X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/525c8f4d5fe33e5fec2c764cf123c4b2fffeba52..a0a971f55f61855eb0b27b68176b325f2a65995f:/blog/archive/2010/04/index.html

diff --git a/blog/archive/2010/04/index.html b/blog/archive/2010/04/index.html
index 3710705b4e..007a1b2e8c 100644
--- a/blog/archive/2010/04/index.html
+++ b/blog/archive/2010/04/index.html
@@ -21,94 +21,6 @@
 
     <h3>Entries from April 2010.</h3>
     
-    <div class="entry">
-      <div class="title">
-        <a href="http://people.skolelinux.org/pere/blog/Kerberos_for_Debian_Edu_Squeeze_.html">Kerberos for Debian Edu/Squeeze?</a>
-      </div>
-      <div class="date">
-        14th April 2010
-      </div>
-      <div class="body">
-        <p><a href="http://www.nuug.no/aktiviteter/20100413-kerberos/">Yesterdays
-NUUG presentation</a> about Kerberos was inspiring, and reminded me
-about the need to start using Kerberos in Skolelinux.  Setting up a
-Kerberos server seem to be straight forward, and if we get this in
-place a long time before the Squeeze version of Debian freezes, we
-have a chance to migrate Skolelinux away from NFSv3 for the home
-directories, and over to an architecture where the infrastructure do
-not have to trust IP addresses and machines, and instead can trust
-users and cryptographic keys instead.</p>
-
-<p>A challenge will be integration and administration.  Is there a
-Kerberos implementation for Debian where one can control the
-administration access in Kerberos using LDAP groups?  With it, the
-school administration will have to maintain access control using flat
-files on the main server, which give a huge potential for errors.</p>
-
-<p>A related question I would like to know is how well Kerberos and
-pam-ccreds (offline password check) work together.  Anyone know?</p>
-
-<p>Next step will be to use Kerberos for access control in Lwat and
-Nagios.  I have no idea how much work that will be to implement.  We
-would also need to document how to integrate with Windows AD, as such
-shared network will require two Kerberos realms that need to cooperate
-to work properly.</p>
-
-<p>I believe a good start would be to start using Kerberos on the
-skolelinux.no machines, and this way get ourselves experience with
-configuration and integration.  A natural starting point would be
-setting up ldap.skolelinux.no as the Kerberos server, and migrate the
-rest of the machines from PAM via LDAP to PAM via Kerberos one at the
-time.</p>
-
-<p>If you would like to contribute to get this working in Skolelinux,
-I recommend you to see the video recording from yesterdays NUUG
-presentation, and start using Kerberos at home.  The video show show
-up in a few days.</p>
-
-      </div>
-      <div class="tags">
-        
-        
-        Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
-        
-        
-      </div>
-    </div>
-    <div class="padding"></div>
-    
-    <div class="entry">
-      <div class="title">
-        <a href="http://people.skolelinux.org/pere/blog/Great_book___Content__Selected_Essays_on_Technology__Creativity__Copyright__and_the_Future_of_the_Future_.html">Great book: "Content: Selected Essays on Technology, Creativity, Copyright, and the Future of the Future"</a>
-      </div>
-      <div class="date">
-        19th April 2010
-      </div>
-      <div class="body">
-        <p>The last few weeks i have had the pleasure of reading a
-thought-provoking collection of essays by Cory Doctorow, on topics
-touching copyright, virtual worlds, the future of man when the
-conscience mind can be duplicated into a computer and many more. The
-book titled "Content: Selected Essays on Technology, Creativity,
-Copyright, and the Future of the Future" is available with few
-restrictions on the web, for example from
-<a href="http://craphound.com/content/">his own site</a>. I read the
-epub-version from
-<a href="http://www.feedbooks.com/book/2883">feedbooks</a> using
-<a href="http://www.fbreader.org/">fbreader</a> and my N810. I
-strongly recommend this book.</p>
-
-      </div>
-      <div class="tags">
-        
-        
-        Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/web">web</a>.
-        
-        
-      </div>
-    </div>
-    <div class="padding"></div>
-    
     <div class="entry">
       <div class="title">
         <a href="http://people.skolelinux.org/pere/blog/Thoughts_on_roaming_laptop_setup_for_Debian_Edu.html">Thoughts on roaming laptop setup for Debian Edu</a>
@@ -194,6 +106,94 @@ please contact us on debian-edu@lists.debian.org.</p>
     </div>
     <div class="padding"></div>
     
+    <div class="entry">
+      <div class="title">
+        <a href="http://people.skolelinux.org/pere/blog/Great_book___Content__Selected_Essays_on_Technology__Creativity__Copyright__and_the_Future_of_the_Future_.html">Great book: "Content: Selected Essays on Technology, Creativity, Copyright, and the Future of the Future"</a>
+      </div>
+      <div class="date">
+        19th April 2010
+      </div>
+      <div class="body">
+        <p>The last few weeks i have had the pleasure of reading a
+thought-provoking collection of essays by Cory Doctorow, on topics
+touching copyright, virtual worlds, the future of man when the
+conscience mind can be duplicated into a computer and many more. The
+book titled "Content: Selected Essays on Technology, Creativity,
+Copyright, and the Future of the Future" is available with few
+restrictions on the web, for example from
+<a href="http://craphound.com/content/">his own site</a>. I read the
+epub-version from
+<a href="http://www.feedbooks.com/book/2883">feedbooks</a> using
+<a href="http://www.fbreader.org/">fbreader</a> and my N810. I
+strongly recommend this book.</p>
+
+      </div>
+      <div class="tags">
+        
+        
+        Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/web">web</a>.
+        
+        
+      </div>
+    </div>
+    <div class="padding"></div>
+    
+    <div class="entry">
+      <div class="title">
+        <a href="http://people.skolelinux.org/pere/blog/Kerberos_for_Debian_Edu_Squeeze_.html">Kerberos for Debian Edu/Squeeze?</a>
+      </div>
+      <div class="date">
+        14th April 2010
+      </div>
+      <div class="body">
+        <p><a href="http://www.nuug.no/aktiviteter/20100413-kerberos/">Yesterdays
+NUUG presentation</a> about Kerberos was inspiring, and reminded me
+about the need to start using Kerberos in Skolelinux.  Setting up a
+Kerberos server seem to be straight forward, and if we get this in
+place a long time before the Squeeze version of Debian freezes, we
+have a chance to migrate Skolelinux away from NFSv3 for the home
+directories, and over to an architecture where the infrastructure do
+not have to trust IP addresses and machines, and instead can trust
+users and cryptographic keys instead.</p>
+
+<p>A challenge will be integration and administration.  Is there a
+Kerberos implementation for Debian where one can control the
+administration access in Kerberos using LDAP groups?  With it, the
+school administration will have to maintain access control using flat
+files on the main server, which give a huge potential for errors.</p>
+
+<p>A related question I would like to know is how well Kerberos and
+pam-ccreds (offline password check) work together.  Anyone know?</p>
+
+<p>Next step will be to use Kerberos for access control in Lwat and
+Nagios.  I have no idea how much work that will be to implement.  We
+would also need to document how to integrate with Windows AD, as such
+shared network will require two Kerberos realms that need to cooperate
+to work properly.</p>
+
+<p>I believe a good start would be to start using Kerberos on the
+skolelinux.no machines, and this way get ourselves experience with
+configuration and integration.  A natural starting point would be
+setting up ldap.skolelinux.no as the Kerberos server, and migrate the
+rest of the machines from PAM via LDAP to PAM via Kerberos one at the
+time.</p>
+
+<p>If you would like to contribute to get this working in Skolelinux,
+I recommend you to see the video recording from yesterdays NUUG
+presentation, and start using Kerberos at home.  The video show show
+up in a few days.</p>
+
+      </div>
+      <div class="tags">
+        
+        
+        Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
+        
+        
+      </div>
+    </div>
+    <div class="padding"></div>
+    
     <p style="text-align: right;"><a href="04.rss"><img src="http://people.skolelinux.org/pere/blog/xml.gif" alt="RSS Feed" width="36" height="14" /></a></p>
     <div id="sidebar">
       
