+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html>
+ <head>
+ <title>Petter Reinholdtsen: Thoughts on roaming laptop setup for Debian Edu</title>
+ <link rel="stylesheet" type="text/css" media="screen" href="style.css">
+ </head>
+ <body>
+
+ <div class="title">
+ <h1>
+ <a href="">Petter Reinholdtsen</a>
+
+ </h1>
+
+ </div>
+
+
+ <div class="entry">
+ <div class="title">Thoughts on roaming laptop setup for Debian Edu</div>
+ <div class="date">2010-04-28 20:40</div>
+ <div class="body">
+<p>For some years now, I have wondered how we should handle laptops in
+Debian Edu. The Debian Edu infrastructure is mostly designed to
+handle stationary computers, and less suited for computers that come
+and go.</p>
+
+<p>Now I finally believe I have an sensible idea on how to adjust
+Debian Edu for laptops, by introducing a new profile for them, for
+example called Roaming Workstations. Here are my thought on this.
+The setup would consist of the following:</p>
+
+<ul>
+
+ <li>During installation, the user name of the owner / primary usre of
+ the laptop is requested and a local home directory is set up for
+ the user, with uid and gid information fetched from the LDAP
+ server. This allow the user to work also when offline. The
+ central home directory can be available in a subdirectory on
+ request, for example mounted via CIFS. It could be mounted
+ automatically when a user log in while on the Debian Edu network,
+ and unmounted when the machine is taken away (network down,
+ hibernate, etc), it can be set up to do automatic mounting on
+ request (using autofs), or perhaps some GUI button on the desktop
+ can be used to access it when needed. Perhaps it is enough to use
+ the fish protocol in KDE?</li>
+
+ <li>Password checking is set up to use LDAP or Kerberos
+ authentication when the machine is on the Debian Edu network, and
+ to cache the password for offline checking when the machine unable
+ to reach the LDAP or Kerberos server. This can be done using
+ <a href="http://www.padl.com/OSS/pam_ccreds.html">libpam-ccreds</a>
+ or the Fedora developed
+ <a href="https://fedoraproject.org/wiki/Features/SSSD">System
+ Security Services Daemon</a> packages.</li>
+
+ <li>File synchronisation with the central home directory is set up
+ using a shared directory in both the local and the central home
+ directory, using unison.</li>
+
+ <li>Printing should be set up to print to all printers broadcasting
+ their existence on the local network, and should then work out of
+ the box with CUPS. For sites needing accurate printer quotas, some
+ system with Kerberos authentication or printing via ssh could be
+ implemented.</li>
+
+ <li>For users that should have local root access to their laptop,
+ sudo should be used to allow this to the local user.</li>
+
+ <li>It would be nice if user and group information from LDAP is
+ cached on the client, but given that there are entries for the
+ local user and primary group in /etc/, it should not be needed.</li>
+
+</ul>
+
+<p>I believe all the pieces to implement this are in Debian/testing at
+the moment. If we work quickly, we should be able to get this ready
+in time for the Squeeze release to freeze. Some of the pieces need
+tweaking, like libpam-ccreds should get support for pam-auth-update
+(<a href="http://bugs.debian.org/566718">#566718</a>) and nslcd (or
+perhaps debian-edu-config) should get some integration code to stop
+its daemon when the LDAP server is unavailable to avoid long timeouts
+when disconnected from the net. If we get Kerberos enabled, we need
+to make sure we avoid long timeouts there too.</p>
+
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
+</div>
+
+ <div class="tags">Tags: <a href="tags/debian edu">debian edu</a>, <a href="tags/english">english</a>, <a href="tags/nuug">nuug</a>.</div>
+
+ </div>
+
+
+
+
+
+
+<div id="sidebar">
+
+<h2>Archive</h2>
+<ul>
+
+<li>2010
+<ul>
+
+<li><a href="archive/2010/01/">January (2)</a></li>
+
+<li><a href="archive/2010/02/">February (1)</a></li>
+
+<li><a href="archive/2010/03/">March (3)</a></li>
+
+<li><a href="archive/2010/04/">April (3)</a></li>
+
+</ul></li>
+
+<li>2009
+<ul>
+
+<li><a href="archive/2009/01/">January (8)</a></li>
+
+<li><a href="archive/2009/02/">February (8)</a></li>
+
+<li><a href="archive/2009/03/">March (12)</a></li>
+
+<li><a href="archive/2009/04/">April (10)</a></li>
+
+<li><a href="archive/2009/05/">May (9)</a></li>
+
+<li><a href="archive/2009/06/">June (3)</a></li>
+
+<li><a href="archive/2009/07/">July (4)</a></li>
+
+<li><a href="archive/2009/08/">August (3)</a></li>
+
+<li><a href="archive/2009/09/">September (1)</a></li>
+
+<li><a href="archive/2009/10/">October (2)</a></li>
+
+<li><a href="archive/2009/11/">November (3)</a></li>
+
+<li><a href="archive/2009/12/">December (3)</a></li>
+
+</ul></li>
+
+<li>2008
+<ul>
+
+<li><a href="archive/2008/11/">November (5)</a></li>
+
+<li><a href="archive/2008/12/">December (7)</a></li>
+
+</ul></li>
+
+</ul>
+
+
+
+<h2>Tags</h2>
+<ul>
+
+ <li><a href="tags/3d-printer">3d-printer (11)</a></li>
+
+ <li><a href="tags/amiga">amiga (1)</a></li>
+
+ <li><a href="tags/aros">aros (1)</a></li>
+
+ <li><a href="tags/debian">debian (14)</a></li>
+
+ <li><a href="tags/debian edu">debian edu (14)</a></li>
+
+ <li><a href="tags/english">english (23)</a></li>
+
+ <li><a href="tags/fiksgatami">fiksgatami (1)</a></li>
+
+ <li><a href="tags/fildeling">fildeling (6)</a></li>
+
+ <li><a href="tags/kart">kart (2)</a></li>
+
+ <li><a href="tags/lenker">lenker (1)</a></li>
+
+ <li><a href="tags/ltsp">ltsp (1)</a></li>
+
+ <li><a href="tags/multimedia">multimedia (5)</a></li>
+
+ <li><a href="tags/norsk">norsk (64)</a></li>
+
+ <li><a href="tags/nuug">nuug (70)</a></li>
+
+ <li><a href="tags/opphavsrett">opphavsrett (12)</a></li>
+
+ <li><a href="tags/personvern">personvern (11)</a></li>
+
+ <li><a href="tags/reprap">reprap (10)</a></li>
+
+ <li><a href="tags/rss">rss (1)</a></li>
+
+ <li><a href="tags/sikkerhet">sikkerhet (6)</a></li>
+
+ <li><a href="tags/standard">standard (11)</a></li>
+
+ <li><a href="tags/stavekontroll">stavekontroll (1)</a></li>
+
+ <li><a href="tags/video">video (10)</a></li>
+
+ <li><a href="tags/vitenskap">vitenskap (1)</a></li>
+
+ <li><a href="tags/web">web (6)</a></li>
+
+</ul>
+
+</div>
+ </body>
+</html>