"A few months ago we had a blog entry about shared and
personal laptops in schools. The goal of shared laptops is
basically that they should behave mostly like shared thin clients:
it should not matter which a computer any user chooses to work
with. He should simply be able to pick any machine, login and get
his own personal desktop environment, with his own documents and,
for example, web browser bookmarks.
"The problem of an accessible home directory could perhaps be
solved satisfactorily with network filesystems such as NFSv4 or
AFS, or alternatively with a synchronisation tool such as unison.
But even a more essential problem is user management. How is it
decided who may login into a laptop, and how is she authenticated
and her user information (such as her name, but possibly other
information) transmitted to the laptop?
"With centralized directory services containing user
information, such as NIS or LDAP, one way of solving the problem
could be to replicate all data to laptops. We could run an LDAP
slave server on every laptop, but that would not be very secure in
case we stored the (hashed) password data in LDAP, because all the
password hashes of all users would thus exists on every laptop. The
LDAP slave servers would also need a relatively unrestricted access
to the master LDAP server, to synchronise their contents. We have
not tried to do this with laptops in Opinsys, and probably never