- Petter Reinholdtsen + Petter Reinholdtsen

@@ -22,7 +22,7 @@

- Kerberos for Debian Edu/Squeeze? + Kerberos for Debian Edu/Squeeze?

2010-04-14 17:20 @@ -72,7 +72,7 @@ up in a few days.

- Tags: debian edu, english, nuug. + Tags: debian edu, english, nuug.

@@ -80,7 +80,7 @@ up in a few days.

- Great book: "Content: Selected Essays on Technology, Creativity, Copyright, and the Future of the Future" + Great book: "Content: Selected Essays on Technology, Creativity, Copyright, and the Future of the Future"

2010-04-19 17:10 @@ -106,13 +106,100 @@ strongly recommend this book.

- Tags: english, fildeling, nuug, opphavsrett, personvern, sikkerhet, web. + Tags: english, fildeling, nuug, opphavsrett, personvern, sikkerhet, web.

+ Thoughts on roaming laptop setup for Debian Edu +

+ 2010-04-28 20:40 +

+ +

For some years now, I have wondered how we should handle laptops in +Debian Edu. The Debian Edu infrastructure is mostly designed to +handle stationary computers, and less suited for computers that come +and go.

+ +

Now I finally believe I have an sensible idea on how to adjust +Debian Edu for laptops, by introducing a new profile for them, for +example called Roaming Workstations. Here are my thought on this. +The setup would consist of the following:

+ +

During installation, the user name of the owner / primary user of + the laptop is requested and a local home directory is set up for + the user, with uid and gid information fetched from the LDAP + server. This allow the user to work also when offline. The + central home directory can be available in a subdirectory on + request, for example mounted via CIFS. It could be mounted + automatically when a user log in while on the Debian Edu network, + and unmounted when the machine is taken away (network down, + hibernate, etc), it can be set up to do automatic mounting on + request (using autofs), or perhaps some GUI button on the desktop + can be used to access it when needed. Perhaps it is enough to use + the fish protocol in KDE?
Password checking is set up to use LDAP or Kerberos + authentication when the machine is on the Debian Edu network, and + to cache the password for offline checking when the machine unable + to reach the LDAP or Kerberos server. This can be done using + libpam-ccreds + or the Fedora developed + System + Security Services Daemon packages.
File synchronisation with the central home directory is set up + using a shared directory in both the local and the central home + directory, using unison.
Printing should be set up to print to all printers broadcasting + their existence on the local network, and should then work out of + the box with CUPS. For sites needing accurate printer quotas, some + system with Kerberos authentication or printing via ssh could be + implemented.
For users that should have local root access to their laptop, + sudo should be used to allow this to the local user.
It would be nice if user and group information from LDAP is + cached on the client, but given that there are entries for the + local user and primary group in /etc/, it should not be needed.

+ +

I believe all the pieces to implement this are in Debian/testing at +the moment. If we work quickly, we should be able to get this ready +in time for the Squeeze release to freeze. Some of the pieces need +tweaking, like libpam-ccreds should get support for pam-auth-update +(#566718) and nslcd (or +perhaps debian-edu-config) should get some integration code to stop +its daemon when the LDAP server is unavailable to avoid long timeouts +when disconnected from the net. If we get Kerberos enabled, we need +to make sure we avoid long timeouts there too.

+ +

If you want to help out with implementing this for Debian Edu, +please contact us on debian-edu@lists.debian.org.

+ +

+ + + + Tags: debian edu, english, nuug. + +

+ +

@@ -124,51 +211,65 @@ strongly recommend this book.

2010

2009

2008

@@ -179,53 +280,61 @@ strongly recommend this book.