<html>
<head>
<title>Petter Reinholdtsen: Entries Tagged english</title>
- <link rel="stylesheet" type="text/css" media="screen" href="../../style.css">
+ <link rel="stylesheet" type="text/css" media="screen" href="http://people.skolelinux.org/pere/blog/style.css">
<link rel="alternate" title="RSS Feed" href="english.rss" type="application/rss+xml">
</head>
<body>
<div class="title">
<h1>
- <a href="../../">Petter Reinholdtsen</a>
+ <a href="http://people.skolelinux.org/pere/blog/">Petter Reinholdtsen</a>
</h1>
<div class="entry">
<div class="title">
- <a href="../../The_sorry_state_of_multimedia_browser_plugins_in_Debian.html">The sorry state of multimedia browser plugins in Debian</a>
+ <a href="http://people.skolelinux.org/pere/blog/The_sorry_state_of_multimedia_browser_plugins_in_Debian.html">The sorry state of multimedia browser plugins in Debian</a>
</div>
<div class="date">
2008-11-25 00:10
- Tags: <a href="../../tags/debian">debian</a>, <a href="../../tags/debian edu">debian edu</a>, <a href="../../tags/english">english</a>, <a href="../../tags/multimedia">multimedia</a>, <a href="../../tags/web">web</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia</a>, <a href="http://people.skolelinux.org/pere/blog/tags/web">web</a>.
</div>
</div>
<div class="entry">
<div class="title">
- <a href="../../Devcamp_brought_us_closer_to_the_Lenny_based_Debian_Edu_release.html">Devcamp brought us closer to the Lenny based Debian Edu release</a>
+ <a href="http://people.skolelinux.org/pere/blog/Devcamp_brought_us_closer_to_the_Lenny_based_Debian_Edu_release.html">Devcamp brought us closer to the Lenny based Debian Edu release</a>
</div>
<div class="date">
2008-12-07 12:00
- Tags: <a href="../../tags/debian">debian</a>, <a href="../../tags/debian edu">debian edu</a>, <a href="../../tags/english">english</a>, <a href="../../tags/ltsp">ltsp</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/ltsp">ltsp</a>.
</div>
</div>
<div class="entry">
<div class="title">
- <a href="../../Software_video_mixer_on_a_USB_stick.html">Software video mixer on a USB stick</a>
+ <a href="http://people.skolelinux.org/pere/blog/Software_video_mixer_on_a_USB_stick.html">Software video mixer on a USB stick</a>
</div>
<div class="date">
2008-12-28 15:40
- Tags: <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>, <a href="../../tags/video">video</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/video">video</a>.
</div>
</div>
<div class="entry">
<div class="title">
- <a href="../../When_web_browser_developers_make_a_video_player___.html">When web browser developers make a video player...</a>
+ <a href="http://people.skolelinux.org/pere/blog/When_web_browser_developers_make_a_video_player___.html">When web browser developers make a video player...</a>
</div>
<div class="date">
2009-01-17 18:50
- Tags: <a href="../../tags/english">english</a>, <a href="../../tags/multimedia">multimedia</a>, <a href="../../tags/nuug">nuug</a>, <a href="../../tags/video">video</a>, <a href="../../tags/web">web</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/video">video</a>, <a href="http://people.skolelinux.org/pere/blog/tags/web">web</a>.
</div>
</div>
<div class="entry">
<div class="title">
- <a href="../../Using_bar_codes_at_a_computing_center.html">Using bar codes at a computing center</a>
+ <a href="http://people.skolelinux.org/pere/blog/Using_bar_codes_at_a_computing_center.html">Using bar codes at a computing center</a>
</div>
<div class="date">
2009-02-20 08:50
- Tags: <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
</div>
</div>
<div class="entry">
<div class="title">
- <a href="../../Checking_server_hardware_support_status_for_Dell__HP_and_IBM_servers.html">Checking server hardware support status for Dell, HP and IBM servers</a>
+ <a href="http://people.skolelinux.org/pere/blog/Checking_server_hardware_support_status_for_Dell__HP_and_IBM_servers.html">Checking server hardware support status for Dell, HP and IBM servers</a>
</div>
<div class="date">
2009-02-28 23:50
- Tags: <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
</div>
</div>
<div class="entry">
<div class="title">
- <a href="../../Time_for_new__LDAP_schemas_replacing_RFC_2307_.html">Time for new LDAP schemas replacing RFC 2307?</a>
+ <a href="http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html">Time for new LDAP schemas replacing RFC 2307?</a>
</div>
<div class="date">
2009-03-29 20:30
- Tags: <a href="../../tags/debian">debian</a>, <a href="../../tags/debian edu">debian edu</a>, <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
</div>
</div>
<div class="entry">
<div class="title">
- <a href="../../Returning_from_Skolelinux_developer_gathering.html">Returning from Skolelinux developer gathering</a>
+ <a href="http://people.skolelinux.org/pere/blog/Returning_from_Skolelinux_developer_gathering.html">Returning from Skolelinux developer gathering</a>
</div>
<div class="date">
2009-03-29 21:00
- Tags: <a href="../../tags/debian">debian</a>, <a href="../../tags/debian edu">debian edu</a>, <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
</div>
</div>
<div class="entry">
<div class="title">
- <a href="../../Standardize_on_protocols_and_formats__not_vendors_and_applications.html">Standardize on protocols and formats, not vendors and applications</a>
+ <a href="http://people.skolelinux.org/pere/blog/Standardize_on_protocols_and_formats__not_vendors_and_applications.html">Standardize on protocols and formats, not vendors and applications</a>
</div>
<div class="date">
2009-03-30 11:50
- Tags: <a href="../../tags/debian">debian</a>, <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>, <a href="../../tags/standard">standard</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/standard">standard</a>.
</div>
</div>
<div class="entry">
<div class="title">
- <a href="../../Recording_video_from_cron_using_VLC.html">Recording video from cron using VLC</a>
+ <a href="http://people.skolelinux.org/pere/blog/Recording_video_from_cron_using_VLC.html">Recording video from cron using VLC</a>
</div>
<div class="date">
2009-04-05 10:00
- Tags: <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>, <a href="../../tags/video">video</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/video">video</a>.
</div>
</div>
<div class="entry">
<div class="title">
- <a href="../../No_patch_is_not_better_than_a_useless_patch.html">No patch is not better than a useless patch</a>
+ <a href="http://people.skolelinux.org/pere/blog/No_patch_is_not_better_than_a_useless_patch.html">No patch is not better than a useless patch</a>
</div>
<div class="date">
2009-04-28 09:30
- Tags: <a href="../../tags/debian">debian</a>, <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
</div>
</div>
<div class="entry">
<div class="title">
- <a href="../../Two_projects_that_have_improved_the_quality_of_free_software_a_lot.html">Two projects that have improved the quality of free software a lot</a>
+ <a href="http://people.skolelinux.org/pere/blog/Two_projects_that_have_improved_the_quality_of_free_software_a_lot.html">Two projects that have improved the quality of free software a lot</a>
</div>
<div class="date">
2009-05-02 15:00
- Tags: <a href="../../tags/debian">debian</a>, <a href="../../tags/english">english</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
</div>
</div>
<div class="entry">
<div class="title">
- <a href="../../Debian_boots_quicker_and_quicker.html">Debian boots quicker and quicker</a>
+ <a href="http://people.skolelinux.org/pere/blog/Debian_boots_quicker_and_quicker.html">Debian boots quicker and quicker</a>
</div>
<div class="date">
2009-06-24 21:40
- Tags: <a href="../../tags/debian">debian</a>, <a href="../../tags/english">english</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
</div>
</div>
<div class="entry">
<div class="title">
- <a href="../../Taking_over_sysvinit_development.html">Taking over sysvinit development</a>
+ <a href="http://people.skolelinux.org/pere/blog/Taking_over_sysvinit_development.html">Taking over sysvinit development</a>
</div>
<div class="date">
2009-07-22 23:00
- Tags: <a href="../../tags/debian">debian</a>, <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
</div>
</div>
<div class="entry">
<div class="title">
- <a href="../../Debian_has_switched_to_dependency_based_boot_sequencing.html">Debian has switched to dependency based boot sequencing</a>
+ <a href="http://people.skolelinux.org/pere/blog/Debian_has_switched_to_dependency_based_boot_sequencing.html">Debian has switched to dependency based boot sequencing</a>
</div>
<div class="date">
2009-07-27 23:50
- Tags: <a href="../../tags/debian">debian</a>, <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
</div>
</div>
<div class="entry">
<div class="title">
- <a href="../../ISO_still_hope_to_fix_OOXML.html">ISO still hope to fix OOXML</a>
+ <a href="http://people.skolelinux.org/pere/blog/ISO_still_hope_to_fix_OOXML.html">ISO still hope to fix OOXML</a>
</div>
<div class="date">
2009-08-08 14:00
- Tags: <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>, <a href="../../tags/standard">standard</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/standard">standard</a>.
</div>
</div>
<div class="entry">
<div class="title">
- <a href="../../Relative_popularity_of_document_formats__MS_Office_vs__ODF_.html">Relative popularity of document formats (MS Office vs. ODF)</a>
+ <a href="http://people.skolelinux.org/pere/blog/Relative_popularity_of_document_formats__MS_Office_vs__ODF_.html">Relative popularity of document formats (MS Office vs. ODF)</a>
</div>
<div class="date">
2009-08-12 15:50
- Tags: <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>, <a href="../../tags/standard">standard</a>, <a href="../../tags/web">web</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/standard">standard</a>, <a href="http://people.skolelinux.org/pere/blog/tags/web">web</a>.
</div>
</div>
<div class="entry">
<div class="title">
- <a href="../../Automatic_Munin_and_Nagios_configuration.html">Automatic Munin and Nagios configuration</a>
+ <a href="http://people.skolelinux.org/pere/blog/Automatic_Munin_and_Nagios_configuration.html">Automatic Munin and Nagios configuration</a>
</div>
<div class="date">
2010-01-27 15:15
- Tags: <a href="../../tags/debian edu">debian edu</a>, <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
</div>
</div>
<div class="entry">
<div class="title">
- <a href="../../Debian_Edu___Skolelinux_based_on_Lenny_released__work_continues.html">Debian Edu / Skolelinux based on Lenny released, work continues</a>
+ <a href="http://people.skolelinux.org/pere/blog/Debian_Edu___Skolelinux_based_on_Lenny_released__work_continues.html">Debian Edu / Skolelinux based on Lenny released, work continues</a>
</div>
<div class="date">
2010-02-11 17:15
- Tags: <a href="../../tags/debian edu">debian edu</a>, <a href="../../tags/english">english</a>, <a href="../../tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
</div>
</div>
<div class="padding"></div>
- <p style="text-align: right;"><a href="english.rss"><img src="../../xml.gif" alt="RSS Feed" width="36" height="14"></a></p>
+<div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/After_6_years_of_waiting__the_Xreset_d_feature_is_implemented.html">After 6 years of waiting, the Xreset.d feature is implemented</a>
+ </div>
+ <div class="date">
+ 2010-03-06 18:15
+ </div>
+
+ <div class="body">
+
+<p>6 years ago, as part of the Debian Edu development I am involved
+in, I asked for a hook in the kdm and gdm setup to run scripts as root
+when the user log out. A bug was submitted against the xfree86-common
+package in 2004 (<a href="http://bugs.debian.org/230422">#230422</a>),
+and revisited every time Debian Edu was working on a new release.
+Today, this finally paid off.</p>
+
+<p>The framework for this feature was today commited to the git
+repositry for the xorg package, and the git repository for xdm has
+been updated to use this framework. Next on my agenda is to make sure
+kdm and gdm also add code to use this framework.</p>
+
+<p>In Debian Edu, we want to ability to run commands as root when the
+user log out, to get rid of runaway processes and do general cleanup
+after a user. With this framework in place, we finally can do that in
+a generic way that work with all display managers using this
+framework. My goal is to get all display managers in Debian use it,
+similar to how they use the Xsession.d framework today.<p>
+
+ </div>
+ <div class="tags">
+
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
+
+ </div>
+</div>
+<div class="padding"></div>
+
+<div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Kerberos_for_Debian_Edu_Squeeze_.html">Kerberos for Debian Edu/Squeeze?</a>
+ </div>
+ <div class="date">
+ 2010-04-14 17:20
+ </div>
+
+ <div class="body">
+
+<p><a href="http://www.nuug.no/aktiviteter/20100413-kerberos/">Yesterdays
+NUUG presentation</a> about Kerberos was inspiring, and reminded me
+about the need to start using Kerberos in Skolelinux. Setting up a
+Kerberos server seem to be straight forward, and if we get this in
+place a long time before the Squeeze version of Debian freezes, we
+have a chance to migrate Skolelinux away from NFSv3 for the home
+directories, and over to an architecture where the infrastructure do
+not have to trust IP addresses and machines, and instead can trust
+users and cryptographic keys instead.</p>
+
+<p>A challenge will be integration and administration. Is there a
+Kerberos implementation for Debian where one can control the
+administration access in Kerberos using LDAP groups? With it, the
+school administration will have to maintain access control using flat
+files on the main server, which give a huge potential for errors.</p>
+
+<p>A related question I would like to know is how well Kerberos and
+pam-ccreds (offline password check) work together. Anyone know?</p>
+
+<p>Next step will be to use Kerberos for access control in Lwat and
+Nagios. I have no idea how much work that will be to implement. We
+would also need to document how to integrate with Windows AD, as such
+shared network will require two Kerberos realms that need to cooperate
+to work properly.</p>
+
+<p>I believe a good start would be to start using Kerberos on the
+skolelinux.no machines, and this way get ourselves experience with
+configuration and integration. A natural starting point would be
+setting up ldap.skolelinux.no as the Kerberos server, and migrate the
+rest of the machines from PAM via LDAP to PAM via Kerberos one at the
+time.</p>
+
+<p>If you would like to contribute to get this working in Skolelinux,
+I recommend you to see the video recording from yesterdays NUUG
+presentation, and start using Kerberos at home. The video show show
+up in a few days.</p>
+
+ </div>
+ <div class="tags">
+
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
+
+ </div>
+</div>
+<div class="padding"></div>
+
+<div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Great_book___Content__Selected_Essays_on_Technology__Creativity__Copyright__and_the_Future_of_the_Future_.html">Great book: "Content: Selected Essays on Technology, Creativity, Copyright, and the Future of the Future"</a>
+ </div>
+ <div class="date">
+ 2010-04-19 17:10
+ </div>
+
+ <div class="body">
+
+<p>The last few weeks i have had the pleasure of reading a
+thought-provoking collection of essays by Cory Doctorow, on topics
+touching copyright, virtual worlds, the future of man when the
+conscience mind can be duplicated into a computer and many more. The
+book titled "Content: Selected Essays on Technology, Creativity,
+Copyright, and the Future of the Future" is available with few
+restrictions on the web, for example from
+<a href="http://craphound.com/content/">his own site</a>. I read the
+epub-version from
+<a href="http://www.feedbooks.com/book/2883">feedbooks</a> using
+<a href="http://www.fbreader.org/">fbreader</a> and my N810. I
+strongly recommend this book.</p>
+
+ </div>
+ <div class="tags">
+
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/web">web</a>.
+
+ </div>
+</div>
+<div class="padding"></div>
+
+<div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Thoughts_on_roaming_laptop_setup_for_Debian_Edu.html">Thoughts on roaming laptop setup for Debian Edu</a>
+ </div>
+ <div class="date">
+ 2010-04-28 20:40
+ </div>
+
+ <div class="body">
+
+<p>For some years now, I have wondered how we should handle laptops in
+Debian Edu. The Debian Edu infrastructure is mostly designed to
+handle stationary computers, and less suited for computers that come
+and go.</p>
+
+<p>Now I finally believe I have an sensible idea on how to adjust
+Debian Edu for laptops, by introducing a new profile for them, for
+example called Roaming Workstations. Here are my thought on this.
+The setup would consist of the following:</p>
+
+<ul>
+
+ <li>During installation, the user name of the owner / primary user of
+ the laptop is requested and a local home directory is set up for
+ the user, with uid and gid information fetched from the LDAP
+ server. This allow the user to work also when offline. The
+ central home directory can be available in a subdirectory on
+ request, for example mounted via CIFS. It could be mounted
+ automatically when a user log in while on the Debian Edu network,
+ and unmounted when the machine is taken away (network down,
+ hibernate, etc), it can be set up to do automatic mounting on
+ request (using autofs), or perhaps some GUI button on the desktop
+ can be used to access it when needed. Perhaps it is enough to use
+ the fish protocol in KDE?</li>
+
+ <li>Password checking is set up to use LDAP or Kerberos
+ authentication when the machine is on the Debian Edu network, and
+ to cache the password for offline checking when the machine unable
+ to reach the LDAP or Kerberos server. This can be done using
+ <a href="http://www.padl.com/OSS/pam_ccreds.html">libpam-ccreds</a>
+ or the Fedora developed
+ <a href="https://fedoraproject.org/wiki/Features/SSSD">System
+ Security Services Daemon</a> packages.</li>
+
+ <li>File synchronisation with the central home directory is set up
+ using a shared directory in both the local and the central home
+ directory, using unison.</li>
+
+ <li>Printing should be set up to print to all printers broadcasting
+ their existence on the local network, and should then work out of
+ the box with CUPS. For sites needing accurate printer quotas, some
+ system with Kerberos authentication or printing via ssh could be
+ implemented.</li>
+
+ <li>For users that should have local root access to their laptop,
+ sudo should be used to allow this to the local user.</li>
+
+ <li>It would be nice if user and group information from LDAP is
+ cached on the client, but given that there are entries for the
+ local user and primary group in /etc/, it should not be needed.</li>
+
+</ul>
+
+<p>I believe all the pieces to implement this are in Debian/testing at
+the moment. If we work quickly, we should be able to get this ready
+in time for the Squeeze release to freeze. Some of the pieces need
+tweaking, like libpam-ccreds should get support for pam-auth-update
+(<a href="http://bugs.debian.org/566718">#566718</a>) and nslcd (or
+perhaps debian-edu-config) should get some integration code to stop
+its daemon when the LDAP server is unavailable to avoid long timeouts
+when disconnected from the net. If we get Kerberos enabled, we need
+to make sure we avoid long timeouts there too.</p>
+
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
+
+ </div>
+ <div class="tags">
+
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
+
+ </div>
+</div>
+<div class="padding"></div>
+
+<div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Forcing_new_users_to_change_their_password_on_first_login.html">Forcing new users to change their password on first login</a>
+ </div>
+ <div class="date">
+ 2010-05-02 13:47
+ </div>
+
+ <div class="body">
+
+<p>One interesting feature in Active Directory, is the ability to
+create a new user with an expired password, and thus force the user to
+change the password on the first login attempt.</p>
+
+<p>I'm not quite sure how to do that with the LDAP setup in Debian
+Edu, but did some initial testing with a local account. The account
+and password aging information is available in /etc/shadow, but
+unfortunately, it is not possible to specify an expiration time for
+passwords, only a maximum age for passwords.</p>
+
+<p>A freshly created account (using adduser test) will have these
+settings in /etc/shadow:</p>
+
+<blockquote><pre>
+root@tjener:~# chage -l test
+Last password change : May 02, 2010
+Password expires : never
+Password inactive : never
+Account expires : never
+Minimum number of days between password change : 0
+Maximum number of days between password change : 99999
+Number of days of warning before password expires : 7
+root@tjener:~#
+</pre></blockquote>
+
+<p>The only way I could come up with to create a user with an expired
+account, is to change the date of the last password change to the
+lowest value possible (January 1th 1970), and the maximum password age
+to the difference in days between that date and today. To make it
+simple, I went for 30 years (30 * 365 = 10950) and January 2th (to
+avoid testing if 0 is a valid value).</p>
+
+<p>After using these commands to set it up, it seem to work as
+intended:</p>
+
+<blockquote><pre>
+root@tjener:~# chage -d 1 test; chage -M 10950 test
+root@tjener:~# chage -l test
+Last password change : Jan 02, 1970
+Password expires : never
+Password inactive : never
+Account expires : never
+Minimum number of days between password change : 0
+Maximum number of days between password change : 10950
+Number of days of warning before password expires : 7
+root@tjener:~#
+</pre></blockquote>
+
+<p>So far I have tested this with ssh and console, and kdm (in
+Squeeze) login, and all ask for a new password before login in the
+user (with ssh, I was thrown out and had to log in again).</p>
+
+<p>Perhaps we should set up something similar for Debian Edu, to make
+sure only the user itself have the account password?</p>
+
+<p>If you want to comment on or help out with implementing this for
+Debian Edu, please contact us on debian-edu@lists.debian.org.</p>
+
+<p>Update 2010-05-02 17:20: Paul Tötterman tells me on IRC that the
+shadow(8) page in Debian/testing now state that setting the date of
+last password change to zero (0) will force the password to be changed
+on the first login. This was not mentioned in the manual in Lenny, so
+I did not notice this in my initial testing. I have tested it on
+Squeeze, and '<tt>chage -d 0 username</tt>' do work there. I have not
+tested it on Lenny yet.</p>
+
+<p>Update 2010-05-02-19:05: Jim Paris tells me via email that an
+equivalent command to expire a password is '<tt>passwd -e
+username</tt>', which insert zero into the date of the last password
+change.</p>
+
+ </div>
+ <div class="tags">
+
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
+
+ </div>
+</div>
+<div class="padding"></div>
+
+ <p style="text-align: right;"><a href="english.rss"><img src="http://people.skolelinux.org/pere/blog/xml.gif" alt="RSS Feed" width="36" height="14"></a></p>
<li>2010
<ul>
-<li><a href="../../archive/2010/01/">January (2)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/01/">January (2)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/02/">February (1)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/03/">March (3)</a></li>
-<li><a href="../../archive/2010/02/">February (1)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/04/">April (3)</a></li>
-<li><a href="../../archive/2010/03/">March (1)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/05/">May (1)</a></li>
</ul></li>
<li>2009
<ul>
-<li><a href="../../archive/2009/01/">January (8)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/01/">January (8)</a></li>
-<li><a href="../../archive/2009/02/">February (8)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/02/">February (8)</a></li>
-<li><a href="../../archive/2009/03/">March (12)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/03/">March (12)</a></li>
-<li><a href="../../archive/2009/04/">April (10)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/04/">April (10)</a></li>
-<li><a href="../../archive/2009/05/">May (9)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/05/">May (9)</a></li>
-<li><a href="../../archive/2009/06/">June (3)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/06/">June (3)</a></li>
-<li><a href="../../archive/2009/07/">July (4)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/07/">July (4)</a></li>
-<li><a href="../../archive/2009/08/">August (3)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/08/">August (3)</a></li>
-<li><a href="../../archive/2009/09/">September (1)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/09/">September (1)</a></li>
-<li><a href="../../archive/2009/10/">October (2)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/10/">October (2)</a></li>
-<li><a href="../../archive/2009/11/">November (3)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/11/">November (3)</a></li>
-<li><a href="../../archive/2009/12/">December (3)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/12/">December (3)</a></li>
</ul></li>
<li>2008
<ul>
-<li><a href="../../archive/2008/11/">November (5)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2008/11/">November (5)</a></li>
-<li><a href="../../archive/2008/12/">December (7)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2008/12/">December (7)</a></li>
</ul></li>
<h2>Tags</h2>
<ul>
- <li><a href="../../tags/3d-printer">3d-printer (11)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/3d-printer">3d-printer (11)</a></li>
- <li><a href="../../tags/amiga">amiga (1)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/amiga">amiga (1)</a></li>
- <li><a href="../../tags/aros">aros (1)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/aros">aros (1)</a></li>
- <li><a href="../../tags/debian">debian (14)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (14)</a></li>
- <li><a href="../../tags/debian edu">debian edu (11)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (15)</a></li>
- <li><a href="../../tags/english">english (19)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (24)</a></li>
- <li><a href="../../tags/fiksgatami">fiksgatami (1)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (1)</a></li>
- <li><a href="../../tags/fildeling">fildeling (5)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (6)</a></li>
- <li><a href="../../tags/kart">kart (2)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (2)</a></li>
- <li><a href="../../tags/lenker">lenker (1)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (1)</a></li>
- <li><a href="../../tags/ltsp">ltsp (1)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/ltsp">ltsp (1)</a></li>
- <li><a href="../../tags/multimedia">multimedia (5)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (5)</a></li>
- <li><a href="../../tags/norsk">norsk (63)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (64)</a></li>
- <li><a href="../../tags/nuug">nuug (66)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (71)</a></li>
- <li><a href="../../tags/opphavsrett">opphavsrett (11)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (12)</a></li>
- <li><a href="../../tags/personvern">personvern (10)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (11)</a></li>
- <li><a href="../../tags/reprap">reprap (10)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/reprap">reprap (10)</a></li>
- <li><a href="../../tags/rss">rss (1)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/rss">rss (1)</a></li>
- <li><a href="../../tags/sikkerhet">sikkerhet (5)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (7)</a></li>
- <li><a href="../../tags/standard">standard (11)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (11)</a></li>
- <li><a href="../../tags/stavekontroll">stavekontroll (1)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/stavekontroll">stavekontroll (1)</a></li>
- <li><a href="../../tags/video">video (10)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (10)</a></li>
- <li><a href="../../tags/vitenskap">vitenskap (1)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/vitenskap">vitenskap (1)</a></li>
- <li><a href="../../tags/web">web (5)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (6)</a></li>
</ul>
projects / homepage.git / blobdiff