blog/Thoughts_on_roaming_laptop_setup_for_Debian_Edu.html

   1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   2           "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
   3 <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr">
   4   <head>
   5     <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
   6     <title>Petter Reinholdtsen: Thoughts on roaming laptop setup for Debian Edu</title>
   7     <link rel="stylesheet" type="text/css" media="screen" href="http://people.skolelinux.org/pere/blog/style.css" />
   8     <link rel="stylesheet" type="text/css" media="screen" href="http://people.skolelinux.org/pere/blog/vim.css" />
   9   </head>
  10   <body>
  11     <div class="title">
  12  <h1>
  13      <a href="http://people.skolelinux.org/pere/blog/">Petter Reinholdtsen</a>
  14
  15  </h1>
  16
  17 </div>
  18
  19
  20     <div class="entry">
  21       <div class="title">Thoughts on roaming laptop setup for Debian Edu</div>
  22       <div class="date">28th April 2010</div>
  23       <div class="body"><p>For some years now, I have wondered how we should handle laptops in
  24 Debian Edu.  The Debian Edu infrastructure is mostly designed to
  25 handle stationary computers, and less suited for computers that come
  26 and go.</p>
  27
  28 <p>Now I finally believe I have an sensible idea on how to adjust
  29 Debian Edu for laptops, by introducing a new profile for them, for
  30 example called Roaming Workstations.  Here are my thought on this.
  31 The setup would consist of the following:</p>
  32
  33 <ul>
  34
  35  <li>During installation, the user name of the owner / primary user of
  36    the laptop is requested and a local home directory is set up for
  37    the user, with uid and gid information fetched from the LDAP
  38    server.  This allow the user to work also when offline.  The
  39    central home directory can be available in a subdirectory on
  40    request, for example mounted via CIFS.  It could be mounted
  41    automatically when a user log in while on the Debian Edu network,
  42    and unmounted when the machine is taken away (network down,
  43    hibernate, etc), it can be set up to do automatic mounting on
  44    request (using autofs), or perhaps some GUI button on the desktop
  45    can be used to access it when needed.  Perhaps it is enough to use
  46    the fish protocol in KDE?</li>
  47
  48  <li>Password checking is set up to use LDAP or Kerberos
  49    authentication when the machine is on the Debian Edu network, and
  50    to cache the password for offline checking when the machine unable
  51    to reach the LDAP or Kerberos server.  This can be done using
  52    <a href="http://www.padl.com/OSS/pam_ccreds.html">libpam-ccreds</a>
  53    or the Fedora developed
  54    <a href="https://fedoraproject.org/wiki/Features/SSSD">System
  55    Security Services Daemon</a> packages.</li>
  56
  57  <li>File synchronisation with the central home directory is set up
  58    using a shared directory in both the local and the central home
  59    directory, using unison.</li>
  60
  61  <li>Printing should be set up to print to all printers broadcasting
  62    their existence on the local network, and should then work out of
  63    the box with CUPS.  For sites needing accurate printer quotas, some
  64    system with Kerberos authentication or printing via ssh could be
  65    implemented.</li>
  66
  67  <li>For users that should have local root access to their laptop,
  68    sudo should be used to allow this to the local user.</li>
  69
  70  <li>It would be nice if user and group information from LDAP is
  71    cached on the client, but given that there are entries for the
  72    local user and primary group in /etc/, it should not be needed.</li>
  73
  74 </ul>
  75
  76 <p>I believe all the pieces to implement this are in Debian/testing at
  77 the moment.  If we work quickly, we should be able to get this ready
  78 in time for the Squeeze release to freeze.  Some of the pieces need
  79 tweaking, like libpam-ccreds should get support for pam-auth-update
  80 (<a href="http://bugs.debian.org/566718">#566718</a>) and nslcd (or
  81 perhaps debian-edu-config) should get some integration code to stop
  82 its daemon when the LDAP server is unavailable to avoid long timeouts
  83 when disconnected from the net.  If we get Kerberos enabled, we need
  84 to make sure we avoid long timeouts there too.</p>
  85
  86 <p>If you want to help out with implementing this for Debian Edu,
  87 please contact us on debian-edu@lists.debian.org.</p>
  88 </div>
  89
  90       <div class="tags">Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.</div>
  91
  92
  93     </div>
  94
  95
  96
  97
  98     <div id="sidebar">
  99
 100
 101
 102 <h2>Archive</h2>
 103 <ul>
 104
 105 <li>2012
 106 <ul>
 107
 108 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/01/">January (7)</a></li>
 109
 110 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/02/">February (10)</a></li>
 111
 112 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/03/">March (17)</a></li>
 113
 114 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/04/">April (12)</a></li>
 115
 116 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/05/">May (12)</a></li>
 117
 118 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/06/">June (20)</a></li>
 119
 120 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/07/">July (17)</a></li>
 121
 122 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/08/">August (6)</a></li>
 123
 124 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/09/">September (7)</a></li>
 125
 126 </ul></li>
 127
 128 <li>2011
 129 <ul>
 130
 131 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/01/">January (16)</a></li>
 132
 133 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/02/">February (6)</a></li>
 134
 135 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/03/">March (6)</a></li>
 136
 137 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/04/">April (7)</a></li>
 138
 139 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/05/">May (3)</a></li>
 140
 141 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/06/">June (2)</a></li>
 142
 143 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/07/">July (7)</a></li>
 144
 145 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/08/">August (6)</a></li>
 146
 147 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/09/">September (4)</a></li>
 148
 149 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/10/">October (2)</a></li>
 150
 151 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/11/">November (3)</a></li>
 152
 153 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/12/">December (1)</a></li>
 154
 155 </ul></li>
 156
 157 <li>2010
 158 <ul>
 159
 160 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/01/">January (2)</a></li>
 161
 162 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/02/">February (1)</a></li>
 163
 164 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/03/">March (3)</a></li>
 165
 166 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/04/">April (3)</a></li>
 167
 168 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/05/">May (9)</a></li>
 169
 170 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/06/">June (14)</a></li>
 171
 172 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/07/">July (12)</a></li>
 173
 174 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/08/">August (13)</a></li>
 175
 176 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/09/">September (7)</a></li>
 177
 178 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/10/">October (9)</a></li>
 179
 180 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/11/">November (13)</a></li>
 181
 182 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/12/">December (12)</a></li>
 183
 184 </ul></li>
 185
 186 <li>2009
 187 <ul>
 188
 189 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/01/">January (8)</a></li>
 190
 191 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/02/">February (8)</a></li>
 192
 193 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/03/">March (12)</a></li>
 194
 195 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/04/">April (10)</a></li>
 196
 197 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/05/">May (9)</a></li>
 198
 199 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/06/">June (3)</a></li>
 200
 201 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/07/">July (4)</a></li>
 202
 203 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/08/">August (3)</a></li>
 204
 205 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/09/">September (1)</a></li>
 206
 207 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/10/">October (2)</a></li>
 208
 209 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/11/">November (3)</a></li>
 210
 211 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/12/">December (3)</a></li>
 212
 213 </ul></li>
 214
 215 <li>2008
 216 <ul>
 217
 218 <li><a href="http://people.skolelinux.org/pere/blog/archive/2008/11/">November (5)</a></li>
 219
 220 <li><a href="http://people.skolelinux.org/pere/blog/archive/2008/12/">December (7)</a></li>
 221
 222 </ul></li>
 223
 224 </ul>
 225
 226
 227
 228 <h2>Tags</h2>
 229 <ul>
 230
 231  <li><a href="http://people.skolelinux.org/pere/blog/tags/3d-printer">3d-printer (13)</a></li>
 232
 233  <li><a href="http://people.skolelinux.org/pere/blog/tags/amiga">amiga (1)</a></li>
 234
 235  <li><a href="http://people.skolelinux.org/pere/blog/tags/aros">aros (1)</a></li>
 236
 237  <li><a href="http://people.skolelinux.org/pere/blog/tags/bitcoin">bitcoin (2)</a></li>
 238
 239  <li><a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem (12)</a></li>
 240
 241  <li><a href="http://people.skolelinux.org/pere/blog/tags/bsa">bsa (2)</a></li>
 242
 243  <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (57)</a></li>
 244
 245  <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (112)</a></li>
 246
 247  <li><a href="http://people.skolelinux.org/pere/blog/tags/digistan">digistan (9)</a></li>
 248
 249  <li><a href="http://people.skolelinux.org/pere/blog/tags/docbook">docbook (6)</a></li>
 250
 251  <li><a href="http://people.skolelinux.org/pere/blog/tags/drivstoffpriser">drivstoffpriser (4)</a></li>
 252
 253  <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (151)</a></li>
 254
 255  <li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (17)</a></li>
 256
 257  <li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (12)</a></li>
 258
 259  <li><a href="http://people.skolelinux.org/pere/blog/tags/freeculture">freeculture (7)</a></li>
 260
 261  <li><a href="http://people.skolelinux.org/pere/blog/tags/frikanalen">frikanalen (8)</a></li>
 262
 263  <li><a href="http://people.skolelinux.org/pere/blog/tags/intervju">intervju (31)</a></li>
 264
 265  <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (17)</a></li>
 266
 267  <li><a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap (8)</a></li>
 268
 269  <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (4)</a></li>
 270
 271  <li><a href="http://people.skolelinux.org/pere/blog/tags/ltsp">ltsp (1)</a></li>
 272
 273  <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (25)</a></li>
 274
 275  <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (196)</a></li>
 276
 277  <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (143)</a></li>
 278
 279  <li><a href="http://people.skolelinux.org/pere/blog/tags/offentlig innsyn">offentlig innsyn (4)</a></li>
 280
 281  <li><a href="http://people.skolelinux.org/pere/blog/tags/open311">open311 (2)</a></li>
 282
 283  <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (35)</a></li>
 284
 285  <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (49)</a></li>
 286
 287  <li><a href="http://people.skolelinux.org/pere/blog/tags/raid">raid (1)</a></li>
 288
 289  <li><a href="http://people.skolelinux.org/pere/blog/tags/reprap">reprap (11)</a></li>
 290
 291  <li><a href="http://people.skolelinux.org/pere/blog/tags/rfid">rfid (2)</a></li>
 292
 293  <li><a href="http://people.skolelinux.org/pere/blog/tags/robot">robot (4)</a></li>
 294
 295  <li><a href="http://people.skolelinux.org/pere/blog/tags/rss">rss (1)</a></li>
 296
 297  <li><a href="http://people.skolelinux.org/pere/blog/tags/ruter">ruter (4)</a></li>
 298
 299  <li><a href="http://people.skolelinux.org/pere/blog/tags/scraperwiki">scraperwiki (2)</a></li>
 300
 301  <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (23)</a></li>
 302
 303  <li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (4)</a></li>
 304
 305  <li><a href="http://people.skolelinux.org/pere/blog/tags/skepsis">skepsis (1)</a></li>
 306
 307  <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (37)</a></li>
 308
 309  <li><a href="http://people.skolelinux.org/pere/blog/tags/stavekontroll">stavekontroll (1)</a></li>
 310
 311  <li><a href="http://people.skolelinux.org/pere/blog/tags/stortinget">stortinget (4)</a></li>
 312
 313  <li><a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance (10)</a></li>
 314
 315  <li><a href="http://people.skolelinux.org/pere/blog/tags/valg">valg (7)</a></li>
 316
 317  <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (34)</a></li>
 318
 319  <li><a href="http://people.skolelinux.org/pere/blog/tags/vitenskap">vitenskap (2)</a></li>
 320
 321  <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (25)</a></li>
 322
 323 </ul>
 324
 325
 326     </div>
 327     <p style="text-align: right">
 328  Created by <a href="http://steve.org.uk/Software/chronicle">Chronicle v4.4</a>
 329 </p>
 330
 331   </body>
 332 </html>