Thoughts on roaming laptop setup for Debian Edu

Wed, 28 Apr 2010 20:40:00 +0200

For some years now, I have wondered how we should handle laptops in +Debian Edu. The Debian Edu infrastructure is mostly designed to +handle stationary computers, and less suited for computers that come +and go.

+ +

Now I finally believe I have an sensible idea on how to adjust +Debian Edu for laptops, by introducing a new profile for them, for +example called Roaming Workstations. Here are my thought on this. +The setup would consist of the following:

+ +

During installation, the user name of the owner / primary user of + the laptop is requested and a local home directory is set up for + the user, with uid and gid information fetched from the LDAP + server. This allow the user to work also when offline. The + central home directory can be available in a subdirectory on + request, for example mounted via CIFS. It could be mounted + automatically when a user log in while on the Debian Edu network, + and unmounted when the machine is taken away (network down, + hibernate, etc), it can be set up to do automatic mounting on + request (using autofs), or perhaps some GUI button on the desktop + can be used to access it when needed. Perhaps it is enough to use + the fish protocol in KDE?
Password checking is set up to use LDAP or Kerberos + authentication when the machine is on the Debian Edu network, and + to cache the password for offline checking when the machine unable + to reach the LDAP or Kerberos server. This can be done using + libpam-ccreds + or the Fedora developed + System + Security Services Daemon packages.
File synchronisation with the central home directory is set up + using a shared directory in both the local and the central home + directory, using unison.
Printing should be set up to print to all printers broadcasting + their existence on the local network, and should then work out of + the box with CUPS. For sites needing accurate printer quotas, some + system with Kerberos authentication or printing via ssh could be + implemented.
For users that should have local root access to their laptop, + sudo should be used to allow this to the local user.
It would be nice if user and group information from LDAP is + cached on the client, but given that there are entries for the + local user and primary group in /etc/, it should not be needed.

+ +

I believe all the pieces to implement this are in Debian/testing at +the moment. If we work quickly, we should be able to get this ready +in time for the Squeeze release to freeze. Some of the pieces need +tweaking, like libpam-ccreds should get support for pam-auth-update +(#566718) and nslcd (or +perhaps debian-edu-config) should get some integration code to stop +its daemon when the LDAP server is unavailable to avoid long timeouts +when disconnected from the net. If we get Kerberos enabled, we need +to make sure we avoid long timeouts there too.

+ +

If you want to help out with implementing this for Debian Edu, +please contact us on debian-edu@lists.debian.org.

Great book: "Content: Selected Essays on Technology, Creativity, Copyright, and the Future of the Future"

Mon, 19 Apr 2010 17:10:00 +0200

The last few weeks i have had the pleasure of reading a +thought-provoking collection of essays by Cory Doctorow, on topics +touching copyright, virtual worlds, the future of man when the +conscience mind can be duplicated into a computer and many more. The +book titled "Content: Selected Essays on Technology, Creativity, +Copyright, and the Future of the Future" is available with few +restrictions on the web, for example from +his own site. I read the +epub-version from +feedbooks using +fbreader and my N810. I +strongly recommend this book.

Petter Reinholdtsen - Entries from April 2010

Thoughts on roaming laptop setup for Debian Edu

Great book: "Content: Selected Essays on Technology, Creativity, Copyright, and the Future of the Future"