Make it easier to visit my APT repo.

[homepage.git] / blog / Debian_Edu___some_ideas_for_the_future_versions.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
          "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr">
  <head>
    <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
    <title>Petter Reinholdtsen: Debian Edu - some ideas for the future versions</title>
    <link rel="stylesheet" type="text/css" media="screen" href="http://people.skolelinux.org/pere/blog/style.css" />
    <link rel="stylesheet" type="text/css" media="screen" href="http://people.skolelinux.org/pere/blog/vim.css" />


  </head>
  <body>
    <div class="title">
 <h1>
     <a href="http://people.skolelinux.org/pere/blog/">Petter Reinholdtsen</a>
     
 </h1>
 
</div>


    <div class="entry">
      <div class="title">Debian Edu - some ideas for the future versions</div>
      <div class="date">11th June 2012</div>
      <div class="body"><p>During my work on
<a href="http://www.debian.org/News/2012/20120311.nb.html">Debian Edu
based on Squeeze</a>, I came across some issues that should be
addressed in the Wheezy release.  I finally found time to wrap up my
notes and provide quick summary of what I found, with a bit
explanation.</p>

<p><ul>

<li>We need to rewrite our package installation framework, as tasksel
changed from using tasksel tasks to using meta packages (aka packages
with dependencies like our education-* packages), and our installation
system depend on tasksel tasks in
/usr/share/tasksel/debian-edu-tasks.desc for package
installation.</li>

<li>Enable Kerberos login for more services.  Now with the Kerberos
foundation in place, we should use it to get single sign on with more
services, and avoiding unneeded password / login questions.  We should
at least try to enable it for these services:
<ul>

  <li>CUPS for admins to add/configure printers and users when using
    quotas.</li>
  <li>Nagios for admins checking the system status.</li>
  <li>GOsa for admins updating LDAP and users changing their passwords.</li>
  <li>LDAP for admins updating LDAP.</li>
  <li>Squid for users when exam mode / filtering is active.</li>
  <li>ssh for admins and users to save a password prompt.</li>

</ul></li>

<li>When we move GOsa to use Kerberos instead of LDAP bind to
authenticate users, we should try to block or at least limit access to
use LDAP bind for authentication, to ensure Kerberos is used when it
is intended, and nothing fall back to using the less safe LDAP bind</li>

<li>Merge debian-edu-config and debian-edu-install.  The split made
sense when d-e-install did a lot more, but these days it is just an
inconvenience when we update the debconf preseeding values.</li>

<li>Fix partman-auto to allow us to abort the installation before
touching the disk if the disk is too small.  This is
<a href="http://bugs.debian.org/653305">BTS report #653305</a> and the
d-i developers are fine with the patch and someone just need to apply
it and upload.  After this is done we need to adjust
debian-edu-install to use this new hook.</li>

<li>Adjust to new LTSP framework (boot time config instead of install
time config).  LTSP changed its design, and our hooks to install
packages and update the configuration is most likely not going to work
in Wheezy.

<li>Consider switching to NBD instead of NFS for LTSP root, to allow
the Kernel to cache files in its normal file cache, possibly speeding
up KDE login on slow networks.</li>

<li>Make it possible to create expired user passwords that need to
change on first login.  This is useful when handing out password on
paper, to make sure only the user know the password.  This require
fixes to the PAM handling of kdm and gdm.</li>

<li>Make GUI for adding new machines automatically from sitesummary.
The current command line script is not very friendly to people most
familiar with GUIs.  This should probably be integrated into GOsa to
have it available where the admin will be looking for it..</li>

<li>We should find way for Nagios to check that the DHCP service
actually is working (as in handling out IP addresses).  None of the
Nagios checks I have found so far have been working for me.</li>

<li>We should switch from libpam-nss-ldapd to sssd for all profiles
using LDAP, and not only on for roaming workstations, to have less
packages to configure and consistent setup across all profiles.</li>

<li>We should configure Kerberos to update LDAP and Samba password
when changing password using the Kerberos protocol.  The hook was
requested in <a href="http://bugs.debian.org/588968">BTS report
#588968</a> and is now available in Wheezy.  We might need to write a
MIT Kerberos plugin in C to get this.</li>

<li>We should clean up the set of applications installed by default.
<ul>

<li>reduce the number of chemistry visualisers</li>
<li>consider dropping xpaint</li>
<li>and probably more?</li>
</ul></li>

<li>Some hardware need external firmware to work properly.  This is
mostly the case for WiFi network cards, but there are some other
examples too.  For popular laptops to work out of the box, such
firmware need to be installed from non-free, and we should provide
some GUI to do this.  Ubuntu already have this implemented, and we
could consider using their packages.  At the moment we have some
command line script to do this (one for the running system, another
for the LTSP chroot).</li>


<li>In Squeeze, we provide KDE, Gnome and LXDE as desktop options.  We
should extend the list to Xfce and Sugar, and preferably find a way to
install several and allow the admin or the user to select which one to
use.</li>

<li>The golearn tool from the goplay package make it easy to check out
interesting educational packages.  We should work on the package
tagging in Debian to ensure it represent all the useful educational
packages, and extend the tool to allow it to use packagekit to install
new applications with a simple mouse click.</li>

<li>The Squeeze version got half a exam solution already in place,
with the introduction of iptable based network blocking, but for it to
be a complete exam solution the Squid proxy need to enable
filtering/blocking as well when the exam mode is enabled.  We should
implement a way to easily enable this for the schools that want it,
instead of the "it is documented" method of today.</li>

<li>A feature used in several schools is the ability for a teacher to
"take over" the desktop of individual or all computers in the room.
There are at least three implementations,
<a href="italc.sourceforge.net/">italc</a>,
<a href="http://www.itais.net/help/en/">controlaula</a> og
<a href="http://www.epoptes.org/">epoptes</a> and we should pick one of
them and make it trivial to set it up in a school.  The challenges is
how to distribute crypto keys and how to group computers in one room
and how to set up which machine/user can control the machines in a
given room.</li>

<li>Tablets and surf boards are getting more and more popular, and we
should look into providing a good solution for integrating these into
the Debian Edu network.  Not quite sure how.  Perhaps we should
provide a installation profile with better touch screen support for
them, or add some sync services to allow them to exchange
configuration and data with the central server.  This should be
investigated.</li>

</ul></p>

<p>I guess we will discover more as we continue to work on the Wheezy
version.</p>
</div>
      
      <div class="tags">Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.</div>
      
      
    </div>
    

    

    <div id="sidebar">
      


<h2>Archive</h2>
<ul>

<li>2013
<ul>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2013/01/">January (11)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2013/02/">February (9)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2013/03/">March (9)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2013/04/">April (6)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2013/05/">May (9)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2013/06/">June (10)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2013/07/">July (7)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2013/08/">August (3)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2013/09/">September (2)</a></li>

</ul></li>

<li>2012
<ul>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2012/01/">January (7)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2012/02/">February (10)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2012/03/">March (17)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2012/04/">April (12)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2012/05/">May (12)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2012/06/">June (20)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2012/07/">July (17)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2012/08/">August (6)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2012/09/">September (9)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2012/10/">October (17)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2012/11/">November (10)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2012/12/">December (7)</a></li>

</ul></li>

<li>2011
<ul>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2011/01/">January (16)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2011/02/">February (6)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2011/03/">March (6)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2011/04/">April (7)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2011/05/">May (3)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2011/06/">June (2)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2011/07/">July (7)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2011/08/">August (6)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2011/09/">September (4)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2011/10/">October (2)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2011/11/">November (3)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2011/12/">December (1)</a></li>

</ul></li>

<li>2010
<ul>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/01/">January (2)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/02/">February (1)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/03/">March (3)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/04/">April (3)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/05/">May (9)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/06/">June (14)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/07/">July (12)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/08/">August (13)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/09/">September (7)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/10/">October (9)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/11/">November (13)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/12/">December (12)</a></li>

</ul></li>

<li>2009
<ul>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/01/">January (8)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/02/">February (8)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/03/">March (12)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/04/">April (10)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/05/">May (9)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/06/">June (3)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/07/">July (4)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/08/">August (3)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/09/">September (1)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/10/">October (2)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/11/">November (3)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/12/">December (3)</a></li>

</ul></li>

<li>2008
<ul>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2008/11/">November (5)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2008/12/">December (7)</a></li>

</ul></li>

</ul>



<h2>Tags</h2>
<ul>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/3d-printer">3d-printer (13)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/amiga">amiga (1)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/aros">aros (1)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/bankid">bankid (4)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/bitcoin">bitcoin (7)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem (12)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/bsa">bsa (2)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (85)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (139)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/digistan">digistan (10)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/docbook">docbook (10)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/drivstoffpriser">drivstoffpriser (4)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (214)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (21)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (12)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/freeculture">freeculture (12)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/freedombox">freedombox (1)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/frikanalen">frikanalen (11)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/intervju">intervju (37)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/isenkram">isenkram (7)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (18)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap (8)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (6)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/ltsp">ltsp (1)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (25)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (235)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (153)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/offentlig innsyn">offentlig innsyn (8)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/open311">open311 (2)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (44)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (66)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/raid">raid (1)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/reprap">reprap (11)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/rfid">rfid (2)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/robot">robot (7)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/rss">rss (1)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/ruter">ruter (4)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/scraperwiki">scraperwiki (2)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (30)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (4)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/skepsis">skepsis (4)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (43)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/stavekontroll">stavekontroll (3)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/stortinget">stortinget (8)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance (17)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/sysadmin">sysadmin (1)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/valg">valg (8)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (38)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/vitenskap">vitenskap (4)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (27)</a></li>

</ul>


    </div>
    <p style="text-align: right">
 Created by <a href="http://steve.org.uk/Software/chronicle">Chronicle v4.6</a>
</p>

  </body>
</html>