Petter Reinholdtsen

Forcing new users to change their password on first login

Sun, 2 May 2010 13:40:00 +0200

One interesting feature in Active Directory, is the ability to -create a new user with an expired password, and thus force the user to -change the password on the first login attempt.

- -

I'm not quite sure how to do that with the LDAP setup in Debian -Edu, but did some initial testing with a local account. The account -and password aging information is available in /etc/shadow, but -unfortunately, it is not possible to specify an expiration time for -passwords, only a maximum age for passwords.

- -

A freshly created account (using adduser test) will have these -settings in /etc/shadow:

- -

-root@tjener:~# chage -l test
-Last password change                                    : May 02, 2010
-Password expires                                        : never
-Password inactive                                       : never
-Account expires                                         : never
-Minimum number of days between password change          : 0
-Maximum number of days between password change          : 99999
-Number of days of warning before password expires       : 7
-root@tjener:~#
-

- -

The only way I could come up with to create a user with an expired -account, is to change the date of the last password change to the -lowest value possible (January 1th 1970), and the maximum password age -to the difference in days between that date and today. To make it -simple, I went for 30 years (30 * 365 = 10950) and January 2th (to -avoid testing if 0 is a valid value).

- -

After using these commands to set it up, it seem to work as -intended:

- -

-root@tjener:~# chage -d 1 test; chage -M 10950 test
-root@tjener:~# chage -l test
-Last password change                                    : Jan 02, 1970
-Password expires                                        : never
-Password inactive                                       : never
-Account expires                                         : never
-Minimum number of days between password change          : 0
-Maximum number of days between password change          : 10950
-Number of days of warning before password expires       : 7
-root@tjener:~#  
-

- -

So far I have tested this with ssh and console, and kdm (in -Squeeze) login, and all ask for a new password before login in the -user (with ssh, I was thrown out and had to log in again).

- -

Perhaps we should set up something similar for Debian Edu, to make -sure only the user itself have the account password?

- -

If you want to comment on or help out with implementing this for -Debian Edu, please contact us on debian-edu@lists.debian.org.

For ca. et og et halvt Ã¥r siden +startet +jeg pÃ¥ et kart over overvÃ¥kningskamera i Norge, i regi av +personvernforeningen. Det har +blitt oppdatert regelmessing, og jeg oppdaterte det nettopp. Fra den +spede start med 22 kamera registrert er det nÃ¥ registrert 54 kamera. +Det er bare en brÃ¸kdel av de kamera som finnes i Norge, men det gÃ¥r +sakte men sikkert i riktig retning.

+ +

Informasjonen registreres fortsatt direkte inn i +OpenStreetmap, og hentes +automatisk over i + +nÃ¥r jeg kjÃ¸rer et script for Ã¥ filtrere ut overvÃ¥kningskamera fra +OSM-dumpen for Norge.

Thoughts on roaming laptop setup for Debian Edu

Wed, 28 Apr 2010 20:40:00 +0200

For some years now, I have wondered how we should handle laptops in -Debian Edu. The Debian Edu infrastructure is mostly designed to -handle stationary computers, and less suited for computers that come -and go.

- -

Now I finally believe I have an sensible idea on how to adjust -Debian Edu for laptops, by introducing a new profile for them, for -example called Roaming Workstations. Here are my thought on this. -The setup would consist of the following:

- -

During installation, the user name of the owner / primary user of - the laptop is requested and a local home directory is set up for - the user, with uid and gid information fetched from the LDAP - server. This allow the user to work also when offline. The - central home directory can be available in a subdirectory on - request, for example mounted via CIFS. It could be mounted - automatically when a user log in while on the Debian Edu network, - and unmounted when the machine is taken away (network down, - hibernate, etc), it can be set up to do automatic mounting on - request (using autofs), or perhaps some GUI button on the desktop - can be used to access it when needed. Perhaps it is enough to use - the fish protocol in KDE?

- -

Password checking is set up to use LDAP or Kerberos - authentication when the machine is on the Debian Edu network, and - to cache the password for offline checking when the machine unable - to reach the LDAP or Kerberos server. This can be done using - libpam-ccreds - or the Fedora developed - System - Security Services Daemon packages.
File synchronisation with the central home directory is set up - using a shared directory in both the local and the central home - directory, using unison.
Printing should be set up to print to all printers broadcasting - their existence on the local network, and should then work out of - the box with CUPS. For sites needing accurate printer quotas, some - system with Kerberos authentication or printing via ssh could be - implemented.
For users that should have local root access to their laptop, - sudo should be used to allow this to the local user.
It would be nice if user and group information from LDAP is - cached on the client, but given that there are entries for the - local user and primary group in /etc/, it should not be needed.

- -

I believe all the pieces to implement this are in Debian/testing at -the moment. If we work quickly, we should be able to get this ready -in time for the Squeeze release to freeze. Some of the pieces need -tweaking, like libpam-ccreds should get support for pam-auth-update -(#566718) and nslcd (or -perhaps debian-edu-config) should get some integration code to stop -its daemon when the LDAP server is unavailable to avoid long timeouts -when disconnected from the net. If we get Kerberos enabled, we need -to make sure we avoid long timeouts there too.

- -

If you want to help out with implementing this for Debian Edu, -please contact us on debian-edu@lists.debian.org.

Debatten rundt sporveiselskapet i Oslos (Ruter AS) Ã¸nske om +Ã¥ +radiomerke med RFID alle sine kunder og +registerere +hvor hver og en av oss beveger oss pÃ¥gÃ¥r, og en ting som har +kommet lite frem i debatten er at det faktisk er en menneskerett Ã¥ +kunne ferdes anonymt internt i ens eget land.

+ +

Fant en grei kilde for dette i et +skriv +fra Datatilsynet til Samferdselsdepartementet om tema:

+ +

Retten til Ã¥ ferdes anonymt kan utledes av +menneskerettskonvensjonen artikkel 8 og av EUs personverndirektiv. +Her heter det at enkeltpersoners grunnleggende rettigheter og frihet +mÃ¥ respekteres, sÃ¦rlig retten til privatlivets fred. I bÃ¥de +personverndirektivet og i den norske personopplysningsloven er +selvrÃ¥deretten til hver enkelt et av grunnprinsippene, hovedsaklig +uttrykt ved at en mÃ¥ gi et frivillig, informert og uttrykkelig +samtykke til behandling av personopplysninger.

+ +

For meg er det viktig at jeg kan ferdes anonymt, og det er litt av +bakgrunnen til at jeg handler med kontanter, ikke har mobiltelefon og +forventer Ã¥ kunne reise med bil og kollektivtrafikk uten at det blir +registrert hvor jeg har vÃ¦rt. Ruter angriper min rett til Ã¥ ferdes +uten radiopeiler med sin innfÃ¸ring av RFID-kort, og dokumenterer sitt +Ã¸nske om Ã¥ registrere hvor kundene befant seg ved Ã¥ Ã¸nske Ã¥ gebyrlegge +oss som ikke registrerer oss hver gang vi beveger oss med +kollektivtrafikken i Oslo. Jeg synes det er hÃ¥rreisende.

Great book: "Content: Selected Essays on Technology, Creativity, Copyright, and the Future of the Future"

Mon, 19 Apr 2010 17:10:00 +0200

The last few weeks i have had the pleasure of reading a -thought-provoking collection of essays by Cory Doctorow, on topics -touching copyright, virtual worlds, the future of man when the -conscience mind can be duplicated into a computer and many more. The -book titled "Content: Selected Essays on Technology, Creativity, -Copyright, and the Future of the Future" is available with few -restrictions on the web, for example from -his own site. I read the -epub-version from -feedbooks using -fbreader and my N810. I -strongly recommend this book.

A few days ago I had the mixed pleasure of bying a new digital +camera, a Canon IXUS 130. It was instructive and very disturbing to +be able to verify that also this camera producer have the nerve to +specify how I can or can not use the videos produced with the camera. +Even thought I was aware of the issue, the options with new cameras +are limited and I ended up bying the camera anyway. What is the +problem, you might ask? It is software patents, MPEG-4, H.264 and the +MPEG-LA that is the problem, and our right to record our experiences +without asking for permissions that is at risk. + +

On page 27 of the Danish instruction manual, this section is +written:

+ +

+
This product is licensed under AT&T patents for the MPEG-4 standard +and may be used for encoding MPEG-4 compliant video and/or decoding +MPEG-4 compliant video that was encoded only (1) for a personal and +non-commercial purpose or (2) by a video provider licensed under the +AT&T patents to provide MPEG-4 compliant video.
+ +
No license is granted or implied for any other use for MPEG-4 +standard.
+

+ +

In short, the camera producer have chosen to use technology +(MPEG-4/H.264) that is only provided if I used it for personal and +non-commercial purposes, or ask for permission from the organisations +holding the knowledge monopoly (patent) for technology used.

+ +

This issue has been brewing for a while, and I recommend you to +read +"Why +Our Civilization's Video Art and Culture is Threatened by the +MPEG-LA" by Eugenia Loli-Queru and +"H.264 Is Not +The Sort Of Free That Matters" by Simon Phipps to learn more about +the issue. The solution is to support the +free and +open standards for video, like Ogg +Theora, and avoid MPEG-4 and H.264 if you can.

Kerberos for Debian Edu/Squeeze?

Wed, 14 Apr 2010 17:20:00 +0200

Yesterdays -NUUG presentation about Kerberos was inspiring, and reminded me -about the need to start using Kerberos in Skolelinux. Setting up a -Kerberos server seem to be straight forward, and if we get this in -place a long time before the Squeeze version of Debian freezes, we -have a chance to migrate Skolelinux away from NFSv3 for the home -directories, and over to an architecture where the infrastructure do -not have to trust IP addresses and machines, and instead can trust -users and cryptographic keys instead.

- -

A challenge will be integration and administration. Is there a -Kerberos implementation for Debian where one can control the -administration access in Kerberos using LDAP groups? With it, the -school administration will have to maintain access control using flat -files on the main server, which give a huge potential for errors.

- -

A related question I would like to know is how well Kerberos and -pam-ccreds (offline password check) work together. Anyone know?

- -

Next step will be to use Kerberos for access control in Lwat and -Nagios. I have no idea how much work that will be to implement. We -would also need to document how to integrate with Windows AD, as such -shared network will require two Kerberos realms that need to cooperate -to work properly.

- -

I believe a good start would be to start using Kerberos on the -skolelinux.no machines, and this way get ourselves experience with -configuration and integration. A natural starting point would be -setting up ldap.skolelinux.no as the Kerberos server, and migrate the -rest of the machines from PAM via LDAP to PAM via Kerberos one at the -time.

- -

If you would like to contribute to get this working in Skolelinux, -I recommend you to see the video recording from yesterdays NUUG -presentation, and start using Kerberos at home. The video show show -up in a few days.

Jeg ble riktig fascinert av +en +artikkel i Aftenposten om hvor hardt Navteq jobber for Ã¥ oppdatere +kartene som brukes i navigasjons-GPSer, der det blant annet heter at +"pÃ¥ grunn av teknikken tar det alt fra tre til tolv mÃ¥neder fÃ¸r +kartene er oppdatert". NÃ¥r en kjenner hva slags oppdateringshastighet +som er tilgjengelig pÃ¥ +OpenStreetmap som +oppdateres pÃ¥ dugnad, blir det litt trist Ã¥ se hva noe av det beste en +kan kjÃ¸pe for penger fÃ¥r til.

+ +

Fra en endrer kartdataene i databasen til OpenStreetmap tar det +ca. 15 minutter fÃ¸r endringen er synlig pÃ¥ kartet som alle kan se pÃ¥ +web. Dernest overfÃ¸res det daglig til en kartdump som lastes ned av +personen som lager Garmin-kart for Norge ca. en gang i uken. Med +OpenStreetmap.org og Frikart.no +kan en altsÃ¥ ha korreksjonene pÃ¥ plass i sin Garmin-GPS i lÃ¸pet av en +uke. Det er ogsÃ¥ av tekniske Ã¥rsaker at det tar sÃ¥ langt tid. +Jobbene som tegner kartene, henter ut kartdumpene og konverterer til +Garmin-format tar minutter og timer Ã¥ gjennomfÃ¸re, slik at de ikke +gjÃ¸res kontinuerlig men kun regelmessing.

PÃ¥ vegne av vanvitting mange, Aftenposten!

Sat, 6 Mar 2010 21:15:00 +0100

Aftenposten -melder pÃ¥ forsiden av webavisen sin at de tror Erling Fossen -provoserer nordlendinger med sine uttalelser pÃ¥ -fotballtinget. Jeg er utflyttet nordlending, og mÃ¥ innrÃ¸mme at jeg -ikke kjennet sÃ¥ mye som et snev av provokasjon fra denne litt morsomme -uttalelsen til Hr. Fossen. Lurer pÃ¥ om Aftenposten har noen kilder -utenom redaksjonen for sin pÃ¥stand om at nordledinger er provosert av -Hr. Fossen. MÃ¥ innrÃ¸mme at jeg tviler pÃ¥ det.

- -

Det hele bringer tankene tilbake til Sture Hansen i Hallo i Uken.

In the Debian +popularity-contest numbers, the adobe-flashplugin package the +second most popular used package that is missing in Debian. The sixth +most popular is flashplayer-mozilla. This is a clear indication that +working flash is important for Debian users. Around 10 percent of the +users submitting data to popcon.debian.org have this package +installed.

+ +

In the report written by Lars Risan in August 2008 +(Â«Skolelinux +i bruk â Rapport for Hurum kommune, Universitetet i Agder og +stiftelsen SLX Debian LabsÂ»), one of the most important problems +schools experienced with Debian +Edu/Skolelinux was the lack of working Flash. A lot of educational +web sites require Flash to work, and lacking working Flash support in +the web browser and the problems with installing it was perceived as a +good reason to stay with Windows.

+ +

I once saw a funny and sad comment in a web forum, where Linux was +said to be the retarded cousin that did not really understand +everything you told him but could work fairly well. This was a +comment regarding the problems Linux have with proprietary formats and +non-standard web pages, and is sad because it exposes a fairly common +understanding of whose fault it is if web pages that only work in for +example Internet Explorer 6 fail to work on Firefox, and funny because +it explain very well how annoying it is for users when Linux +distributions do not work with the documents they receive or the web +pages they want to visit.

+ +

This is part of the reason why I believe it is important for Debian +and Debian Edu to have a well working Flash implementation in the +distribution, to get at least popular sites as Youtube and Google +Video to working out of the box. For Squeeze, Debian have the chance +to include the latest version of Gnash that will make this happen, as +the new release 0.8.8 was published a few weeks ago and is resting in +unstable. The new version work with more sites that version 0.8.7. +The Gnash maintainers have asked for a freeze exception, but the +release team have not had time to reply to it yet. I hope they agree +with me that Flash is important for the Debian desktop users, and thus +accept the new package into Squeeze.

After 6 years of waiting, the Xreset.d feature is implemented

Sat, 6 Mar 2010 18:15:00 +0100

6 years ago, as part of the Debian Edu development I am involved -in, I asked for a hook in the kdm and gdm setup to run scripts as root -when the user log out. A bug was submitted against the xfree86-common -package in 2004 (#230422), -and revisited every time Debian Edu was working on a new release. -Today, this finally paid off.

- -

The framework for this feature was today commited to the git -repositry for the xorg package, and the git repository for xdm has -been updated to use this framework. Next on my agenda is to make sure -kdm and gdm also add code to use this framework.

- -

In Debian Edu, we want to ability to run commands as root when the -user log out, to get rid of runaway processes and do general cleanup -after a user. With this framework in place, we finally can do that in -a generic way that work with all display managers using this -framework. My goal is to get all display managers in Debian use it, -similar to how they use the Xsession.d framework today.

This evening I made my first Perl GUI application. The last few +days I have worked on a Perl module for controlling my recently +aquired Spykee robots, and the module is now getting complete enought +that it is possible to use it to control the robot driving at least. +It was now time to figure out how to use it to create some GUI to +allow me to drive the robot around. I picked PerlQt as I have had +positive experiences with the Qt API before, and spent a few minutes +browsing the web for examples. Using Qt Designer seemed like a short +cut, so I ended up writing the perl GUI using Qt Designer and +compiling it into a perl program using the puic program from +libqt-perl. Nothing fancy yet, but it got buttons to connect and +drive around.

+ +

The perl module I have written provide a object oriented API for +controlling the robot. Here is an small example on how to use it:

+ +

+use Spykee;
+Spykee::discover(sub {$robot{$_[0]} = $_[1]});
+my $host = (keys %robot)[0];
+my $spykee = Spykee->new();
+$spykee->contact($host, "admin", "admin");
+$spykee->left();
+sleep 2;
+$spykee->right();
+sleep 2;
+$spykee->forward();
+sleep 2;
+$spykee->back();
+sleep 2;
+$spykee->stop();
+

+ +

Thanks to the release of the source of the robot firmware, I could +peek into the implementation at the other end to figure out how to +implement the protocol used by the robot. I've implemented several of +the commands the robot understand, but is still missing the camera +support to make it possible to control the robot from remote. First I +want to implement support for uploading new firmware and configuring +the wireless network, to make it possible to bootstrap a Spykee robot +without the producers Windows and MacOSX software (I only have Linux, +so I had to ask a friend to come over to get the robot testing +going. :).

+ +

Will release the source to the public soon, but need to figure out +where to make it available first. I will add a link to +the NUUG wiki for +those that want to check back later to find it.

Digitale bÃ¸ker uten digitale restriksjonsmekanismer (DRM) bÃ¸r fÃ¥ mva-fritak

Wed, 3 Mar 2010 19:00:00 +0100

Den norske bokbransjen har -bedt om at -digitale bÃ¸ker mÃ¥ fÃ¥ mva-fritak slik papirbÃ¸ker har det, og -finansdepartementet -har sagt nei. Det er et interessant spÃ¸rsmÃ¥l om digitale bÃ¸ker -bÃ¸r ha mva-fritak eller ikke, og svaret er ikke sÃ¥ enkelt som et ja -eller nei. -Enkelte -medlemmer av bokbransjen truer med Ã¥ droppe den planlagte -lanseringen av norske digitale bÃ¸ker med digitale restriksjonsmekanismer -(DRM) som de har snakket om Ã¥ gjennomfÃ¸re nÃ¥ i vÃ¥r, og det mÃ¥ de -gjerne gjÃ¸re for min del.

- -

PapirbÃ¸ker har mva-fritak pga. at de fremmer kultur- og -kunnskapsspredning. Digitale bÃ¸ker uten digitale -restriksjonsmekanismer (DRM) fremmer kultur- og kunnskapsspredning, -mens digitale bÃ¸ker med DRM hindrer kultur og kunnskapsspredning. -Digitale bÃ¸ker uten DRM bÃ¸r fÃ¥ mva-fritak da det er salg av bÃ¸ker pÃ¥ -lik linje med salg av papirbÃ¸ker, mens digitale bÃ¸ker med DRM ikke bÃ¸r -fÃ¥ det da det er utleie av bÃ¸ker og ikke salg.

- -

Jeg foretrekker Ã¥ kjÃ¸pe bÃ¸ker, og velger dermed Ã¥ la vÃ¦re Ã¥ bruke -DRM-belastede digitale bÃ¸ker. Vet ikke helt hva jeg ville vÃ¦re villig -til Ã¥ betale for Ã¥ leie en bok, men tror ikke det er mange kronene. -Heldigvis er det mye bÃ¸ker tilgjengelig uten slike restriksjoner, og -de som vil ha tak i engelske bÃ¸ker kan laste ned bÃ¸ker som er -tilgjengelig uten bruksbegresninger fra The -Internet Archive. Der er det pr. i dag 1 889 313 bÃ¸ker -tilgjengelig. De er tilgjengelig i flere formater. BesÃ¸k -oversikten over tekster -der for Ã¥ se hva de har. +

Ble tipset i dag om at et forslag om Ã¥ stoppe forsÃ¸kene med +elektronisk stemmegiving utenfor valglokaler er +til +behandling i Stortinget. +Forslaget +er fremmet av Erna Solberg, Michael Tetzschner og Trond Helleland.

+ +

HÃ¥per det fÃ¥r flertall.

Debian Edu / Skolelinux based on Lenny released, work continues

Thu, 11 Feb 2010 17:15:00 +0100

On Tuesday, the Debian/Lenny based version of -Skolelinux was finally -shipped. This was a major leap forward for the project, and I am very -pleased that we finally got the release wrapped up. Work on the first -point release starts imediately, as we plan to get that one out a -month after the major release, to include all fixes for bugs we found -and fixed too late in the release process to include last Tuesday.

- -

Perhaps it even is time for some partying?

- -

After this first point release, my plan is to focus again on the -next major release, based on Squeeze. We will try to get as many of -the fixes we need into the official Debian packages before the freeze, -and have just a few weeks or months to make it happen.

Just got an email from Tobias Gruetzmacher as a followup on my +previous +post about sshfs. He reported another problem with sshfs. It +fail to handle hard links properly. A simple way to spot this is to +look at the . and .. entries in the directory tree. These should have +a link count >1, but on sshfs the count is 1. I just tested to see +what happen when trying to hardlink, and this fail as well:

+ +

+% ln foo bar
+ln: creating hard link `bar' => `foo': Function not implemented
+%
+

+ +

I have not yet found time to implement a test for this in my file +system test code, but believe having working hard links is useful to +avoid surprised unix programs. Not as useful as working file locking +and symlinks, which are required to get a working desktop, but useful +nevertheless. :)

+ +

The latest version of the file system test code is available via +git from +http://github.com/gebi/fs-test

Danmark gÃ¥r for ODF?

Fri, 29 Jan 2010 12:00:00 +0100

Ble nettopp gjort oppmerksom pÃ¥ en -nyhet fra Version2 -fra Danmark, der det hevdes at Folketinget har vedtatt at ODF skal -brukes som dokumentutvekslingsformat i Staten.

- -

Hyggelig lesning, spesielt hvis det viser seg at de av vedtatt -kravlisten for hva som skal aksepteres som referert i kommentarfeltet -til artikkelen og -en -annen artikkel i samme nett-avis. Liker spesielt godt denne:

- -

Det skal demonstreres, at standarden i sin helhed kan -implementeres af alle direkte i sin helhed pÃ¥ flere -platforme.

- -

Noe slikt burde vÃ¦re et krav ogsÃ¥ i Norge.

Jeg skrev for et halvt Ã¥r siden hvordan +samfunnet +kaster bort ressurser pÃ¥ sikkerhetstiltak som ikke fungerer. Kom +nettopp over en +historie +fra en pilot fra USA som kommenterer det samme. Jeg mistenker det +kun er uvitenhet og autoritetstro som gjÃ¸r at sÃ¥ fÃ¥ protesterer. Har +veldig sans for piloten omtalt i Aftenposten 2007-10-23, +og skulle Ã¸nske flere rettet oppmerksomhet mot problemet. Det gir +ikke meg trygghetsfÃ¸lelse pÃ¥ flyplassene nÃ¥r jeg ser at +flyplassadministrasjonen kaster bort folk, penger og tid pÃ¥ tull i +stedet for ting som bidrar til reell Ã¸kning av sikkerheten. Det +forteller meg jo at vurderingsevnen til de som burde bidra til Ã¸kt +sikkerhet er svÃ¦rt sviktende, noe som ikke taler godt for de andre +tiltakene.

+ +

Mon tro hva som skjer hvis det fantes en enkel brosjyre Ã¥ skrive ut +fra Internet som forklarte hva som er galt med sikkerhetsopplegget pÃ¥ +flyplassene, og folk skrev ut og la en bunke pÃ¥ flyplassene nÃ¥r de +passerte. Kanskje det ville fÃ¥tt flere til Ã¥ fÃ¥ Ã¸ynene opp for +problemet.

+ +

Personlig synes jeg flyopplevelsen er blitt sÃ¥ avskyelig at jeg +forsÃ¸ker Ã¥ klare meg med tog, bil og bÃ¥t for Ã¥ slippe ubehaget. Det +er dog noe vanskelig i det langstrakte Norge og for Ã¥ kunne besÃ¸ke de +delene av verden jeg Ã¸nsker Ã¥ nÃ¥. Mistenker at flere har det slik, og +at dette gÃ¥r ut over inntjeningen til flyselskapene. Det er antagelig +en god ting sett fra et miljÃ¸perspektiv, men det er en annen sak.

Automatic Munin and Nagios configuration

Wed, 27 Jan 2010 15:15:00 +0100

One of the new features in the next Debian/Lenny based release of -Debian Edu/Skolelinux, which is scheduled for release in the next few -days, is automatic configuration of the service monitoring system -Nagios. The previous release had automatic configuration of trend -analysis using Munin, and this Lenny based release take that a step -further.

- -

When installing a Debian Edu Main-server, it is automatically -configured as a Munin and Nagios server. In addition, it is -configured to be a server for the -SiteSummary -system I have written for use in Debian Edu. The SiteSummary -system is inspired by a system used by the University of Oslo where I -work. In short, the system provide a centralised collector of -information about the computers on the network, and a client on each -computer submitting information to this collector. This allow for -automatic information on which packages are installed on each machine, -which kernel the machines are using, what kind of configuration the -packages got etc. This also allow us to automatically generate Munin -and Nagios configuration.

- -

All computers reporting to the sitesummary collector with the -munin-node package installed is automatically enabled as a Munin -client and graphs from the statistics collected from that machine show -up automatically on http://www/munin/ on the Main-server.

- -

All non-laptop computers reporting to the sitesummary collector are -automatically monitored for network presence (ping and any network -services detected). In addition, all computers (also laptops) with -the nagios-nrpe-server package installed and configured the way -sitesummary would configure it, are monitored for full disks, software -raid status, swap free and other checks that need to run locally on -the machine.

- -

The result is that the administrator on a school using Debian Edu -based on Lenny will be able to check the health of his installation -with one look at the Nagios settings, without having to spend any time -keeping the Nagios configuration up-to-date.

- -

The only configuration one need to do to get Nagios up and running -is to set the password used to get access via HTTP. The system -administrator need to run "htpasswd /etc/nagios3/htpasswd.users -nagiosadmin" to create a nagiosadmin user and set a password for -it to be able to log into the Nagios web pages. After that, -everything is taken care of.

Denne hÃ¸sten skal endelig alle Osloskolene fÃ¥ mulighet til Ã¥ bruke +Skolelinux. Ny IT-lÃ¸sning +har vÃ¦rt rullet ut i noen mÃ¥neder nÃ¥, og sÃ¥ vidt jeg fikk vite fÃ¸r +sommeren skulle alle skoler ha nytt opplegg pÃ¥ plass fÃ¸r oppstart nÃ¥ i +hÃ¸st. PÃ¥ alle skolene skal en kunne velge ved installasjon om en skal +ha Windows eller Skolelinux pÃ¥ maskinene, og en kan i tillegg +PXE-boote maskinene over nett som tynne klienter eller disklÃ¸se +arbeidsstasjoner. Jeg er spent pÃ¥ hvor mange skoler som velger Ã¥ ta i +bruk Skolelinux, og gleder meg til Ã¥ se hvordan dette utvikler seg. +LÃ¸sningen leveres av +Logica med +Skolelinux Drift AS som +underleverandÃ¸r, og jeg har vÃ¦rt involvert i utviklingen av lÃ¸sningen +via Skolelinux Drift AS siden prosjektet starter. Jeg synes det er +fantastisk at Skolelinux er kommet sÃ¥ langt siden vi startet i 2001 at +alle elevene i Osloskolene nÃ¥ skal fÃ¥ mulighet til Ã¥ bruke +lÃ¸sningen. Jeg hÃ¥per de vil sette pris pÃ¥ alle de +fantastiske +brukerprogrammene som er tilgjengelig i Skolelinux.