blog/Pieces_of_the_roaming_laptop_puzzle_in_Debian.html

   1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   2           "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
   3 <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr">
   4   <head>
   5     <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
   6     <title>Petter Reinholdtsen: Pieces of the roaming laptop puzzle in Debian</title>
   7     <link rel="stylesheet" type="text/css" media="screen" href="http://people.skolelinux.org/pere/blog/style.css" />
   8     <link rel="stylesheet" type="text/css" media="screen" href="http://people.skolelinux.org/pere/blog/vim.css" />
   9   </head>
  10   <body>
  11     <div class="title">
  12  <h1>
  13      <a href="http://people.skolelinux.org/pere/blog/">Petter Reinholdtsen</a>
  14
  15  </h1>
  16
  17 </div>
  18
  19
  20     <div class="entry">
  21       <div class="title">Pieces of the roaming laptop puzzle in Debian</div>
  22       <div class="date">19th May 2010</div>
  23       <div class="body"><p>Today, the last piece of the puzzle for roaming laptops in Debian
  24 Edu finally entered the Debian archive.  Today, the new
  25 <a href="http://packages.qa.debian.org/libp/libpam-mklocaluser.html">libpam-mklocaluser</a>
  26 package was accepted.  Two days ago, two other pieces was accepted
  27 into unstable.  The
  28 <a href="http://packages.qa.debian.org/p/pam-python.html">pam-python</a>
  29 package needed by libpam-mklocaluser, and the
  30 <a href="http://packages.qa.debian.org/s/sssd.html">sssd</a> package
  31 passed NEW on Monday.  In addition, the
  32 <a href="http://packages.qa.debian.org/libp/libpam-ccreds.html">libpam-ccreds</a>
  33 package we need is in experimental (version 10-4) since Saturday, and
  34 hopefully will be moved to unstable soon.</p>
  35
  36 <p>This collection of packages allow for two different setups for
  37 roaming laptops.  The traditional setup would be using libpam-ccreds,
  38 nscd and libpam-mklocaluser with LDAP or Kerberos authentication,
  39 which should work out of the box if the configuration changes proposed
  40 for nscd in <a href="http://bugs.debian.org/485282">BTS report
  41 #485282</a> is implemented.  The alternative setup is to use sssd with
  42 libpam-mklocaluser to connect to LDAP or Kerberos and let sssd take
  43 care of the caching of passwords and group information.</p>
  44
  45 <p>I have so far been unable to get sssd to work with the LDAP server
  46 at the University, but suspect the issue is some SSL/GnuTLS related
  47 problem with the server certificate.  I plan to update the Debian
  48 package to version 1.2, which is scheduled for next week, and hope to
  49 find time to make sure the next release will include both the
  50 Debian/Ubuntu specific patches.  Upstream is friendly and responsive,
  51 and I am sure we will find a good solution.</p>
  52
  53 <p>The idea is to set up the roaming laptops to authenticate using
  54 LDAP or Kerberos and create a local user with home directory in /home/
  55 when a usre in LDAP logs in via KDM or GDM for the first time, and
  56 cache the password for offline checking, as well as caching group
  57 memberhips and other relevant LDAP information.  The
  58 libpam-mklocaluser package was created to make sure the local home
  59 directory is in /home/, instead of /site/server/directory/ which would
  60 be the home directory if pam_mkhomedir was used.  To avoid confusion
  61 with support requests and configuration, we do not want local laptops
  62 to have users in a path that is used for the same users home directory
  63 on the home directory servers.</p>
  64
  65 <p>One annoying problem with gdm is that it do not show the PAM
  66 message passed to the user from libpam-mklocaluser when the local user
  67 is created.  Instead gdm simply reject the login with some generic
  68 message.  The message is shown in kdm, ssh and login, so I guess it is
  69 a bug in gdm.  Have not investigated if there is some other message
  70 type that can be used instead to get gdm to also show the message.</p>
  71
  72 <p>If you want to help out with implementing this for Debian Edu,
  73 please contact us on debian-edu@lists.debian.org.</p>
  74 </div>
  75
  76       <div class="tags">Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.</div>
  77
  78
  79     </div>
  80
  81
  82
  83
  84     <div id="sidebar">
  85
  86
  87
  88 <h2>Archive</h2>
  89 <ul>
  90
  91 <li>2012
  92 <ul>
  93
  94 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/01/">January (7)</a></li>
  95
  96 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/02/">February (10)</a></li>
  97
  98 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/03/">March (17)</a></li>
  99
 100 </ul></li>
 101
 102 <li>2011
 103 <ul>
 104
 105 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/01/">January (16)</a></li>
 106
 107 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/02/">February (6)</a></li>
 108
 109 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/03/">March (6)</a></li>
 110
 111 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/04/">April (7)</a></li>
 112
 113 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/05/">May (3)</a></li>
 114
 115 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/06/">June (2)</a></li>
 116
 117 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/07/">July (7)</a></li>
 118
 119 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/08/">August (6)</a></li>
 120
 121 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/09/">September (4)</a></li>
 122
 123 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/10/">October (2)</a></li>
 124
 125 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/11/">November (3)</a></li>
 126
 127 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/12/">December (1)</a></li>
 128
 129 </ul></li>
 130
 131 <li>2010
 132 <ul>
 133
 134 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/01/">January (2)</a></li>
 135
 136 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/02/">February (1)</a></li>
 137
 138 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/03/">March (3)</a></li>
 139
 140 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/04/">April (3)</a></li>
 141
 142 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/05/">May (9)</a></li>
 143
 144 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/06/">June (14)</a></li>
 145
 146 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/07/">July (12)</a></li>
 147
 148 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/08/">August (13)</a></li>
 149
 150 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/09/">September (7)</a></li>
 151
 152 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/10/">October (9)</a></li>
 153
 154 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/11/">November (13)</a></li>
 155
 156 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/12/">December (12)</a></li>
 157
 158 </ul></li>
 159
 160 <li>2009
 161 <ul>
 162
 163 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/01/">January (8)</a></li>
 164
 165 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/02/">February (8)</a></li>
 166
 167 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/03/">March (12)</a></li>
 168
 169 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/04/">April (10)</a></li>
 170
 171 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/05/">May (9)</a></li>
 172
 173 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/06/">June (3)</a></li>
 174
 175 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/07/">July (4)</a></li>
 176
 177 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/08/">August (3)</a></li>
 178
 179 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/09/">September (1)</a></li>
 180
 181 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/10/">October (2)</a></li>
 182
 183 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/11/">November (3)</a></li>
 184
 185 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/12/">December (3)</a></li>
 186
 187 </ul></li>
 188
 189 <li>2008
 190 <ul>
 191
 192 <li><a href="http://people.skolelinux.org/pere/blog/archive/2008/11/">November (5)</a></li>
 193
 194 <li><a href="http://people.skolelinux.org/pere/blog/archive/2008/12/">December (7)</a></li>
 195
 196 </ul></li>
 197
 198 </ul>
 199
 200
 201
 202 <h2>Tags</h2>
 203 <ul>
 204
 205  <li><a href="http://people.skolelinux.org/pere/blog/tags/3d-printer">3d-printer (13)</a></li>
 206
 207  <li><a href="http://people.skolelinux.org/pere/blog/tags/amiga">amiga (1)</a></li>
 208
 209  <li><a href="http://people.skolelinux.org/pere/blog/tags/aros">aros (1)</a></li>
 210
 211  <li><a href="http://people.skolelinux.org/pere/blog/tags/bitcoin">bitcoin (2)</a></li>
 212
 213  <li><a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem (12)</a></li>
 214
 215  <li><a href="http://people.skolelinux.org/pere/blog/tags/bsa">bsa (2)</a></li>
 216
 217  <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (54)</a></li>
 218
 219  <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (93)</a></li>
 220
 221  <li><a href="http://people.skolelinux.org/pere/blog/tags/digistan">digistan (7)</a></li>
 222
 223  <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (117)</a></li>
 224
 225  <li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (15)</a></li>
 226
 227  <li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (12)</a></li>
 228
 229  <li><a href="http://people.skolelinux.org/pere/blog/tags/intervju">intervju (20)</a></li>
 230
 231  <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (15)</a></li>
 232
 233  <li><a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap (8)</a></li>
 234
 235  <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (4)</a></li>
 236
 237  <li><a href="http://people.skolelinux.org/pere/blog/tags/ltsp">ltsp (1)</a></li>
 238
 239  <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (14)</a></li>
 240
 241  <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (156)</a></li>
 242
 243  <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (120)</a></li>
 244
 245  <li><a href="http://people.skolelinux.org/pere/blog/tags/open311">open311 (2)</a></li>
 246
 247  <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (24)</a></li>
 248
 249  <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (46)</a></li>
 250
 251  <li><a href="http://people.skolelinux.org/pere/blog/tags/raid">raid (1)</a></li>
 252
 253  <li><a href="http://people.skolelinux.org/pere/blog/tags/reprap">reprap (11)</a></li>
 254
 255  <li><a href="http://people.skolelinux.org/pere/blog/tags/rfid">rfid (2)</a></li>
 256
 257  <li><a href="http://people.skolelinux.org/pere/blog/tags/robot">robot (4)</a></li>
 258
 259  <li><a href="http://people.skolelinux.org/pere/blog/tags/rss">rss (1)</a></li>
 260
 261  <li><a href="http://people.skolelinux.org/pere/blog/tags/ruter">ruter (4)</a></li>
 262
 263  <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (23)</a></li>
 264
 265  <li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (4)</a></li>
 266
 267  <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (24)</a></li>
 268
 269  <li><a href="http://people.skolelinux.org/pere/blog/tags/stavekontroll">stavekontroll (1)</a></li>
 270
 271  <li><a href="http://people.skolelinux.org/pere/blog/tags/stortinget">stortinget (3)</a></li>
 272
 273  <li><a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance (9)</a></li>
 274
 275  <li><a href="http://people.skolelinux.org/pere/blog/tags/valg">valg (6)</a></li>
 276
 277  <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (23)</a></li>
 278
 279  <li><a href="http://people.skolelinux.org/pere/blog/tags/vitenskap">vitenskap (1)</a></li>
 280
 281  <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (18)</a></li>
 282
 283 </ul>
 284
 285
 286     </div>
 287     <p style="text-align: right">
 288  Created by <a href="http://steve.org.uk/Software/chronicle">Chronicle v4.4</a>
 289 </p>
 290
 291   </body>
 292 </html>