
-it and upload. After this is done we need to adjust
-debian-edu-install to use this new hook.</li>
-
-<li>Adjust to new LTSP framework (boot time config instead of install
-time config). LTSP changed its design, and our hooks to install
-packages and update the configuration is most likely not going to work
-in Wheezy.
-
-<li>Consider switching to NBD instead of NFS for LTSP root, to allow
-the Kernel to cache files in its normal file cache, possibly speeding
-up KDE login on slow networks.</li>
-
-<li>Make it possible to create expired user passwords that need to
-change on first login. This is useful when handing out password on
-paper, to make sure only the user know the password. This require
-fixes to the PAM handling of kdm and gdm.</li>
-
-<li>Make GUI for adding new machines automatically from sitesummary.
-The current command line script is not very friendly to people most
-familiar with GUIs. This should probably be integrated into GOsa to
-have it available where the admin will be looking for it..</li>
-
-<li>We should find way for Nagios to check that the DHCP service
-actually is working (as in handling out IP addresses). None of the
-Nagios checks I have found so far have been working for me.</li>
-
-<li>We should switch from libpam-nss-ldapd to sssd for all profiles
-using LDAP, and not only on for roaming workstations, to have less
-packages to configure and consistent setup across all profiles.</li>
-
-<li>We should configure Kerberos to update LDAP and Samba password
-when changing password using the Kerberos protocol. The hook was
-requested in <a href="http://bugs.debian.org/588968">BTS report
-#588968</a> and is now available in Wheezy. We might need to write a
-MIT Kerberos plugin in C to get this.</li>
-
-<li>We should clean up the set of applications installed by default.
-<ul>
-
-<li>reduce the number of chemistry visualisers</li>
-<li>consider dropping xpaint</li>
-<li>and probably more?</li>
-</ul></li>
-
-<li>Some hardware need external firmware to work properly. This is
-mostly the case for WiFi network cards, but there are some other
-examples too. For popular laptops to work out of the box, such
-firmware need to be installed from non-free, and we should provide
-some GUI to do this. Ubuntu already have this implemented, and we
-could consider using their packages. At the moment we have some
-command line script to do this (one for the running system, another
-for the LTSP chroot).</li>
-
-
-<li>In Squeeze, we provide KDE, Gnome and LXDE as desktop options. We
-should extend the list to Xfce and Sugar, and preferably find a way to
-install several and allow the admin or the user to select which one to
-use.</li>
-
-<li>The golearn tool from the goplay package make it easy to check out
-interesting educational packages. We should work on the package
-tagging in Debian to ensure it represent all the useful educational
-packages, and extend the tool to allow it to use packagekit to install
-new applications with a simple mouse click.</li>
-
-<li>The Squeeze version got half a exam solution already in place,
-with the introduction of iptable based network blocking, but for it to
-be a complete exam solution the Squid proxy need to enable
-filtering/blocking as well when the exam mode is enabled. We should
-implement a way to easily enable this for the schools that want it,
-instead of the "it is documented" method of today.</li>
-
-<li>A feature used in several schools is the ability for a teacher to
-"take over" the desktop of individual or all computers in the room.
-There are at least three implementations,
-<a href="italc.sourceforge.net/">italc</a>,
-<a href="http://www.itais.net/help/en/">controlaula</a> og
-<a href="http://www.epoptes.org/">epoptes</a> and we should pick one of
-them and make it trivial to set it up in a school. The challenges is
-how to distribute crypto keys and how to group computers in one room
-and how to set up which machine/user can control the machines in a
-given room.</li>
-
-<li>Tablets and surf boards are getting more and more popular, and we
-should look into providing a good solution for integrating these into
-the Debian Edu network. Not quite sure how. Perhaps we should
-provide a installation profile with better touch screen support for
-them, or add some sync services to allow them to exchange
-configuration and data with the central server. This should be
-investigated.</li>
-
-</ul></p>
-
-<p>I guess we will discover more as we continue to work on the Wheezy
-version.</p>
-</div>
- <div class="tags">
-
-
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
-
-
- </div>
- </div>
- <div class="padding"></div>
-
projects / homepage.git / blobdiff