Yesterdays -NUUG presentation about Kerberos was inspiring, and reminded me -about the need to start using Kerberos in Skolelinux. Setting up a -Kerberos server seem to be straight forward, and if we get this in -place a long time before the Squeeze version of Debian freezes, we -have a chance to migrate Skolelinux away from NFSv3 for the home -directories, and over to an architecture where the infrastructure do -not have to trust IP addresses and machines, and instead can trust -users and cryptographic keys instead.
- -A challenge will be integration and administration. Is there a -Kerberos implementation for Debian where one can control the -administration access in Kerberos using LDAP groups? With it, the -school administration will have to maintain access control using flat -files on the main server, which give a huge potential for errors.
- -A related question I would like to know is how well Kerberos and -pam-ccreds (offline password check) work together. Anyone know?
- -Next step will be to use Kerberos for access control in Lwat and -Nagios. I have no idea how much work that will be to implement. We -would also need to document how to integrate with Windows AD, as such -shared network will require two Kerberos realms that need to cooperate -to work properly.
- -I believe a good start would be to start using Kerberos on the -skolelinux.no machines, and this way get ourselves experience with -configuration and integration. A natural starting point would be -setting up ldap.skolelinux.no as the Kerberos server, and migrate the -rest of the machines from PAM via LDAP to PAM via Kerberos one at the -time.
- -If you would like to contribute to get this working in Skolelinux, -I recommend you to see the video recording from yesterdays NUUG -presentation, and start using Kerberos at home. The video show show -up in a few days.
- -The last few weeks i have had the pleasure of reading a -thought-provoking collection of essays by Cory Doctorow, on topics -touching copyright, virtual worlds, the future of man when the -conscience mind can be duplicated into a computer and many more. The -book titled "Content: Selected Essays on Technology, Creativity, -Copyright, and the Future of the Future" is available with few -restrictions on the web, for example from -his own site. I read the -epub-version from -feedbooks using -fbreader and my N810. I -strongly recommend this book.
-For some years now, I have wondered how we should handle laptops in +
Entries from April 2010.
+ +For some years now, I have wondered how we should handle laptops in Debian Edu. The Debian Edu infrastructure is mostly designed to handle stationary computers, and less suited for computers that come and go.
@@ -188,26 +95,180 @@ to make sure we avoid long timeouts there too.If you want to help out with implementing this for Debian Edu, please contact us on debian-edu@lists.debian.org.
-The last few weeks i have had the pleasure of reading a +thought-provoking collection of essays by Cory Doctorow, on topics +touching copyright, virtual worlds, the future of man when the +conscience mind can be duplicated into a computer and many more. The +book titled "Content: Selected Essays on Technology, Creativity, +Copyright, and the Future of the Future" is available with few +restrictions on the web, for example from +his own site. I read the +epub-version from +feedbooks using +fbreader and my N810. I +strongly recommend this book.
- - Tags: debian edu, english, nuug. - -Yesterdays +NUUG presentation about Kerberos was inspiring, and reminded me +about the need to start using Kerberos in Skolelinux. Setting up a +Kerberos server seem to be straight forward, and if we get this in +place a long time before the Squeeze version of Debian freezes, we +have a chance to migrate Skolelinux away from NFSv3 for the home +directories, and over to an architecture where the infrastructure do +not have to trust IP addresses and machines, and instead can trust +users and cryptographic keys instead.
-
A challenge will be integration and administration. Is there a +Kerberos implementation for Debian where one can control the +administration access in Kerberos using LDAP groups? With it, the +school administration will have to maintain access control using flat +files on the main server, which give a huge potential for errors.
+A related question I would like to know is how well Kerberos and +pam-ccreds (offline password check) work together. Anyone know?
+ +Next step will be to use Kerberos for access control in Lwat and +Nagios. I have no idea how much work that will be to implement. We +would also need to document how to integrate with Windows AD, as such +shared network will require two Kerberos realms that need to cooperate +to work properly.
+ +I believe a good start would be to start using Kerberos on the +skolelinux.no machines, and this way get ourselves experience with +configuration and integration. A natural starting point would be +setting up ldap.skolelinux.no as the Kerberos server, and migrate the +rest of the machines from PAM via LDAP to PAM via Kerberos one at the +time.
+If you would like to contribute to get this working in Skolelinux, +I recommend you to see the video recording from yesterdays NUUG +presentation, and start using Kerberos at home. The video show show +up in a few days.
+ +
+ Created by Chronicle v4.6 +
+ +